← Back to the AI Dependency AtlasExact repository supply-chain dossier

Workshop Green LLM Usage

uba-ki-lab/workshop-green-llm-usage
pypi

This dossier retains 78 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:7788d72ec94b5872project ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
78exact component occurrences
78package identities
1evidence file
42OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathuv.locksha256:61957e618f66a37d9e215e1c3f28156669993991782385cff9bcc34a70d841ce
Format
uv-lock
Parser state
parsed
Resolved components
78
Open exact source ↗
Observed relations

Package identities at this commit

pypiOpenAI SDKpypi:openai
1 Occurrence2.7.1
Apache-2.0
pypiCodeCarbonpypi:codecarbon
1 Occurrence3.0.8
MIT
pypitornadopypi:tornado
1 Occurrence6.5.2
Apache-2.010 OSV records returned
pypistarlettepypi:starlette
1 Occurrence0.49.3
BSD-3-Clause8 OSV records returned
pypiurllib3pypi:urllib3
1 Occurrence2.5.0
MIT7 OSV records returned
pypicryptographypypi:cryptography
1 Occurrence46.0.3
Apache-2.0 OR BSD-3-Clause6 OSV records returned
pypirequestspypi:requests
1 Occurrence2.32.5
Apache-2.03 OSV records returned
pypicertifipypi:certifi
1 Occurrence2025.10.5
MPL-2.01 OSV record returned
pypiclickpypi:click
1 Occurrence8.3.0
BSD-3-Clause · non-standard1 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypiidnapypi:idna
1 Occurrence3.11
BSD-3-Clause · non-standard1 OSV record returned
pypijupyter-corepypi:jupyter-core
1 Occurrence5.9.1
BSD-3-Clause · non-standard1 OSV record returned
pypijwcryptopypi:jwcrypto
1 Occurrence1.5.6
non-standard1 OSV record returned
pypipygmentspypi:pygments
1 Occurrence2.19.2
BSD-2-Clause1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.1
MIT AND MPL-2.01 OSV record returned
pypiannotated-docpypi:annotated-doc
1 Occurrence0.0.3
MIT
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypianyiopypi:anyio
1 Occurrence4.11.0
MIT
pypiappnopepypi:appnope
1 Occurrence0.1.4
non-standard
pypiarrowpypi:arrow
1 Occurrence1.4.0
non-standard
pypiasttokenspypi:asttokens
1 Occurrence3.0.0
Apache-2.0
pypicffipypi:cffi
1 Occurrence2.0.0
MIT
pypicharset-normalizerpypi:charset-normalizer
1 Occurrence3.4.4
MIT
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypicommpypi:comm
1 Occurrence0.2.3
non-standard
pypidebugpypypi:debugpy
1 Occurrence1.8.17
MIT
pypidecoratorpypi:decorator
1 Occurrence5.2.1
BSD-2-Clause · non-standard
pypidistropypi:distro
1 Occurrence1.9.0
Apache-2.0
pypiexecutingpypi:executing
1 Occurrence2.2.1
MIT
pypifastapipypi:fastapi
1 Occurrence0.121.1
MIT
pypifief-clientpypi:fief-client
1 Occurrence0.20.0
MIT
pypihttpcorepypi:httpcore
1 Occurrence1.0.9
BSD-3-Clause
pypihttpxpypi:httpx
1 Occurrence0.27.2
BSD-3-Clause
pypiipykernelpypi:ipykernel
1 Occurrence7.1.0
BSD-3-Clause · non-standard
pypiipythonpypi:ipython
1 Occurrence9.7.0
BSD-3-Clause
pypiipython-pygments-lexerspypi:ipython-pygments-lexers
1 Occurrence1.1.1
non-standard
pypijedipypi:jedi
1 Occurrence0.19.2
MIT
pypijiterpypi:jiter
1 Occurrence0.12.0
MIT
pypijupyter-clientpypi:jupyter-client
1 Occurrence8.6.3
non-standard
pypimarkdown-it-pypypi:markdown-it-py
1 Occurrence4.0.0
MIT
pypimatplotlib-inlinepypi:matplotlib-inline
1 Occurrence0.2.1
non-standard
pypimdurlpypi:mdurl
1 Occurrence0.1.2
MIT
pypinest-asynciopypi:nest-asyncio
1 Occurrence1.6.0
non-standard
pypinumpypypi:numpy
1 Occurrence2.3.4
0BSD AND BSD-3-Clause AND CC0-1.0 AND MIT AND Zlib · non-standard
pypinvidia-ml-pypypi:nvidia-ml-py
1 Occurrence13.580.82
non-standard
pypipackagingpypi:packaging
1 Occurrence25.0
Apache-2.0 OR BSD-2-Clause · non-standard
pypipandaspypi:pandas
1 Occurrence2.3.3
non-standard
pypiparsopypi:parso
1 Occurrence0.8.5
MIT
pypipexpectpypi:pexpect
1 Occurrence4.9.0
non-standard
pypiplatformdirspypi:platformdirs
1 Occurrence4.5.0
MIT
pypiprometheus-clientpypi:prometheus-client
1 Occurrence0.23.1
Apache-2.0 · Apache-2.0 AND BSD-2-Clause
pypiprompt-toolkitpypi:prompt-toolkit
1 Occurrence3.0.52
BSD-3-Clause · non-standard
pypipsutilpypi:psutil
1 Occurrence7.1.3
BSD-3-Clause
pypiptyprocesspypi:ptyprocess
1 Occurrence0.7.0
ISC
pypipure-evalpypi:pure-eval
1 Occurrence0.2.3
MIT
pypipy-cpuinfopypi:py-cpuinfo
1 Occurrence9.0.0
MIT
pypipycparserpypi:pycparser
1 Occurrence2.23
BSD-3-Clause
pypipydanticpypi:pydantic
1 Occurrence2.12.4
MIT
pypipydantic-corepypi:pydantic-core
1 Occurrence2.41.5
MIT
pypipython-dateutilpypi:python-dateutil
1 Occurrence2.9.0.post0
non-standard
pypipytzpypi:pytz
1 Occurrence2025.2
MIT
pypipyzmqpypi:pyzmq
1 Occurrence27.1.0
non-standard
pypiquestionarypypi:questionary
1 Occurrence2.1.1
MIT
pypirapidfuzzpypi:rapidfuzz
1 Occurrence3.14.3
MIT
pypirichpypi:rich
1 Occurrence14.2.0
MIT
pypishellinghampypi:shellingham
1 Occurrence1.5.4
non-standard
pypisixpypi:six
1 Occurrence1.17.0
MIT
pypisniffiopypi:sniffio
1 Occurrence1.3.1
Apache-2.0 OR MIT
pypistack-datapypi:stack-data
1 Occurrence0.6.3
MIT
pypitermcolorpypi:termcolor
1 Occurrence3.2.0
MIT
pypitraitletspypi:traitlets
1 Occurrence5.14.3
non-standard
pypityperpypi:typer
1 Occurrence0.20.0
MIT
pypityping-extensionspypi:typing-extensions
1 Occurrence4.15.0
PSF-2.0 · non-standard
pypityping-inspectionpypi:typing-inspection
1 Occurrence0.4.2
MIT
pypitzdatapypi:tzdata
1 Occurrence2025.2
Apache-2.0
pypiuvicornpypi:uvicorn
1 Occurrence0.38.0
BSD-3-Clause
pypiwcwidthpypi:wcwidth
1 Occurrence0.2.14
MIT
pypiyaspinpypi:yaspin
1 Occurrence3.3.0
MIT
OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-2c2j-9gv5-cj73

