Software Bill of Materials (SBOM)¶
Work in progress
This section is a work in progress. Please help us by contributing to the documentation.
This page provides a comprehensive list of all dependencies used in Tux, including their licenses and versions. This information is essential for software supply chain security and legal compliance.
Dependencies¶
Main Dependencies¶
| Package | Licenses | Version | Author |
|---|---|---|---|
| aiocache | License Unknown | 0.12.3 | Manuel Miranda |
| aiofiles | APACHE SOFTWARE LICENSE | 25.1.0 | — |
| aiosqlite | MIT LICENSE | 0.21.0 | — |
| alembic | MIT | 1.17.2 | — |
| alembic-postgresql-enum | MIT LICENSE | 1.8.0 | RustyGuard |
| alembic-utils | MIT LICENSE | 0.8.8 | Oliver Rice |
| arrow | APACHE SOFTWARE LICENSE | 1.4.0 | — |
| asyncpg | APACHE SOFTWARE LICENSE | 0.30.0 | — |
| audioop-lts | PSF-2.0 | 0.2.2 | — |
| cairosvg | LGPL-3.0-OR-LATER | 2.8.2 | Guillaume Ayoub |
| dateparser | BSD LICENSE | 1.2.2 | Scrapinghub |
| discord-py | MIT LICENSE | 2.6.4 | Rapptz |
| docker | APACHE SOFTWARE LICENSE | 7.1.0 | — |
| emojis | MIT LICENSE | 0.7.0 | Alexandre Vicenzi |
| githubkit | MIT | 0.13.6 | yanyongyu |
| h2 | MIT LICENSE | 4.3.0 | — |
| httpx | BSD LICENSE | 0.28.1 | — |
| influxdb-client | MIT LICENSE | 1.49.0 | — |
| jinja2 | BSD LICENSE | 3.1.6 | — |
| jishaku | MIT LICENSE | 2.6.3 | Devon (scarletcafe) R |
| levenshtein | GPL-2.0-OR-LATER | 0.27.3 | David Necas, Mikko Ohtamaa, Antti Haapala |
| loguru | MIT LICENSE | 0.7.3 | — |
| pillow | MIT-CMU | 11.3.0 | — |
| psutil | BSD-3-CLAUSE | 7.1.3 | Giampaolo Rodola |
| psycopg | License Unknown | 3.2.12 | Daniele Varrazzo |
| pydantic | MIT | 2.12.4 | — |
| pydantic-settings | MIT LICENSE | 2.12.0 | — |
| pynacl | APACHE SOFTWARE LICENSE | 1.6.1 | — |
| python-dotenv | BSD-3-CLAUSE | 1.2.1 | — |
| pytz | MIT LICENSE | 2025.2 | Stuart Bishop |
| pyyaml | MIT LICENSE | 6.0.3 | Kirill Simonov |
| reactionmenu | MIT | 3.1.7 | Defxult |
| redis | MIT LICENSE | 7.1.0 | — |
| rich | MIT LICENSE | 14.2.0 | Will McGugan |
| rsa | APACHE SOFTWARE LICENSE | 4.9.1 | Sybren A. Stüvel |
| semver | BSD LICENSE | 3.0.4 | — |
| sentry-sdk | BSD LICENSE | 2.45.0 | Sentry Team and Contributors |
| sqlalchemy | MIT | 2.0.44 | Mike Bayer |
| sqlmodel | MIT LICENSE | 0.0.27 | — |
| tomli-w | MIT LICENSE | 1.2.0 | — |
| typer | MIT LICENSE | 0.20.0 | — |
| watchdog | APACHE SOFTWARE LICENSE | 6.0.0 | Mickaël Schoentgen |
Dev Dependencies¶
| Package | Licenses | Version | Author |
|---|---|---|---|
| basedpyright | MIT LICENSE | 1.29.5 | — |
| docstr-coverage | MIT LICENSE | 2.3.2 | Hunter McGushion |
| pre-commit | MIT | 4.4.0 | Anthony Sottile |
| pydantic-settings-export | MIT LICENSE | 1.0.3 | — |
| pydoclint | MIT LICENSE | 0.8.1 | jsh9 |
| ruff | MIT LICENSE | 0.14.5 | — |
| yamlfix | GNU GENERAL PUBLIC LICENSE V3 _GPLV3_ | 1.19.0 | — |
| yamllint | GNU GENERAL PUBLIC LICENSE V3 _GPLV3_ | 1.37.1 | Adrien Vergé |
Test Dependencies¶
| Package | Licenses | Version | Author |
|---|---|---|---|
| py-pglite | APACHE SOFTWARE LICENSE | 0.5.3 | Wey Gu |
| pytest | MIT LICENSE | 8.4.2 | Holger Krekel, Bruno Oliveira, Ronny Pfannschmidt, Floris Bruynooghe, Brianna Laugher, Florian Bruhin, Others (See AUTHORS) |
| pytest-alembic | MIT LICENSE | 0.12.1 | Dan Cardin |
| pytest-asyncio | APACHE-2.0 | 1.3.0 | — |
| pytest-benchmark | BSD-2-CLAUSE | 5.2.3 | — |
| pytest-cov | MIT LICENSE | 7.0.0 | — |
| pytest-html | MIT LICENSE | 4.1.1 | — |
| pytest-httpx | MIT LICENSE | 0.35.0 | — |
| pytest-loguru | MIT LICENSE | 0.4.0 | Michael Rans |
| pytest-mock | MIT LICENSE | 3.15.1 | — |
| pytest-parallel | MIT LICENSE | 0.1.1 | Browsertron |
| pytest-randomly | MIT | 4.0.1 | — |
| pytest-sugar | BSD LICENSE | 1.1.1 | Teemu, Janne Vanhala and others |
| pytest-timeout | DFSG APPROVED, MIT LICENSE | 2.4.0 | Floris Bruynooghe |
Docs Dependencies¶
