diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 891b03a..3673485 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -61,21 +61,21 @@ jobs:
- os: ubuntu-latest
TARGET: ubuntu
CMD_BUILD: >
- pyinstaller --onefile cli.py -n cli --additional-hooks-dir=hooks --hidden-import=pkg_resources.extern --add-binary "LICENSE:LICENSES" --add-binary "LICENSES/LicenseRef-3rd_party_licenses.txt:LICENSES" &&
+ pyinstaller cli.spec && \
mv dist/cli fosslight_bin_ubuntu
OUT_FILE_NAME: fosslight_bin_ubuntu
ASSET_MIME: application/octet-stream
- os: macos-latest
TARGET: macos
CMD_BUILD: >
- pyinstaller --onefile cli.py -n cli --additional-hooks-dir=hooks --hidden-import=pkg_resources.extern --add-binary "LICENSE:LICENSES" --add-binary "LICENSES/LicenseRef-3rd_party_licenses.txt:LICENSES" &&
+ pyinstaller cli.spec && \
mv dist/cli fosslight_bin_macos
OUT_FILE_NAME: fosslight_bin_macos
ASSET_MIME: aapplication/x-mach-binary
- os: windows-latest
TARGET: windows
CMD_BUILD: >
- pyinstaller --onefile cli.py -n cli --additional-hooks-dir=hooks --hidden-import=pkg_resources.extern --add-binary "LICENSE;LICENSES" --add-binary "LICENSES\LicenseRef-3rd_party_licenses.txt;LICENSES" &&
+ pyinstaller cli.spec && \
move dist/cli.exe fosslight_bin_windows.exe
OUT_FILE_NAME: fosslight_bin_windows.exe
ASSET_MIME: application/vnd.microsoft.portable-executable
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index c3365d6..b569b28 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -49,7 +49,7 @@ jobs:
python -m pip install --upgrade pip
pip install .
pip install pyinstaller
- pyinstaller --onefile cli.py -n cli --additional-hooks-dir=hooks --hidden-import=pkg_resources.extern &&
+ pyinstaller cli.spec
move dist\cli.exe tests\fosslight_bin_windows.exe
.\tests\fosslight_bin_windows.exe
diff --git a/.reuse/dep5 b/.reuse/dep5
index 2bae414..9872490 100644
--- a/.reuse/dep5
+++ b/.reuse/dep5
@@ -57,3 +57,11 @@ License: Apache-2.0
Files: .bumpversion.cfg
Copyright: 2021 LG Electronics
License: Apache-2.0
+
+Files: third_party/*
+Copyright: 2013 Jeremy Long
+License: Apache-2.0
+
+Files: cli.spec
+Copyright: 2025 LG Electronics
+License: Apache-2.0
diff --git a/MANIFEST.in b/MANIFEST.in
index 7b74127..365333b 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,3 +1,4 @@
include LICENSE
include README.md
include requirements.txt
+recursive-include third_party/dependency-check *
diff --git a/cli.spec b/cli.spec
new file mode 100644
index 0000000..f1bdf83
--- /dev/null
+++ b/cli.spec
@@ -0,0 +1,51 @@
+# -*- mode: python ; coding: utf-8 -*-
+
+
+a = Analysis(
+ ['cli.py'],
+ pathex=['src'], # source package path for fosslight_binary
+ binaries=[],
+ datas=[
+ # Use original repository location (no pre-install): third_party/dependency-check
+ ('third_party/dependency-check/bin', 'third_party/dependency-check/bin'),
+ ('third_party/dependency-check/lib', 'third_party/dependency-check/lib'),
+ ('third_party/dependency-check/licenses', 'third_party/dependency-check/licenses'),
+ ('third_party/dependency-check', 'third_party/dependency-check'), # txt/md root files
+ ('LICENSES', 'LICENSES'),
+ ('LICENSE', 'LICENSES'),
+ ],
+ hiddenimports=[
+ 'pkg_resources.extern',
+ 'fosslight_binary.cli',
+ 'fosslight_binary._jar_analysis',
+ 'fosslight_binary._binary',
+ ],
+ hookspath=['hooks'],
+ hooksconfig={},
+ runtime_hooks=[],
+ excludes=[],
+ noarchive=False,
+ optimize=0,
+)
+pyz = PYZ(a.pure)
+
+exe = EXE(
+ pyz,
+ a.scripts,
+ a.binaries,
+ a.datas,
+ [],
+ name='cli',
+ debug=False,
+ bootloader_ignore_signals=False,
+ strip=False,
+ upx=True,
+ upx_exclude=[],
+ runtime_tmpdir=None,
+ console=True,
+ disable_windowed_traceback=False,
+ argv_emulation=False,
+ target_arch=None,
+ codesign_identity=None,
+ entitlements_file=None,
+)
diff --git a/setup.py b/setup.py
index a75870a..8215376 100644
--- a/setup.py
+++ b/setup.py
@@ -14,11 +14,27 @@
install_requires = f.read().splitlines()
_PACKAEG_NAME = 'fosslight_binary'
+_TEMP_DC_DIR = os.path.join('src', _PACKAEG_NAME, 'third_party', 'dependency-check')
_LICENSE_FILE = 'LICENSE'
_LICENSE_DIR = 'LICENSES'
if __name__ == "__main__":
dest_path = os.path.join('src', _PACKAEG_NAME, _LICENSE_DIR)
+ # Temporarily copy dependency-check bundle inside package for wheel build
+ try:
+ if os.path.isdir('third_party/dependency-check'):
+ if os.path.exists(_TEMP_DC_DIR):
+ shutil.rmtree(_TEMP_DC_DIR)
+ os.makedirs(_TEMP_DC_DIR, exist_ok=True)
+ # Copy tree (shallow manual to preserve permissions)
+ for root, dirs, files in os.walk('third_party/dependency-check'):
+ rel_root = os.path.relpath(root, 'third_party/dependency-check')
+ target_root = os.path.join(_TEMP_DC_DIR, rel_root) if rel_root != '.' else _TEMP_DC_DIR
+ os.makedirs(target_root, exist_ok=True)
+ for f in files:
+ shutil.copy2(os.path.join(root, f), os.path.join(target_root, f))
+ except Exception as e:
+ print(f'Warning: Fail to stage dependency-check bundle: {e}')
try:
if not os.path.exists(dest_path):
os.mkdir(dest_path)
@@ -61,7 +77,16 @@
'python-magic'
],
},
- package_data={_PACKAEG_NAME: [os.path.join(_LICENSE_DIR, '*')]},
+ package_data={
+ _PACKAEG_NAME: [
+ os.path.join(_LICENSE_DIR, '*'),
+ 'third_party/dependency-check/bin/*',
+ 'third_party/dependency-check/lib/*',
+ 'third_party/dependency-check/licenses/*',
+ 'third_party/dependency-check/*.txt',
+ 'third_party/dependency-check/*.md',
+ ]
+ },
include_package_data=True,
entry_points={
"console_scripts": [
@@ -72,3 +97,4 @@
}
)
shutil.rmtree(dest_path, ignore_errors=True)
+ shutil.rmtree(_TEMP_DC_DIR, ignore_errors=True)
diff --git a/src/fosslight_binary/__init__.py b/src/fosslight_binary/__init__.py
index 8da15a8..d3a1f81 100644
--- a/src/fosslight_binary/__init__.py