Starlette has possible denial-of-service vector when parsing large files in multipart forms

4 repositories07 Jul 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-33p9-3p43-82vq

Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

2 repositories07 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-3x9g-8vmp-wqvf

Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

6 repositories13 Jul 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-537c-gmf6-5ccf

Vulnerable OpenSSL included in cryptography wheels

7 repositories16 Jun 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-78cv-mqj4-43f7

Tornado has incomplete validation of cookie attributes

6 repositories13 Jul 2026
GHSA-79v4-65xg-pq4g

Vulnerable OpenSSL included in cryptography wheels

3 repositories07 Jul 2026
GHSA-7cx3-6m66-7c5m

Tornado vulnerable to excessive logging caused by malformed multipart form data

2 repositories07 Jul 2026
GHSA-7f5h-v6xp-fcq8

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

5 repositories07 Jul 2026
GHSA-82w8-qh3p-5jfq

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

8 repositories27 Jun 2026
GHSA-86qp-5c8j-p5mr

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

8 repositories10 Jul 2026
GHSA-9hjg-9r4m-mvj7

Requests vulnerable to .netrc credentials leak via malicious URLs

7 repositories07 Jul 2026
GHSA-9wx4-h78v-vm56

Requests `Session` object does not verify requests after making first request with verify=False

1 repository07 Jul 2026
GHSA-cx3h-4qpv-8hc9

Tornado has out-of-bounds memory access via C extension

6 repositories13 Jul 2026
GHSA-f96h-pmfr-66vw

Starlette Denial of service (DoS) via multipart/form-data

1 repository07 Jul 2026
GHSA-fjrm-76x2-c4q4

JWCrypto: JWE ZIP decompression bomb

3 repositories06 Jun 2026
GHSA-g7vv-2v7x-gj9p

tqdm CLI arguments injection attack

1 repository07 Jul 2026
GHSA-gc5v-m9x4-r6x2

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

15 repositories13 Jul 2026
GHSA-gm62-xv2j-4w53

urllib3 allows an unbounded number of links in the decompression chain

13 repositories07 Jul 2026
GHSA-h4gh-qq45-vh27

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

1 repository04 Feb 2026
GHSA-jp82-jpqv-5vv3

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

8 repositories16 Jul 2026
GHSA-m959-cc7f-wv43

cryptography has incomplete DNS name constraint enforcement on peer names

7 repositories05 Jun 2026
GHSA-mf9v-mfxr-j63j

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

3 repositories08 Jun 2026
GHSA-mgf9-4vpg-hj56

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

6 repositories13 Jul 2026
GHSA-p423-j2cm-9vmq

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

3 repositories05 Jun 2026
GHSA-pq67-6m6q-mj2v

urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

7 repositories07 Jul 2026
GHSA-pw6j-qg29-8w7f

Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

6 repositories17 Jun 2026
GHSA-qccp-gfcp-xxvc

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

15 repositories20 May 2026
GHSA-qjxf-f2mg-c6mc

Tornado is vulnerable to DoS due to too many multipart parts

6 repositories08 Jun 2026
GHSA-r6ph-v2qm-q3c2

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

7 repositories13 Jul 2026
GHSA-vqfr-h8mv-ghfj

h11 accepts some malformed Chunked-Encoding bodies

3 repositories01 Jul 2026
GHSA-wqp7-x3pw-xc5r

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

8 repositories13 Jul 2026
GHSA-x746-7m8f-x49c

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

8 repositories13 Jul 2026
PYSEC-2025-265

Not reported

5 repositories13 Jul 2026
PYSEC-2025-266

Not reported

5 repositories13 Jul 2026
PYSEC-2025-267

Not reported

5 repositories13 Jul 2026
PYSEC-2026-2132

Not reported

14 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): Workshop Green LLM Usage — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-7788/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools