{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:2BH3O7ARTIXSRNUIU4I6O2MX6S","short_pith_number":"pith:2BH3O7AR","canonical_record":{"source":{"id":"1709.04626","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-09-14T06:14:43Z","cross_cats_sorted":[],"title_canon_sha256":"c1cf77a7419995c19c7fa847035fbc179d8987c5fe62c09d049f54bf62796bcd","abstract_canon_sha256":"61d6070951037a89b2ad7b2c3abc9b87b4b63a2c5120cb08ba0f8baa7866bdb8"},"schema_version":"1.0"},"canonical_sha256":"d04fb77c119a2f28b688a711e76997f4bd115bbdf068af54aa9962c1688b1ee7","source":{"kind":"arxiv","id":"1709.04626","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.04626","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"arxiv_version","alias_value":"1709.04626v1","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.04626","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"pith_short_12","alias_value":"2BH3O7ARTIXS","created_at":"2026-05-18T12:30:55Z"},{"alias_kind":"pith_short_16","alias_value":"2BH3O7ARTIXSRNUI","created_at":"2026-05-18T12:30:55Z"},{"alias_kind":"pith_short_8","alias_value":"2BH3O7AR","created_at":"2026-05-18T12:30:55Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:2BH3O7ARTIXSRNUIU4I6O2MX6S","target":"record","payload":{"canonical_record":{"source":{"id":"1709.04626","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-09-14T06:14:43Z","cross_cats_sorted":[],"title_canon_sha256":"c1cf77a7419995c19c7fa847035fbc179d8987c5fe62c09d049f54bf62796bcd","abstract_canon_sha256":"61d6070951037a89b2ad7b2c3abc9b87b4b63a2c5120cb08ba0f8baa7866bdb8"},"schema_version":"1.0"},"canonical_sha256":"d04fb77c119a2f28b688a711e76997f4bd115bbdf068af54aa9962c1688b1ee7","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:35:11.086806Z","signature_b64":"rv5kE6wUyxZxLhsrltZguyKEVis5YtnAKl8DI+4QhFY1KX6HIfaIE/58BlGGU12jXuoslAnABsADJtSdxXQZBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"d04fb77c119a2f28b688a711e76997f4bd115bbdf068af54aa9962c1688b1ee7","last_reissued_at":"2026-05-18T00:35:11.086191Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:35:11.086191Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1709.04626","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:35:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"WiKWiatC9Qe1zPVagQdRYa2kWMbFaKFm0XuL/q9XENGBQcdlL8eQ0tn38OePrphnh1wdyppq/4bvhSc19oMbAA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T16:22:21.382030Z"},"content_sha256":"ae89fc64c3b63d8b4b5b30be69aca054624f39702064794ee6a9876763a46163","schema_version":"1.0","event_id":"sha256:ae89fc64c3b63d8b4b5b30be69aca054624f39702064794ee6a9876763a46163"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:2BH3O7ARTIXSRNUIU4I6O2MX6S","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Modeling Library Dependencies and Updates in Large Software Repository Universes","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Coen De Roover, Daniel M. German, Katsuro Inoue, Raula Gaikovina Kula, Takashi Ishio","submitted_at":"2017-09-14T06:14:43Z","abstract_excerpt":"Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated vulnerabilities with aging OSS libraries. The decision to migrate to a newer library can range from trivial (security threat) to complex (assessment of work required to accommodate the changes). By leveraging the `wisdom of the software repository crowd' we propose a simple and efficient approach to recommending `consented' library updates. Our Software Universe Graph "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.04626","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:35:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"alFRtJsoECE+67v7qbPR8N450YLdLXfLERpn78l9XIbNV5vGZpMfQThr4l/UVgsrnGItSCZaD7P87Wbcw7piDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T16:22:21.382849Z"},"content_sha256":"95a0e9d4f11c2e587ef4a9b74c8d98ab14045c620e6fc67f70de70b8b0262a8f","schema_version":"1.0","event_id":"sha256:95a0e9d4f11c2e587ef4a9b74c8d98ab14045c620e6fc67f70de70b8b0262a8f"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/bundle.json","state_url":"https://pith.science/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-31T16:22:21Z","links":{"resolver":"https://pith.science/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S","bundle":"https://pith.science/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/bundle.json","state":"https://pith.science/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/state.json","well_known_bundle":"https://pith.science/.well-known/pith/2BH3O7ARTIXSRNUIU4I6O2MX6S/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:2BH3O7ARTIXSRNUIU4I6O2MX6S","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"61d6070951037a89b2ad7b2c3abc9b87b4b63a2c5120cb08ba0f8baa7866bdb8","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-09-14T06:14:43Z","title_canon_sha256":"c1cf77a7419995c19c7fa847035fbc179d8987c5fe62c09d049f54bf62796bcd"},"schema_version":"1.0","source":{"id":"1709.04626","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.04626","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"arxiv_version","alias_value":"1709.04626v1","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.04626","created_at":"2026-05-18T00:35:11Z"},{"alias_kind":"pith_short_12","alias_value":"2BH3O7ARTIXS","created_at":"2026-05-18T12:30:55Z"},{"alias_kind":"pith_short_16","alias_value":"2BH3O7ARTIXSRNUI","created_at":"2026-05-18T12:30:55Z"},{"alias_kind":"pith_short_8","alias_value":"2BH3O7AR","created_at":"2026-05-18T12:30:55Z"}],"graph_snapshots":[{"event_id":"sha256:95a0e9d4f11c2e587ef4a9b74c8d98ab14045c620e6fc67f70de70b8b0262a8f","target":"graph","created_at":"2026-05-18T00:35:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated vulnerabilities with aging OSS libraries. The decision to migrate to a newer library can range from trivial (security threat) to complex (assessment of work required to accommodate the changes). By leveraging the `wisdom of the software repository crowd' we propose a simple and efficient approach to recommending `consented' library updates. Our Software Universe Graph ","authors_text":"Coen De Roover, Daniel M. German, Katsuro Inoue, Raula Gaikovina Kula, Takashi Ishio","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-09-14T06:14:43Z","title":"Modeling Library Dependencies and Updates in Large Software Repository Universes"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.04626","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ae89fc64c3b63d8b4b5b30be69aca054624f39702064794ee6a9876763a46163","target":"record","created_at":"2026-05-18T00:35:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"61d6070951037a89b2ad7b2c3abc9b87b4b63a2c5120cb08ba0f8baa7866bdb8","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-09-14T06:14:43Z","title_canon_sha256":"c1cf77a7419995c19c7fa847035fbc179d8987c5fe62c09d049f54bf62796bcd"},"schema_version":"1.0","source":{"id":"1709.04626","kind":"arxiv","version":1}},"canonical_sha256":"d04fb77c119a2f28b688a711e76997f4bd115bbdf068af54aa9962c1688b1ee7","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"d04fb77c119a2f28b688a711e76997f4bd115bbdf068af54aa9962c1688b1ee7","first_computed_at":"2026-05-18T00:35:11.086191Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:35:11.086191Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"rv5kE6wUyxZxLhsrltZguyKEVis5YtnAKl8DI+4QhFY1KX6HIfaIE/58BlGGU12jXuoslAnABsADJtSdxXQZBw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:35:11.086806Z","signed_message":"canonical_sha256_bytes"},"source_id":"1709.04626","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ae89fc64c3b63d8b4b5b30be69aca054624f39702064794ee6a9876763a46163","sha256:95a0e9d4f11c2e587ef4a9b74c8d98ab14045c620e6fc67f70de70b8b0262a8f"],"state_sha256":"a0385dfc5f3249476e6353158cd526a65d63266ab95eba669f35b39b8e9d86cc"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"DJrUco8w4ZgnXvy7dNrNpFx2yGWOvSO4/rDsOfiyN6uOSQgDaFEPNT6uQJD/oyg8XjWVjIRvA5exHpmDg98vCg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-31T16:22:21.387345Z","bundle_sha256":"ca83e4358fa7c35c53eec0715058b7f9aa0910759f35f944348bd56cb56421c9"}}