+++ b/src/fosslight_binary/__init__.py
@@ -4,146 +4,76 @@
# SPDX-License-Identifier: Apache-2.0
import logging
import os
-import stat
import subprocess
-import tempfile
-import urllib.request
-import zipfile
import sys
logger = logging.getLogger(__name__)
-DEPENDENCY_CHECK_VERSION = "12.1.7"
-
-def _install_dependency_check():
- """Install OWASP dependency-check"""
- try:
- # Skip if explicitly disabled
- if os.environ.get('FOSSLIGHT_SKIP_AUTO_INSTALL', '').lower() in ('1', 'true', 'yes'):
- logger.info("Auto-install disabled by environment variable")
- return
-
- env_home = os.environ.get('DEPENDENCY_CHECK_HOME', '').strip()
- install_dir = None
- forced_env = False
- if env_home:
- # Normalize
- env_home_abs = os.path.abspath(env_home)
- # Detect if env_home already the actual extracted root (ends with dependency-check)
- candidate_bin_win = os.path.join(env_home_abs, 'bin', 'dependency-check.bat')
- candidate_bin_nix = os.path.join(env_home_abs, 'bin', 'dependency-check.sh')
- if os.path.exists(candidate_bin_win) or os.path.exists(candidate_bin_nix):
- # env points directly to dependency-check root; install_dir is its parent
- install_dir = os.path.dirname(env_home_abs)
- forced_env = True
- else:
- # Assume env_home is the base directory where we should extract dependency-check/
- install_dir = env_home_abs
-
- if not install_dir:
- # Fallback hierarchy: executable dir (if frozen) -> CWD
- candidate_base = None
- if getattr(sys, 'frozen', False):
- exe_dir = os.path.dirname(os.path.abspath(sys.executable))
- candidate_base = os.path.join(exe_dir, 'fosslight_dc_bin')
-
- if not os.access(exe_dir, os.W_OK):
- candidate_base = None
- else:
- logger.debug(f"Using executable directory base: {candidate_base}")
- if not candidate_base:
- candidate_base = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin'))
- install_dir = candidate_base
- else:
- logger.debug(f"Resolved install_dir: {install_dir}")
- bin_dir = os.path.join(install_dir, 'dependency-check', 'bin')
- if sys.platform.startswith('win'):
- dc_path = os.path.join(bin_dir, 'dependency-check.bat')
- else:
- dc_path = os.path.join(bin_dir, 'dependency-check.sh')
-
- # Check if dependency-check already exists
- if os.path.exists(dc_path):
- try:
- result = subprocess.run([dc_path, '--version'], capture_output=True, text=True, timeout=10)
- if result.returncode == 0:
- logger.debug("dependency-check already installed and working")
- # If we detected an existing root via env, retain it, else set home now.
- if forced_env:
- os.environ['DEPENDENCY_CHECK_HOME'] = env_home_abs
- else:
- os.environ['DEPENDENCY_CHECK_HOME'] = os.path.join(install_dir, 'dependency-check')
- os.environ['DEPENDENCY_CHECK_VERSION'] = DEPENDENCY_CHECK_VERSION
- return
- except (subprocess.TimeoutExpired, FileNotFoundError) as ex:
- logger.debug(f"Exception in dependency-check --version: {ex}")
- pass
-
- # Download URL
- download_url = (f"https://github.com/dependency-check/DependencyCheck/releases/"
- f"download/v{DEPENDENCY_CHECK_VERSION}/"
- f"dependency-check-{DEPENDENCY_CHECK_VERSION}-release.zip")
-
- os.makedirs(install_dir, exist_ok=True)
- logger.info(f"Downloading dependency-check {DEPENDENCY_CHECK_VERSION} from {download_url} ...")
-
- # Download and extract
- with urllib.request.urlopen(download_url) as response:
- content = response.read()
-
- with tempfile.NamedTemporaryFile(suffix='.zip', delete=False) as tmp_file:
- tmp_file.write(content)
- tmp_zip_path = tmp_file.name
-
- with zipfile.ZipFile(tmp_zip_path, 'r') as zip_ref:
- zip_ref.extractall(install_dir)
- os.unlink(tmp_file.name)
-
- # Make shell scripts executable
- if os.path.exists(bin_dir):
- if sys.platform.startswith('win'):
- # Windows: .bat files only
- scripts = ["dependency-check.bat"]
- else:
- # Linux/macOS: .sh files only
- scripts = ["dependency-check.sh", "completion-for-dependency-check.sh"]
-
- for script in scripts:
- script_path = os.path.join(bin_dir, script)
- if os.path.exists(script_path):
- st = os.stat(script_path)
- os.chmod(script_path, st.st_mode | stat.S_IEXEC)
-
- logger.info("✅ OWASP dependency-check installed successfully!")
- logger.info(f"Installed to: {os.path.join(install_dir, 'dependency-check')}")
-
- # Set environment variables after successful installation
- os.environ['DEPENDENCY_CHECK_VERSION'] = DEPENDENCY_CHECK_VERSION
- os.environ['DEPENDENCY_CHECK_HOME'] = os.path.join(install_dir, 'dependency-check')
-
- return True
-
- except Exception as e:
- logger.error(f"Failed to install dependency-check: {e}")
- logger.info("dependency-check can be installed manually from: https://github.com/dependency-check/DependencyCheck/releases")
- return False
-
-
-def _auto_install_dependencies():
- """Auto-install required dependencies if not present."""
- # Only run this once per session
- if hasattr(_auto_install_dependencies, '_already_run'):
+# Static path always used; environment overrides are ignored now.
+_PKG_DIR = os.path.dirname(__file__)
+_DC_HOME = os.path.join(_PKG_DIR, 'third_party', 'dependency-check')
+
+# Fallback: project root layout (editable install) or current working directory
+if not os.path.isdir(_DC_HOME):
+ _PROJECT_ROOT = os.path.abspath(os.path.join(_PKG_DIR, '..', '..'))
+ candidate = os.path.join(_PROJECT_ROOT, 'third_party', 'dependency-check')
+ if os.path.isdir(candidate):
+ _DC_HOME = candidate
+ else:
+ cwd_candidate = os.path.join(os.getcwd(), 'third_party', 'dependency-check')
+ if os.path.isdir(cwd_candidate):
+ _DC_HOME = cwd_candidate
+if not os.path.isdir(_DC_HOME) and getattr(sys, 'frozen', False):
+ # Frozen executable scenario (PyInstaller onefile): check exe dir and _MEIPASS temp dir.
+ exe_dir = os.path.dirname(os.path.abspath(sys.executable))
+ exe_candidate = os.path.join(exe_dir, 'third_party', 'dependency-check')
+ if os.path.isdir(exe_candidate):
+ _DC_HOME = exe_candidate
+ else:
+ tmp_root = getattr(sys, '_MEIPASS', '')
+ if tmp_root:
+ tmp_candidate = os.path.join(tmp_root, 'third_party', 'dependency-check')
+ if os.path.isdir(tmp_candidate):
+ _DC_HOME = tmp_candidate
+
+
+def get_dependency_check_script():
+ """Return path to static dependency-check CLI script or None if missing."""
+ bin_dir = os.path.join(_DC_HOME, 'bin')
+ if sys.platform.startswith('win'):
+ script = os.path.join(bin_dir, 'dependency-check.bat')
+ else:
+ script = os.path.join(bin_dir, 'dependency-check.sh')
+ return script if os.path.isfile(script) else None
+
+
+def _set_version_env(script_path):
+ """Attempt to run '--version' to populate DEPENDENCY_CHECK_VERSION; ignore errors."""
+ if not script_path or not os.path.exists(script_path):
return
- _auto_install_dependencies._already_run = True
-
try:
- # Install binary version
- _install_dependency_check()
+ result = subprocess.run([script_path, '--version'], capture_output=True, text=True, timeout=8)
+ if result.returncode == 0:
+ version_line = (result.stdout or '').strip().splitlines()[-1]
+ if version_line:
+ os.environ['DEPENDENCY_CHECK_VERSION'] = version_line
+ except Exception as ex:
+ logger.debug(f"Could not obtain dependency-check version: {ex}")
+
+
+def _init_static_dependency_check():
+ if not os.path.isdir(_DC_HOME):
+ logger.info("Dependency-check not found under third_party/dependency-check.")
+ return
+ os.environ['DEPENDENCY_CHECK_HOME'] = _DC_HOME
+ script = get_dependency_check_script()
+ _set_version_env(script)
+ logger.debug(f"dependency-check home set to: {_DC_HOME}")
- logger.info(f"✅ dependency-check setup completed with version {DEPENDENCY_CHECK_VERSION}")
- except Exception as e:
- logger.warning(f"Auto-install failed: {e}")
+# Perform lightweight initialization (no network, no extraction)
+_init_static_dependency_check()
-# Auto-install on import
-_auto_install_dependencies()
+__all__ = [
+ 'get_dependency_check_script'
+]
diff --git a/src/fosslight_binary/_jar_analysis.py b/src/fosslight_binary/_jar_analysis.py
index 016ef1d..be27e17 100644
--- a/src/fosslight_binary/_jar_analysis.py
+++ b/src/fosslight_binary/_jar_analysis.py
@@ -6,8 +6,8 @@
import logging
import json
import os
-import sys
import subprocess
+from fosslight_binary import get_dependency_check_script
import fosslight_util.constant as constant
from fosslight_binary._binary import BinaryItem, VulnerabilityItem, is_package_dir
from fosslight_util.oss_item import OssItem
@@ -188,16 +188,13 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
success = True
json_file = ""
- # Use fixed install path: ./fosslight_dc_bin/dependency-check/bin/dependency-check.sh or .bat
- if sys.platform.startswith('win'):
- depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin', 'dependency-check', 'bin', 'dependency-check.bat'))
- elif sys.platform.startswith('linux'):
- depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin', 'dependency-check', 'bin', 'dependency-check.sh'))
- elif sys.platform.startswith('darwin'):
- depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'dependency-check'))
-
+ depcheck_path = get_dependency_check_script()
+ if not depcheck_path:
+ logger.info('dependency-check script not available. JAR OSS info will be skipped.')
+ success = False
+ return owasp_items, vulnerability_items, success
if not (os.path.isfile(depcheck_path) and os.access(depcheck_path, os.X_OK)):
- logger.error(f'dependency-check script not found or not executable at {depcheck_path}')
+ logger.info(f'dependency-check script found but not executable: {depcheck_path}. Skipping.')
success = False
return owasp_items, vulnerability_items, success
diff --git a/third_party/dependency-check/LICENSE.txt b/third_party/dependency-check/LICENSE.txt
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/third_party/dependency-check/LICENSE.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/third_party/dependency-check/NOTICE.txt b/third_party/dependency-check/NOTICE.txt
new file mode 100644
index 0000000..fde7427
--- /dev/null
+++ b/third_party/dependency-check/NOTICE.txt
@@ -0,0 +1,18 @@
+dependency-check-cli
+
+Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+
+The licenses for the software listed below can be found in the licenses.
+
+This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+
+This product includes software developed by Jquery.com (http://jquery.com/).
+
+This product includes software developed by Jonathan Hedley (jsoup.org)
+
+This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
+An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
+
+This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
+
+This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
\ No newline at end of file
diff --git a/third_party/dependency-check/README.md b/third_party/dependency-check/README.md
new file mode 100644
index 0000000..7ab25b5
--- /dev/null
+++ b/third_party/dependency-check/README.md
@@ -0,0 +1,20 @@
+Dependency-Check Command Line
+================
+Dependency-Check Command Line can be used to check project dependencies for published security vulnerabilities. The checks
+performed are a "best effort" and as such, there could be false positives as well as false negatives. However,
+vulnerabilities in 3rd party components is a well-known problem and is currently documented in the 2021 OWASP
+Top 10 as [A06:2021 – Vulnerable and Outdated Components](https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/).
+
+Documentation and links to production binary releases can be found on the [github pages](https://dependency-check.github.io/DependencyCheck/dependency-check-cli/index.html).
+
+
+Copyright & License
+------------
+
+Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
+
+Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://github.com/dependency-check/DependencyCheck/blob/main/cli/LICENSE.txt) file for the full license.
+
+Dependency-Check Command Line makes use of other open source libraries. Please see the [NOTICE.txt](https://github.com/dependency-check/DependencyCheck/blob/main/cli/NOTICE.txt) file for more information.
+
+
\ No newline at end of file
diff --git a/third_party/dependency-check/bin/completion-for-dependency-check.sh b/third_party/dependency-check/bin/completion-for-dependency-check.sh
new file mode 100755
index 0000000..09ffff2
--- /dev/null
+++ b/third_party/dependency-check/bin/completion-for-dependency-check.sh
@@ -0,0 +1,150 @@
+#/usr/bin/env bash
+
+# To use completion for dependency-check you must run:
+#
+# source completion-for-dependency-check.sh
+#
+
+_odc_completions()
+{
+ # Pointer to current completion word.