| Package | Licenses | Version | Author |
|---|---|---|---|
| griffe | ISC | 1.15.0 | — |
| griffe-generics | MIT LICENSE | 1.0.13 | Jonghwan Hyeon |
| griffe-inherited-docstrings | ISC | 1.1.2 | — |
| griffe-inherited-method-crossrefs | APACHE LICENSE | 0.0.1.4 | — |
| griffe-modernized-annotations | MIT LICENSE | 1.0.8 | Jonghwan Hyeon |
| griffe-pydantic | ISC | 1.1.8 | — |
| griffe-typingdoc | ISC | 0.3.0 | — |
| griffe-warnings-deprecated | ISC | 1.1.0 | — |
| licensecheck | MIT | 2025.1.0 | FredHappyface |
| mkdocs | BSD LICENSE | 1.6.1 | — |
| mkdocs-api-autonav | BSD LICENSE | 0.4.0 | — |
| mkdocs-backlinks | MIT LICENSE | 0.9.1 | Danilo Guimarães |
| mkdocs-breadcrumbs-plugin | MIT LICENSE | 0.1.14 | Mihai Galos |
| mkdocs-coverage | ISC | 2.0.0 | — |
| mkdocs-extract-listings-plugin | MIT LICENSE | 0.2.1 | six-two |
| mkdocs-ezlinks-plugin | MIT | 0.1.14 | Mick Orbik |
| mkdocs-git-committers-plugin-2 | MIT LICENSE | 2.5.0 | Byrne Reese, Olivier Jacques |
| mkdocs-git-revision-date-localized-plugin | MIT LICENSE | 1.5.0 | — |
| mkdocs-glightbox | MIT LICENSE | 0.5.2 | — |
| mkdocs-literate-nav | MIT LICENSE | 0.6.2 | — |
| mkdocs-material | MIT LICENSE | 9.7.0 | — |
| mkdocs-mermaid2-plugin | MIT LICENSE | 1.2.3 | Laurent Franceschetti |
| mkdocs-minify-plugin | MIT LICENSE | 0.8.0 | Byrne Reese, Lars Wilhelmer |
| mkdocs-pagetree-plugin | MIT LICENSE | 0.0.17 | — |
| mkdocs-redirects | MIT LICENSE | 1.2.2 | — |
| mkdocs-section-index | MIT LICENSE | 0.3.10 | — |
| mkdocs-spellcheck | ISC | 1.1.2 | — |
| mkdocs-typer | APACHE | 0.0.3 | Bruce Szalwinski |
| mkdocs-unused-files | MIT LICENSE | 0.2.0 | Lars Wilhelmer |
| mkdocstrings | ISC | 0.30.1 | — |
| mkdocstrings-python | ISC | 1.19.0 | — |
| pymdown-extensions | MIT LICENSE | 10.17.1 | — |
Types Dependencies¶
| Package | Licenses | Version | Author |
|---|---|---|---|
| annotated-types | MIT LICENSE | 0.7.0 | — |
| asyncpg-stubs | BSD LICENSE | 0.30.2 | Bryan Forbes |
| types-aiofiles | APACHE-2.0 | 25.1.0.20251011 | — |
| types-click | APACHE SOFTWARE LICENSE | 7.1.8 | — |
| types-dateparser | APACHE-2.0 | 1.2.2.20250809 | — |
| types-influxdb-client | APACHE SOFTWARE LICENSE | 1.45.0.20241221 | — |
| types-jinja2 | APACHE SOFTWARE LICENSE | 2.11.9 | — |
| types-mock | APACHE-2.0 | 5.2.0.20250924 | — |
| types-pillow | APACHE SOFTWARE LICENSE | 10.2.0.20240822 | — |
| types-psutil | APACHE-2.0 | 7.0.0.20251116 | — |
| types-pytz | APACHE-2.0 | 2025.2.0.20251108 | — |
| types-pyyaml | APACHE-2.0 | 6.0.12.20250915 | — |
| ## License Information |
The license information above is automatically generated from the project's dependencies defined in pyproject.toml. Each package entry includes:
- Package Name - The name of the dependency
- License - The license(s) under which the package is distributed
- Version - The version checked during documentation build
- Author - The package author/maintainer
License Compliance¶
Tux is licensed under the GPL-3.0-or-later license. All dependencies listed above are compatible with this license. If you notice any license compatibility issues, please report them.
Security¶
For security concerns related to dependencies:
- Review GitHub Security Advisories
- Report security issues via GitHub Security
Updating Dependencies¶
Dependencies are managed using uv and locked in uv.lock. To update dependencies:
Text Only
```bash
# Update all dependencies
uv sync --upgrade
# Update a specific dependency
uv sync --upgrade-package <package-name>
```
Automated Updates: Tux uses Renovate to automatically create pull requests for dependency updates. This helps keep dependencies up-to-date and secure with minimal manual intervention.
Related Documentation¶
- Renovate - Automated dependency updates and Renovate configuration
- Configuration Reference - Configuration options
- CLI Reference - Command-line tools