+ local options="
+ --advancedHelp
+ --artifactoryApiToken
+ --artifactoryBearerToken
+ --artifactoryParallelAnalysis
+ --artifactoryUseProxy
+ --artifactoryUsername
+ --bundleAudit
+ --bundleAuditWorkingDirectory
+ -c --connectiontimeout
+ --connectionString
+ -d --data
+ --dbDriverName
+ --dbDriverPath
+ --dbPassword
+ --dbUser
+ --disableArchive
+ --disableAssembly
+ --disableAutoconf
+ --disableBundleAudit
+ --disableCentral
+ --disableCentralCache
+ --disableCmake
+ --disableCocoapodsAnalyzer
+ --disableCarthageAnalyzer
+ --disableComposer
+ --disableDart
+ --disableFileName
+ --disableGolangDep
+ --disableGolangMod
+ --disableHostedSuppressions
+ --disableJar
+ --disableMavenInstall
+ --disableMixAudit
+ --disableMSBuild
+ --disableYarnAudit
+ --disablePnpmAudit
+ --disableNodeAudit
+ --disableNodeAuditCache
+ --disableNodeJS
+ --disableNugetconf
+ --disableNuspec
+ --disableOpenSSL
+ --disableOssIndex
+ --disableOssIndexCache
+ --ossIndexRemoteErrorWarnOnly
+ --disableKnownExploited
+ --kevURL
+ --disablePip
+ --disablePipfile
+ --disablePyDist
+ --disablePyPkg
+ --disableRetireJS
+ --disableRubygems
+ --disableSwiftPackageManagerAnalyzer
+ --disableSwiftPackageResolvedAnalyzer
+ --dotnet
+ --enableArtifactory
+ --enableExperimental
+ --enableNexus
+ --enableRetired
+ --exclude
+ -f --format
+ --failOnCVSS
+ --go
+ -h --help
+ --hints
+ --hostedSuppressionsForceUpdate
+ --hostedSuppressionsValidForHours
+ --hostedSuppressionsUrl
+ --junitFailOnCVSS
+ -l --log
+ -n --noupdate
+ --nexus
+ --nexusPass
+ --nexusUser
+ --nexusUsesProxy
+ --nodeAuditSkipDevDependencies
+ --nodePackageSkipDevDependencies
+ --nonProxyHosts
+ --nvdApiKey
+ --nvdDatafeed
+ --nvdUser
+ --nvdPassword
+ --nvdApiDelay
+ --nvdValidForHours
+ -o --out
+ --ossIndexPassword
+ --ossIndexUsername
+ -P --propertyfile
+ --prettyPrint
+ --project
+ --proxypass
+ --proxyport
+ --proxyserver
+ --proxyuser
+ --pnpm
+ --purge
+ --retirejsFilter
+ --retirejsFilterNonVulnerable
+ --retireJsForceUpdate
+ --retireJsUrl
+ -s --scan
+ --suppression
+ --symLink
+ --updateonly
+ -v --version
+ --yarn
+ --zipExtensions
+ "
+
+
+ # Array variable storing the possible completions.
+ COMPREPLY=()
+ local cur=${COMP_WORDS[COMP_CWORD]}
+ local prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+
+ case "${prev}" in
+ -s|--scan|-o|--out|-d|--data|--bundleAudit|--bundleAuditWorkingDirectory|--dbDriverPath|--dotnet|--go|-P|--propertyfile|--suppression|--hint|-l|--log|--yarn)
+ COMPREPLY=( $(compgen -f -o default -- ${cur}) )
+ return 0
+ ;;
+ --artifactoryParallelAnalysis|--artifactoryUseProxy|--nexusUsesProxy)
+ COMPREPLY=( $(compgen -W "true false" -- ${cur}) )
+ return 0
+ ;;
+ -f|--format)
+ COMPREPLY=( $(compgen -W "HTML XML CSV JSON JUNIT SARIF ALL" ${cur}) )
+ return 0
+ ;;
+ esac
+ if [[ "$cur" == -* ]] ; then
+ COMPREPLY=( $(compgen -W "$options" -- "$cur") )
+ return 0
+ fi
+ return 0
+}
+
+complete -F _odc_completions dependency-check.sh
diff --git a/third_party/dependency-check/bin/dependency-check.bat b/third_party/dependency-check/bin/dependency-check.bat
new file mode 100755
index 0000000..c743d4d
--- /dev/null
+++ b/third_party/dependency-check/bin/dependency-check.bat
@@ -0,0 +1,110 @@
+@REM
+@REM Copyright (c) 2012-2013 Jeremy Long. All rights reserved.
+@REM
+@REM Licensed under the Apache License, Version 2.0 (the "License");
+@REM you may not use this file except in compliance with the License.
+@REM You may obtain a copy of the License at
+@REM
+@REM http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing, software
+@REM distributed under the License is distributed on an "AS IS" BASIS,
+@REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@REM See the License for the specific language governing permissions and
+@REM limitations under the License.
+@REM ----------------------------------------------------------------------------
+
+@echo off
+
+set ERROR_CODE=0
+
+:init
+@REM Decide how to startup depending on the version of windows
+
+@REM -- Win98ME
+if NOT "%OS%"=="Windows_NT" goto Win9xArg
+
+@REM set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" @setlocal
+
+@REM -- 4NT shell
+if "%eval[2+2]" == "4" goto 4NTArgs
+
+@REM -- Regular WinNT shell
+set CMD_LINE_ARGS=%*
+goto WinNTGetScriptDir
+
+@REM The 4NT Shell from jp software
+:4NTArgs
+set CMD_LINE_ARGS=%$
+goto WinNTGetScriptDir
+
+:Win9xArg
+@REM Slurp the command line arguments. This loop allows for an unlimited number
+@REM of arguments (up to the command line limit, anyway).
+set CMD_LINE_ARGS=
+:Win9xApp
+if %1a==a goto Win9xGetScriptDir
+set CMD_LINE_ARGS=%CMD_LINE_ARGS% %1
+shift
+goto Win9xApp
+
+:Win9xGetScriptDir
+set SAVEDIR=%CD%
+%0\
+cd %0\..\..
+set BASEDIR=%CD%
+cd %SAVEDIR%
+set SAVE_DIR=
+goto repoSetup
+
+:WinNTGetScriptDir
+for %%i in ("%~dp0..") do set "BASEDIR=%%~fi"
+
+:repoSetup
+set REPO=
+
+
+if "%JAVACMD%"=="" set JAVACMD=java
+
+if "%REPO%"=="" set REPO=%BASEDIR%\lib
+
+set CLASSPATH="%BASEDIR%"\plugins\*;"%REPO%"\*
+
+set ENDORSED_DIR=
+if NOT "%ENDORSED_DIR%" == "" set CLASSPATH="%BASEDIR%"\%ENDORSED_DIR%\*;%CLASSPATH%
+
+if NOT "%CLASSPATH_PREFIX%" == "" set CLASSPATH=%CLASSPATH_PREFIX%;%CLASSPATH%
+
+@REM Reaching here means variables are defined and arguments have been captured
+:endInit
+
+"%JAVACMD%" %JAVA_OPTS% --enable-native-access=ALL-UNNAMED -XX:+IgnoreUnrecognizedVMOptions -classpath %CLASSPATH% -Dapp.name="dependency-check" -Dapp.repo="%REPO%" -Dapp.home="%BASEDIR%" -Dbasedir="%BASEDIR%" org.owasp.dependencycheck.App %CMD_LINE_ARGS%
+if %ERRORLEVEL% NEQ 0 goto error
+goto end
+
+:error
+if "%OS%"=="Windows_NT" @endlocal
+set ERROR_CODE=%ERRORLEVEL%
+
+:end
+@REM set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" goto endNT
+
+@REM For old DOS remove the set variables from ENV - we assume they were not set
+@REM before we started - at least we don't leave any baggage around
+set CMD_LINE_ARGS=
+goto postExec
+
+:endNT
+@REM If error code is set to 1 then the endlocal was done already in :error.
+if %ERROR_CODE% EQU 0 @endlocal
+
+
+:postExec
+
+if "%FORCE_EXIT_ON_ERROR%" == "on" (
+ if %ERROR_CODE% NEQ 0 exit %ERROR_CODE%
+)
+
+exit /B %ERROR_CODE%
diff --git a/third_party/dependency-check/bin/dependency-check.sh b/third_party/dependency-check/bin/dependency-check.sh
new file mode 100755
index 0000000..886a440
--- /dev/null
+++ b/third_party/dependency-check/bin/dependency-check.sh
@@ -0,0 +1,135 @@
+#!/usr/bin/env sh
+#
+# Copyright (c) 2012-2013 Jeremy Long. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+
+
+# resolve links - $0 may be a softlink
+PRG="$0"
+
+while [ -h "$PRG" ]; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG=`dirname "$PRG"`/"$link"
+ fi
+done
+
+PRGDIR=`dirname "$PRG"`
+BASEDIR=`cd "$PRGDIR/.." >/dev/null; pwd`
+
+# Reset the REPO variable. If you need to influence this use the environment setup file.
+REPO=
+
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+mingw=false;
+darwin=false;
+case "`uname`" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true ;;
+ Darwin*) darwin=true
+ if [ -z "$JAVA_VERSION" ] ; then
+ JAVA_VERSION="CurrentJDK"
+ else
+ echo "Using Java version: $JAVA_VERSION"
+ fi
+ if [ -z "$JAVA_HOME" ]; then
+ if [ -x "/usr/libexec/java_home" ]; then
+ JAVA_HOME=`/usr/libexec/java_home`
+ else
+ JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home
+ fi
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=`java-config --jre-home`
+ fi
+fi
+
+# For Cygwin and MINGW, ensure paths are in UNIX format before anything is touched
+if $cygwin || $mingw; then
+ [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# If a specific java binary isn't specified search for the standard 'java' binary
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD=`which java`
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly." 1>&2
+ echo " We cannot execute $JAVACMD" 1>&2
+ exit 1
+fi
+
+if [ -z "$REPO" ]
+then
+ REPO="$BASEDIR"/lib
+fi
+
+CLASSPATH="$BASEDIR"/plugins/*:"$REPO"/*
+
+ENDORSED_DIR=
+if [ -n "$ENDORSED_DIR" ] ; then
+ CLASSPATH=$BASEDIR/$ENDORSED_DIR/*:$CLASSPATH
+fi
+
+if [ -n "$CLASSPATH_PREFIX" ] ; then
+ CLASSPATH=$CLASSPATH_PREFIX:$CLASSPATH
+fi
+
+# For Cygwin and Mingw, switch paths to Windows format before running java
+if $cygwin || $mingw; then
+ [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ [ -n "$HOME" ] && HOME=`cygpath --path --windows "$HOME"`
+ [ -n "$BASEDIR" ] && BASEDIR=`cygpath --path --windows "$BASEDIR"`
+ [ -n "$REPO" ] && REPO=`cygpath --path --windows "$REPO"`
+fi
+
+DEBUG=""
+for var in "$@"
+do
+if [ "$var" = "--debug" ]; then
+ DEBUG="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000"
+fi
+done
+
+exec "$JAVACMD" $JAVA_OPTS $DEBUG --enable-native-access=ALL-UNNAMED -XX:+IgnoreUnrecognizedVMOptions \
+ -classpath "$CLASSPATH" \
+ -Dapp.name="dependency-check" \
+ -Dapp.pid="$$" \
+ -Dapp.repo="$REPO" \
+ -Dapp.home="$BASEDIR" \
+ -Dbasedir="$BASEDIR" \
+ org.owasp.dependencycheck.App \
+ "$@"
diff --git a/third_party/dependency-check/lib/aho-corasick-double-array-trie-1.2.3.jar b/third_party/dependency-check/lib/aho-corasick-double-array-trie-1.2.3.jar
new file mode 100644
index 0000000..645c65e
Binary files /dev/null and b/third_party/dependency-check/lib/aho-corasick-double-array-trie-1.2.3.jar differ
diff --git a/third_party/dependency-check/lib/android-json-0.0.20131108.vaadin1.jar b/third_party/dependency-check/lib/android-json-0.0.20131108.vaadin1.jar
new file mode 100644
index 0000000..add495f
Binary files /dev/null and b/third_party/dependency-check/lib/android-json-0.0.20131108.vaadin1.jar differ
diff --git a/third_party/dependency-check/lib/annotations-26.0.2-1.jar b/third_party/dependency-check/lib/annotations-26.0.2-1.jar
new file mode 100644
index 0000000..dbe2620
Binary files /dev/null and b/third_party/dependency-check/lib/annotations-26.0.2-1.jar differ
diff --git a/third_party/dependency-check/lib/ant-1.10.15.jar b/third_party/dependency-check/lib/ant-1.10.15.jar
new file mode 100644
index 0000000..e06c352
Binary files /dev/null and b/third_party/dependency-check/lib/ant-1.10.15.jar differ
diff --git a/third_party/dependency-check/lib/bcpg-jdk18on-1.78.jar b/third_party/dependency-check/lib/bcpg-jdk18on-1.78.jar
new file mode 100644
index 0000000..88b0ad6
Binary files /dev/null and b/third_party/dependency-check/lib/bcpg-jdk18on-1.78.jar differ
diff --git a/third_party/dependency-check/lib/bcprov-jdk18on-1.78.jar b/third_party/dependency-check/lib/bcprov-jdk18on-1.78.jar
new file mode 100644
index 0000000..1be0846
Binary files /dev/null and b/third_party/dependency-check/lib/bcprov-jdk18on-1.78.jar differ
diff --git a/third_party/dependency-check/lib/commons-cli-1.10.0.jar b/third_party/dependency-check/lib/commons-cli-1.10.0.jar
new file mode 100644
index 0000000..3c9cb8f
Binary files /dev/null and b/third_party/dependency-check/lib/commons-cli-1.10.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-codec-1.19.0.jar b/third_party/dependency-check/lib/commons-codec-1.19.0.jar
new file mode 100644
index 0000000..ff6441a
Binary files /dev/null and b/third_party/dependency-check/lib/commons-codec-1.19.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-collections-3.2.2.jar b/third_party/dependency-check/lib/commons-collections-3.2.2.jar
new file mode 100644
index 0000000..fa5df82
Binary files /dev/null and b/third_party/dependency-check/lib/commons-collections-3.2.2.jar differ
diff --git a/third_party/dependency-check/lib/commons-collections4-4.5.0.jar b/third_party/dependency-check/lib/commons-collections4-4.5.0.jar
new file mode 100644
index 0000000..aa1c4ef
Binary files /dev/null and b/third_party/dependency-check/lib/commons-collections4-4.5.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-compress-1.27.1.jar b/third_party/dependency-check/lib/commons-compress-1.27.1.jar
new file mode 100644
index 0000000..1bea2d9
Binary files /dev/null and b/third_party/dependency-check/lib/commons-compress-1.27.1.jar differ
diff --git a/third_party/dependency-check/lib/commons-dbcp2-2.13.0.jar b/third_party/dependency-check/lib/commons-dbcp2-2.13.0.jar
new file mode 100644
index 0000000..511ef32
Binary files /dev/null and b/third_party/dependency-check/lib/commons-dbcp2-2.13.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-digester-2.1.jar b/third_party/dependency-check/lib/commons-digester-2.1.jar
new file mode 100644
index 0000000..a07cfa8
Binary files /dev/null and b/third_party/dependency-check/lib/commons-digester-2.1.jar differ
diff --git a/third_party/dependency-check/lib/commons-io-2.20.0.jar b/third_party/dependency-check/lib/commons-io-2.20.0.jar
new file mode 100644
index 0000000..5e06db2
Binary files /dev/null and b/third_party/dependency-check/lib/commons-io-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-jcs3-core-3.2.1.jar b/third_party/dependency-check/lib/commons-jcs3-core-3.2.1.jar
new file mode 100644
index 0000000..a6c312b
Binary files /dev/null and b/third_party/dependency-check/lib/commons-jcs3-core-3.2.1.jar differ
diff --git a/third_party/dependency-check/lib/commons-lang3-3.19.0.jar b/third_party/dependency-check/lib/commons-lang3-3.19.0.jar
new file mode 100644
index 0000000..1ee7e03
Binary files /dev/null and b/third_party/dependency-check/lib/commons-lang3-3.19.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-logging-1.3.4.jar b/third_party/dependency-check/lib/commons-logging-1.3.4.jar
new file mode 100644
index 0000000..b6339bb
Binary files /dev/null and b/third_party/dependency-check/lib/commons-logging-1.3.4.jar differ
diff --git a/third_party/dependency-check/lib/commons-pool2-2.12.0.jar b/third_party/dependency-check/lib/commons-pool2-2.12.0.jar
new file mode 100644
index 0000000..269c5b0
Binary files /dev/null and b/third_party/dependency-check/lib/commons-pool2-2.12.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-text-1.14.0.jar b/third_party/dependency-check/lib/commons-text-1.14.0.jar
new file mode 100644
index 0000000..965f681
Binary files /dev/null and b/third_party/dependency-check/lib/commons-text-1.14.0.jar differ
diff --git a/third_party/dependency-check/lib/commons-validator-1.10.0.jar b/third_party/dependency-check/lib/commons-validator-1.10.0.jar
new file mode 100644
index 0000000..74dda2f
Binary files /dev/null and b/third_party/dependency-check/lib/commons-validator-1.10.0.jar differ
diff --git a/third_party/dependency-check/lib/compiler-0.9.6.jar b/third_party/dependency-check/lib/compiler-0.9.6.jar
new file mode 100644
index 0000000..96578e3
Binary files /dev/null and b/third_party/dependency-check/lib/compiler-0.9.6.jar differ
diff --git a/third_party/dependency-check/lib/cpe-parser-3.0.0.jar b/third_party/dependency-check/lib/cpe-parser-3.0.0.jar
new file mode 100644
index 0000000..199ac33
Binary files /dev/null and b/third_party/dependency-check/lib/cpe-parser-3.0.0.jar differ
diff --git a/third_party/dependency-check/lib/dependency-check-cli-12.1.7.jar b/third_party/dependency-check/lib/dependency-check-cli-12.1.7.jar
new file mode 100644
index 0000000..d09738a
Binary files /dev/null and b/third_party/dependency-check/lib/dependency-check-cli-12.1.7.jar differ
diff --git a/third_party/dependency-check/lib/dependency-check-core-12.1.7.jar b/third_party/dependency-check/lib/dependency-check-core-12.1.7.jar
new file mode 100644
index 0000000..276b292
Binary files /dev/null and b/third_party/dependency-check/lib/dependency-check-core-12.1.7.jar differ
diff --git a/third_party/dependency-check/lib/dependency-check-utils-12.1.7.jar b/third_party/dependency-check/lib/dependency-check-utils-12.1.7.jar
new file mode 100644
index 0000000..24661f7
Binary files /dev/null and b/third_party/dependency-check/lib/dependency-check-utils-12.1.7.jar differ
diff --git a/third_party/dependency-check/lib/error_prone_annotations-2.41.0.jar b/third_party/dependency-check/lib/error_prone_annotations-2.41.0.jar
new file mode 100644
index 0000000..4ef60ab
Binary files /dev/null and b/third_party/dependency-check/lib/error_prone_annotations-2.41.0.jar differ
diff --git a/third_party/dependency-check/lib/failureaccess-1.0.3.jar b/third_party/dependency-check/lib/failureaccess-1.0.3.jar
new file mode 100644
index 0000000..2834ba1
Binary files /dev/null and b/third_party/dependency-check/lib/failureaccess-1.0.3.jar differ
diff --git a/third_party/dependency-check/lib/gson-2.9.0.jar b/third_party/dependency-check/lib/gson-2.9.0.jar
new file mode 100644
index 0000000..fb62e05
Binary files /dev/null and b/third_party/dependency-check/lib/gson-2.9.0.jar differ
diff --git a/third_party/dependency-check/lib/guava-33.5.0-jre.jar b/third_party/dependency-check/lib/guava-33.5.0-jre.jar
new file mode 100644
index 0000000..2e1aba4
Binary files /dev/null and b/third_party/dependency-check/lib/guava-33.5.0-jre.jar differ
diff --git a/third_party/dependency-check/lib/h2-2.3.232.jar b/third_party/dependency-check/lib/h2-2.3.232.jar
new file mode 100644
index 0000000..6c41966
Binary files /dev/null and b/third_party/dependency-check/lib/h2-2.3.232.jar differ
diff --git a/third_party/dependency-check/lib/httpclient5-5.5.jar b/third_party/dependency-check/lib/httpclient5-5.5.jar
new file mode 100644
index 0000000..e2126b4
Binary files /dev/null and b/third_party/dependency-check/lib/httpclient5-5.5.jar differ
diff --git a/third_party/dependency-check/lib/httpclient5-cache-5.4.3.jar b/third_party/dependency-check/lib/httpclient5-cache-5.4.3.jar
new file mode 100644
index 0000000..2bb7fc9
Binary files /dev/null and b/third_party/dependency-check/lib/httpclient5-cache-5.4.3.jar differ
diff --git a/third_party/dependency-check/lib/httpcore5-5.3.6.jar b/third_party/dependency-check/lib/httpcore5-5.3.6.jar
new file mode 100644
index 0000000..0c46bdc
Binary files /dev/null and b/third_party/dependency-check/lib/httpcore5-5.3.6.jar differ
diff --git a/third_party/dependency-check/lib/httpcore5-h2-5.3.4.jar b/third_party/dependency-check/lib/httpcore5-h2-5.3.4.jar
new file mode 100644
index 0000000..03507de
Binary files /dev/null and b/third_party/dependency-check/lib/httpcore5-h2-5.3.4.jar differ
diff --git a/third_party/dependency-check/lib/j2objc-annotations-3.1.jar b/third_party/dependency-check/lib/j2objc-annotations-3.1.jar
new file mode 100644
index 0000000..cc7f2f8
Binary files /dev/null and b/third_party/dependency-check/lib/j2objc-annotations-3.1.jar differ
diff --git a/third_party/dependency-check/lib/jackson-annotations-2.20.jar b/third_party/dependency-check/lib/jackson-annotations-2.20.jar
new file mode 100644
index 0000000..ae5ba4e
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-annotations-2.20.jar differ
diff --git a/third_party/dependency-check/lib/jackson-core-2.20.0.jar b/third_party/dependency-check/lib/jackson-core-2.20.0.jar
new file mode 100644
index 0000000..fbd684e
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-core-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/jackson-databind-2.20.0.jar b/third_party/dependency-check/lib/jackson-databind-2.20.0.jar
new file mode 100644
index 0000000..ece4c9e
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-databind-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/jackson-dataformat-yaml-2.20.0.jar b/third_party/dependency-check/lib/jackson-dataformat-yaml-2.20.0.jar
new file mode 100644
index 0000000..a48b0be
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-dataformat-yaml-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/jackson-datatype-jsr310-2.20.0.jar b/third_party/dependency-check/lib/jackson-datatype-jsr310-2.20.0.jar
new file mode 100644
index 0000000..0c4321f
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-datatype-jsr310-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/jackson-module-blackbird-2.20.0.jar b/third_party/dependency-check/lib/jackson-module-blackbird-2.20.0.jar
new file mode 100644
index 0000000..cfe4a7f
Binary files /dev/null and b/third_party/dependency-check/lib/jackson-module-blackbird-2.20.0.jar differ
diff --git a/third_party/dependency-check/lib/jakarta.json-2.0.1.jar b/third_party/dependency-check/lib/jakarta.json-2.0.1.jar
new file mode 100644
index 0000000..e6d094a
Binary files /dev/null and b/third_party/dependency-check/lib/jakarta.json-2.0.1.jar differ
diff --git a/third_party/dependency-check/lib/jakarta.transaction-api-1.3.3.jar b/third_party/dependency-check/lib/jakarta.transaction-api-1.3.3.jar
new file mode 100644
index 0000000..643303f
Binary files /dev/null and b/third_party/dependency-check/lib/jakarta.transaction-api-1.3.3.jar differ
diff --git a/third_party/dependency-check/lib/javax.activation-api-1.2.0.jar b/third_party/dependency-check/lib/javax.activation-api-1.2.0.jar
new file mode 100644
index 0000000..986c365
Binary files /dev/null and b/third_party/dependency-check/lib/javax.activation-api-1.2.0.jar differ
diff --git a/third_party/dependency-check/lib/javax.inject-1.jar b/third_party/dependency-check/lib/javax.inject-1.jar
new file mode 100644
index 0000000..b2a9d0b
Binary files /dev/null and b/third_party/dependency-check/lib/javax.inject-1.jar differ
diff --git a/third_party/dependency-check/lib/javax.ws.rs-api-2.0.1.jar b/third_party/dependency-check/lib/javax.ws.rs-api-2.0.1.jar
new file mode 100644
index 0000000..7eb68b4
Binary files /dev/null and b/third_party/dependency-check/lib/javax.ws.rs-api-2.0.1.jar differ
diff --git a/third_party/dependency-check/lib/jaxb-api-2.3.1.jar b/third_party/dependency-check/lib/jaxb-api-2.3.1.jar
new file mode 100644
index 0000000..4565865
Binary files /dev/null and b/third_party/dependency-check/lib/jaxb-api-2.3.1.jar differ
diff --git a/third_party/dependency-check/lib/jcs3-slf4j-1.0.5.jar b/third_party/dependency-check/lib/jcs3-slf4j-1.0.5.jar
new file mode 100644
index 0000000..8fbee61
Binary files /dev/null and b/third_party/dependency-check/lib/jcs3-slf4j-1.0.5.jar differ
diff --git a/third_party/dependency-check/lib/jdiagnostics-1.0.7.jar b/third_party/dependency-check/lib/jdiagnostics-1.0.7.jar
new file mode 100644
index 0000000..f4f82b8
Binary files /dev/null and b/third_party/dependency-check/lib/jdiagnostics-1.0.7.jar differ
diff --git a/third_party/dependency-check/lib/jmustache-1.16.jar b/third_party/dependency-check/lib/jmustache-1.16.jar
new file mode 100644
index 0000000..74e82ce
Binary files /dev/null and b/third_party/dependency-check/lib/jmustache-1.16.jar differ
diff --git a/third_party/dependency-check/lib/joda-time-2.14.0.jar b/third_party/dependency-check/lib/joda-time-2.14.0.jar
new file mode 100644
index 0000000..e9509ba
Binary files /dev/null and b/third_party/dependency-check/lib/joda-time-2.14.0.jar differ
diff --git a/third_party/dependency-check/lib/jsoup-1.21.2.jar b/third_party/dependency-check/lib/jsoup-1.21.2.jar
new file mode 100644
index 0000000..36a6455
Binary files /dev/null and b/third_party/dependency-check/lib/jsoup-1.21.2.jar differ
diff --git a/third_party/dependency-check/lib/jspecify-1.0.0.jar b/third_party/dependency-check/lib/jspecify-1.0.0.jar
new file mode 100644
index 0000000..466b875
Binary files /dev/null and b/third_party/dependency-check/lib/jspecify-1.0.0.jar differ
diff --git a/third_party/dependency-check/lib/jsr305-3.0.2.jar b/third_party/dependency-check/lib/jsr305-3.0.2.jar
new file mode 100644
index 0000000..59222d9
Binary files /dev/null and b/third_party/dependency-check/lib/jsr305-3.0.2.jar differ
diff --git a/third_party/dependency-check/lib/jul-to-slf4j-1.7.36.jar b/third_party/dependency-check/lib/jul-to-slf4j-1.7.36.jar
new file mode 100644
index 0000000..ae8f815
Binary files /dev/null and b/third_party/dependency-check/lib/jul-to-slf4j-1.7.36.jar differ
diff --git a/third_party/dependency-check/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar b/third_party/dependency-check/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
new file mode 100644
index 0000000..45832c0
Binary files /dev/null and b/third_party/dependency-check/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar differ
diff --git a/third_party/dependency-check/lib/logback-classic-1.2.13.jar b/third_party/dependency-check/lib/logback-classic-1.2.13.jar
new file mode 100644
index 0000000..105b2f2
Binary files /dev/null and b/third_party/dependency-check/lib/logback-classic-1.2.13.jar differ
diff --git a/third_party/dependency-check/lib/logback-core-1.2.13.jar b/third_party/dependency-check/lib/logback-core-1.2.13.jar
new file mode 100644
index 0000000..36b0805
Binary files /dev/null and b/third_party/dependency-check/lib/logback-core-1.2.13.jar differ
diff --git a/third_party/dependency-check/lib/lucene-analysis-common-9.12.0.jar b/third_party/dependency-check/lib/lucene-analysis-common-9.12.0.jar
new file mode 100644
index 0000000..36946dc
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-analysis-common-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/lucene-core-9.12.0.jar b/third_party/dependency-check/lib/lucene-core-9.12.0.jar
new file mode 100644
index 0000000..42de6eb
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-core-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/lucene-facet-9.12.0.jar b/third_party/dependency-check/lib/lucene-facet-9.12.0.jar
new file mode 100644
index 0000000..5d769c1
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-facet-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/lucene-queries-9.12.0.jar b/third_party/dependency-check/lib/lucene-queries-9.12.0.jar
new file mode 100644
index 0000000..bded3b4
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-queries-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/lucene-queryparser-9.12.0.jar b/third_party/dependency-check/lib/lucene-queryparser-9.12.0.jar
new file mode 100644
index 0000000..dab049e
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-queryparser-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/lucene-sandbox-9.12.0.jar b/third_party/dependency-check/lib/lucene-sandbox-9.12.0.jar
new file mode 100644
index 0000000..1df658f
Binary files /dev/null and b/third_party/dependency-check/lib/lucene-sandbox-9.12.0.jar differ
diff --git a/third_party/dependency-check/lib/minlog-1.3.1.jar b/third_party/dependency-check/lib/minlog-1.3.1.jar
new file mode 100644
index 0000000..9a15570
Binary files /dev/null and b/third_party/dependency-check/lib/minlog-1.3.1.jar differ
diff --git a/third_party/dependency-check/lib/open-vulnerability-clients-7.3.2.jar b/third_party/dependency-check/lib/open-vulnerability-clients-7.3.2.jar
new file mode 100644
index 0000000..967583f
Binary files /dev/null and b/third_party/dependency-check/lib/open-vulnerability-clients-7.3.2.jar differ
diff --git a/third_party/dependency-check/lib/ossindex-service-api-1.8.2.jar b/third_party/dependency-check/lib/ossindex-service-api-1.8.2.jar
new file mode 100644
index 0000000..39c7884
Binary files /dev/null and b/third_party/dependency-check/lib/ossindex-service-api-1.8.2.jar differ
diff --git a/third_party/dependency-check/lib/ossindex-service-client-1.8.2.jar b/third_party/dependency-check/lib/ossindex-service-client-1.8.2.jar
new file mode 100644
index 0000000..bc5aa18
Binary files /dev/null and b/third_party/dependency-check/lib/ossindex-service-client-1.8.2.jar differ
diff --git a/third_party/dependency-check/lib/package-url-java-1.2.0.jar b/third_party/dependency-check/lib/package-url-java-1.2.0.jar
new file mode 100644
index 0000000..0d0e8e9
Binary files /dev/null and b/third_party/dependency-check/lib/package-url-java-1.2.0.jar differ
diff --git a/third_party/dependency-check/lib/packager-core-0.21.0.jar b/third_party/dependency-check/lib/packager-core-0.21.0.jar
new file mode 100644
index 0000000..d094308
Binary files /dev/null and b/third_party/dependency-check/lib/packager-core-0.21.0.jar differ
diff --git a/third_party/dependency-check/lib/packager-rpm-0.21.0.jar b/third_party/dependency-check/lib/packager-rpm-0.21.0.jar
new file mode 100644
index 0000000..9700c85
Binary files /dev/null and b/third_party/dependency-check/lib/packager-rpm-0.21.0.jar differ
diff --git a/third_party/dependency-check/lib/packageurl-java-1.5.0.jar b/third_party/dependency-check/lib/packageurl-java-1.5.0.jar
new file mode 100644
index 0000000..b0c8a20
Binary files /dev/null and b/third_party/dependency-check/lib/packageurl-java-1.5.0.jar differ
diff --git a/third_party/dependency-check/lib/pecoff4j-0.0.2.1.jar b/third_party/dependency-check/lib/pecoff4j-0.0.2.1.jar
new file mode 100644
index 0000000..36bdaa5
Binary files /dev/null and b/third_party/dependency-check/lib/pecoff4j-0.0.2.1.jar differ
diff --git a/third_party/dependency-check/lib/retirejs-core-3.0.4.jar b/third_party/dependency-check/lib/retirejs-core-3.0.4.jar
new file mode 100644
index 0000000..b23d4a7
Binary files /dev/null and b/third_party/dependency-check/lib/retirejs-core-3.0.4.jar differ
diff --git a/third_party/dependency-check/lib/semver4j-5.8.0.jar b/third_party/dependency-check/lib/semver4j-5.8.0.jar
new file mode 100644
index 0000000..c18b040
Binary files /dev/null and b/third_party/dependency-check/lib/semver4j-5.8.0.jar differ
diff --git a/third_party/dependency-check/lib/slf4j-api-1.7.36.jar b/third_party/dependency-check/lib/slf4j-api-1.7.36.jar
new file mode 100644
index 0000000..7d3ce68
Binary files /dev/null and b/third_party/dependency-check/lib/slf4j-api-1.7.36.jar differ
diff --git a/third_party/dependency-check/lib/snakeyaml-2.4.jar b/third_party/dependency-check/lib/snakeyaml-2.4.jar
new file mode 100644
index 0000000..697acde
Binary files /dev/null and b/third_party/dependency-check/lib/snakeyaml-2.4.jar differ
diff --git a/third_party/dependency-check/lib/spotbugs-annotations-4.9.6.jar b/third_party/dependency-check/lib/spotbugs-annotations-4.9.6.jar
new file mode 100644
index 0000000..f100ac5
Binary files /dev/null and b/third_party/dependency-check/lib/spotbugs-annotations-4.9.6.jar differ
diff --git a/third_party/dependency-check/lib/toml4j-0.7.2.jar b/third_party/dependency-check/lib/toml4j-0.7.2.jar
new file mode 100644
index 0000000..71444ec
Binary files /dev/null and b/third_party/dependency-check/lib/toml4j-0.7.2.jar differ
diff --git a/third_party/dependency-check/lib/velocity-engine-core-2.4.1.jar b/third_party/dependency-check/lib/velocity-engine-core-2.4.1.jar
new file mode 100644
index 0000000..5e2adfb
Binary files /dev/null and b/third_party/dependency-check/lib/velocity-engine-core-2.4.1.jar differ
diff --git a/third_party/dependency-check/lib/xz-1.9.jar b/third_party/dependency-check/lib/xz-1.9.jar
new file mode 100644
index 0000000..61ad52a
Binary files /dev/null and b/third_party/dependency-check/lib/xz-1.9.jar differ
diff --git a/third_party/dependency-check/licenses/commons-cli/LICENSE.txt b/third_party/dependency-check/licenses/commons-cli/LICENSE.txt
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/third_party/dependency-check/licenses/commons-cli/LICENSE.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.