mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SERVER-111072 Auto-generated SBOM files [master] (#49460)

Browse Source 
Co-authored-by: mongo-pr-bot[bot] <230616009+mongo-pr-bot[bot]@users.noreply.github.com>
Co-authored-by: Jason Hills <jason.hills@mongodb.com>
GitOrigin-RevId: 268dcba89e7e90e6ed9aad46e2750543346fdd09
This commit is contained in:
mongo-pr-bot[bot] 2026-03-16 10:20:40 -04:00 committed by MongoDB Bot
parent 150216680b
commit 7cc7996c85
7 changed files with 379 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.third_party.md
View File

@ -34,6 +34,8 @@ a notice will be included in
| [fmt] | MIT | 11.2.0 | | ✗ |
| [folly] | Apache-2.0 | 2023.12.25.00 | | ✗ |
| [fuzztest] | BSD-3-Clause, Apache-2.0, HPND | 2025-07-28 | | |
| [github.com/apache/arrow-nanoarrow] | Apache-2.0 | apache-arrow-nanoarrow-0.7.0 | | |
| [github.com/apache/iceberg-cpp] | Apache-2.0 | v0.2.0-rc1 | | |
| [googletest] | BSD-3-Clause | 1.17.0 | | |
| [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ |
| [gRPC (C++)] | Apache-2.0 | 1.74.1 | | ✗ |
@ -71,7 +73,7 @@ a notice will be included in
| [valgrind.h] | BSD-4-Clause | 093bef43d69236287ccc748591c9560a71181b0a | | ✗ |
| [WiredTiger] | GPL-2.0-only OR GPL-3.0-only | 12.0.0 | ✗ | ✗ |
| [yaml-cpp] | MIT | 0.6.3 | | ✗ |
| [zlib] | Zlib | 1.3.1 | ✗ | ✗ |
| [zlib] | Zlib | 1.3 | ✗ | ✗ |
| [Zstandard (zstd)] | BSD-3-Clause OR GPL-2.0-only | 1.5.5 | ✗ | ✗ |
[Abseil Common Libraries (C++)]: https://github.com/abseil/abseil-cpp.git
@ -103,6 +105,8 @@ a notice will be included in
[folly]: https://github.com/facebook/folly.git
[fuzztest]: https://github.com/google/fuzztest.git
[gRPC (C++)]: https://github.com/grpc/grpc.git
[github.com/apache/arrow-nanoarrow]: pkg:github/apache/arrow-nanoarrow@apache-arrow-nanoarrow-0.7.0
[github.com/apache/iceberg-cpp]: pkg:github/apache/iceberg-cpp@v0.2.0-rc1
[googletest]: https://github.com/google/googletest.git
[gperftools]: https://github.com/gperftools/gperftools.git
[immer]: https://github.com/arximboldi/immer.git

6
buildscripts/sbom/config.py
View File

@ -47,10 +47,10 @@ third_party_folders_remove = [
]
# ################ Component Renaming ################
# Endor does not have syntactically valid PURLs for C/C++ packages.
# Endor does not always have syntactically valid PURLs for C/C++ packages.
# e.g.,
# Invalid: pkg:c/github.com/abseil/abseil-cpp@20250512.1
# Valid: pkg:github/abseil/abseil-cpp@20250512.1
# Invalid: pkg:c/github.com/abseil/abseil-cpp@20250512.1
# Valid: pkg:github/abseil/abseil-cpp@20250512.1
# Run string replacements to correct for this:
endor_components_rename = [
["pkg:generic/sourceware.org/git/valgrind", "pkg:generic/valgrind/valgrind"],

41
buildscripts/sbom/generate_sbom.py
View File

@ -254,7 +254,7 @@ def get_component_priority_version_source(component: dict) -> str:
priority_version_source = [
p.get("value")
for p in component.get("properties", [])
if p.get("name") == "generate_sbom:priority_version_source"
if p.get("name") == "internal:generate_sbom:priority_version_source"
]
if len(priority_version_source):
# There should only be 1 result, if any
@ -263,34 +263,34 @@ def get_component_priority_version_source(component: dict) -> str:
return None
def del_component_priority_version_source(component: dict) -> None:
"""Delete all priority version source properties."""
# Reverse iterate properties list to safely modify in situ
if "properties" in component:
for i in range(len(component["properties"]) - 1, -1, -1):
if component["properties"][i].get("name") == "generate_sbom:priority_version_source":
logger.debug(
"PRIORITY VERSION SOURCE: %s: Removing priority version source from SBOM metadata.",
component["bom-ref"],
)
del component["properties"][i]
def get_import_script_variable_name(component: dict) -> str:
"""Get the variable name used in the import script, if defined in metadata file."""
import_script_variable_name = [
p.get("value")
for p in component.get("properties", [])
if p.get("name") == "internal:generate_sbom:import_script_variable_name"
]
if len(import_script_variable_name):
# There should only be 1 result, if any
return import_script_variable_name[0]
else:
return None
def get_version_from_import_script(file_path: str) -> str:
def get_version_from_import_script(file_path: str, variable_name: str) -> str:
"""A rudimentary parse of a shell or python script file to extract the static value defined for the VERSION variable"""
try:
with open(file_path, "r", encoding="utf-8") as file:
for line in file:
if line.strip().startswith("VERSION="):
if line.strip().startswith(f"{variable_name}="):
return re.sub(
r"^VERSION=(?P<quote>[\"']?)(?P<content>\S+)(?P=quote).*$",
rf"^{variable_name}=(?P<quote>[\"']?)(?P<content>\S+)(?P=quote).*$",
r"\g<content>",
line.strip(),
)
elif line.strip().startswith("VERSION = "):
elif line.strip().startswith(f"{variable_name} = "):
return re.sub(
r"^VERSION\s=\s(?P<quote>[\"']?)(?P<content>\S+)(?P=quote).*$",
rf"^{variable_name}\s=\s(?P<quote>[\"']?)(?P<content>\S+)(?P=quote).*$",
r"\g<content>",
line.strip(),
)
@ -717,7 +717,6 @@ def main() -> None:
component_key,
priority_version_source,
)
del_component_priority_version_source(component)
################ Endor Labs ################
if component_key in endor_components:
@ -738,7 +737,9 @@ def main() -> None:
if import_script_path:
import_script = Path(import_script_path)
if import_script.exists():
versions["import_script"] = get_version_from_import_script(import_script_path)
versions["import_script"] = get_version_from_import_script(
import_script_path, get_import_script_variable_name(component) or "VERSION"
)
if versions["import_script"]:
versions["import_script"] = versions["import_script"].replace("release-", "")
if versions["import_script"]:

451
buildscripts/sbom/metadata.cdx.json
View File

@ -158,7 +158,7 @@
"value": "src/third_party/private/libxml2/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
@ -421,6 +421,62 @@
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/apache/arrow-nanoarrow@{{VERSION}}",
"supplier": {
"name": "The Apache Software Foundation",
"url": [
"https://apache.org/"
]
},
"group": "apache",
"name": "Apache Arrow Nanoarrow",
"version": "{{VERSION}}",
"description": "Helpers for Arrow C Data & Arrow C Stream interfaces",
"scope": "excluded",
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
],
"copyright": "Copyright 2016-present The Apache Software Foundation",
"cpe": "cpe:2.3:a:apache:arrow-nanoarrow:{{VERSION}}:*:*:*:*:*:*:*",
"purl": "pkg:github/apache/arrow-nanoarrow@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/apache/arrow-nanoarrow.git",
"type": "distribution"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/private/iceberg-cpp/dist/nanoarrow"
}
]
},
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/private/iceberg-cpp/scripts/fetch_sources.sh"
},
{
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
},
{
"name": "internal:generate_sbom:import_script_variable_name",
"value": "NANOARROW_VERSION"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/apache/arrow@{{VERSION}}",
@ -518,7 +574,7 @@
"value": "src/third_party/private/arrow/scripts/getsources.py"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
@ -575,11 +631,67 @@
"value": "src/third_party/private/avro-cpp/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/apache/iceberg-cpp@{{VERSION}}",
"supplier": {
"name": "The Apache Software Foundation",
"url": [
"https://apache.org/"
]
},
"group": "apache",
"name": "Apache Iceberg\u2122 C++",
"version": "{{VERSION}}",
"description": "C++ implementation of Apache Iceberg\u2122, the open table format for analytic datasets.",
"scope": "excluded",
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
],
"copyright": "Copyright 2024-2026 The Apache Software Foundation",
"cpe": "cpe:2.3:a:apache:iceberg-cpp:{{VERSION}}:*:*:*:*:*:*:*",
"purl": "pkg:github/apache/iceberg-cpp@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/apache/iceberg-cpp.git",
"type": "distribution"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/private/iceberg-cpp"
}
]
},
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/private/iceberg-cpp/scripts/fetch_sources.sh"
},
{
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
},
{
"name": "internal:generate_sbom:import_script_variable_name",
"value": "ICEBERG_CPP_VERSION"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/apache/thrift@{{VERSION}}",
@ -766,7 +878,7 @@
"value": "src/third_party/private/azure-sdk/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
@ -963,8 +1075,8 @@
"supplier": {
"name": "The Cyrus Project",
"url": [
"https://www.cyrusimap.org/sasl/",
"https://www.cyrusimap.org/overview/who_is_cyrus.html"
"https://www.cyrusimap.org/overview/who_is_cyrus.html",
"https://www.cyrusimap.org/sasl/"
]
},
"author": "The Cyrus Team",
@ -1742,7 +1854,7 @@
"value": "src/third_party/gperftools/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
@ -1881,6 +1993,54 @@
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/json-c/json-c@{{VERSION}}",
"supplier": {
"name": "json-c project",
"url": [
"https://github.com/json-c/json-c"
]
},
"author": "Eric Haszlakiewicz",
"group": "json-c",
"name": "json-c",
"version": "{{VERSION}}",
"description": "A JSON implementation in C.",
"scope": "required",
"licenses": [
{
"license": {
"id": "MIT"
}
}
],
"copyright": "Copyright (c) 2009-2012 Eric Haszlakiewicz; Copyright (c) 2004, 2005 Metaparadigm Pte Ltd",
"purl": "pkg:github/json-c/json-c@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/json-c/json-c",
"type": "distribution"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/json-c"
}
]
},
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/json-c/scripts/import.sh"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/json-schema-org/json-schema-test-suite@728066f9c5c258ba3b1804a22a5b998f2ec77ec0",
@ -2007,6 +2167,54 @@
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/libarchive/bzip2@bzip2-{{VERSION}}",
"supplier": {
"name": "bzip2 project",
"url": [
"https://sourceware.org/bzip2/"
]
},
"author": "Julian Seward",
"group": "libarchive",
"name": "bzip2",
"version": "{{VERSION}}",
"description": "A high-quality data compression program and library.",
"scope": "required",
"licenses": [
{
"license": {
"id": "bzip2-1.0.6"
}
}
],
"copyright": "Copyright (C) 1996-2010 Julian Seward <jseward@acm.org>; Copyright (C) 2019-2020 Federico Mena Quintero <federico@gnome.org>; Copyright (C) 2021 Micah Snyder.",
"purl": "pkg:github/libarchive/bzip2@bzip2-{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/libarchive/bzip2",
"type": "distribution"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/bzip2"
}
]
},
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/bzip2/scripts/import.sh"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/libtom/libtomcrypt@{{VERSION}}",
@ -2473,7 +2681,7 @@
"value": "src/third_party/opentelemetry-proto/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
@ -2573,11 +2781,69 @@
"value": "src/third_party/protobuf/scripts/import.sh"
},
{
"name": "generate_sbom:priority_version_source",
"name": "internal:generate_sbom:priority_version_source",
"value": "import_script"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/rnpgp/rnp@{{VERSION}}",
"supplier": {
"name": "Ribose Group Inc.",
"url": [
"https://www.rnpgp.org/"
]
},
"author": "Ribose Group Inc.",
"group": "rnpgp",
"name": "rnp",
"version": "{{VERSION}}",
"description": "A high performance C++ OpenPGP library, fully compliant to RFC 4880.",
"scope": "required",
"licenses": [
{
"license": {
"id": "BSD-2-Clause"
}
},
{
"license": {
"id": "Apache-2.0"
}
},
{
"license": {
"id": "MIT"
}
}
],
"copyright": "Copyright (c) 2017-2024, Ribose Inc. All rights reserved.",
"purl": "pkg:github/rnpgp/rnp@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/rnpgp/rnp",
"type": "distribution"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/rnp"
}
]
},
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/rnp/scripts/import.sh"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/roaringbitmap/croaring@{{VERSION}}",
@ -3065,160 +3331,6 @@
"value": "false"
}
]
},
{
"type": "library",
"bom-ref": "pkg:github/libarchive/bzip2@bzip2-{{VERSION}}",
"supplier": {
"name": "bzip2 project",
"url": [
"https://sourceware.org/bzip2/"
]
},
"author": "Julian Seward",
"group": "libarchive",
"name": "bzip2",
"version": "{{VERSION}}",
"description": "A high-quality data compression program and library.",
"licenses": [
{
"license": {
"id": "bzip2-1.0.6"
}
}
],
"copyright": "Copyright (C) 1996-2010 Julian Seward <jseward@acm.org>; Copyright (C) 2019-2020 Federico Mena Quintero <federico@gnome.org>; Copyright (C) 2021 Micah Snyder.",
"purl": "pkg:github/libarchive/bzip2@bzip2-{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/libarchive/bzip2",
"type": "distribution"
}
],
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/bzip2/scripts/import.sh"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/bzip2"
}
]
},
"scope": "required"
},
{
"type": "library",
"bom-ref": "pkg:github/json-c/json-c@{{VERSION}}",
"supplier": {
"name": "json-c project",
"url": [
"https://github.com/json-c/json-c"
]
},
"author": "Eric Haszlakiewicz",
"group": "json-c",
"name": "json-c",
"version": "{{VERSION}}",
"description": "A JSON implementation in C.",
"licenses": [
{
"license": {
"id": "MIT"
}
}
],
"copyright": "Copyright (c) 2009-2012 Eric Haszlakiewicz; Copyright (c) 2004, 2005 Metaparadigm Pte Ltd",
"purl": "pkg:github/json-c/json-c@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/json-c/json-c",
"type": "distribution"
}
],
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/json-c/scripts/import.sh"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/json-c"
}
]
},
"scope": "required"
},
{
"type": "library",
"bom-ref": "pkg:github/rnpgp/rnp@{{VERSION}}",
"supplier": {
"name": "Ribose Group Inc.",
"url": [
"https://www.rnpgp.org/"
]
},
"author": "Ribose Group Inc.",
"group": "rnpgp",
"name": "rnp",
"version": "{{VERSION}}",
"description": "A high performance C++ OpenPGP library, fully compliant to RFC 4880.",
"licenses": [
{
"license": {
"id": "BSD-2-Clause"
}
},
{
"license": {
"id": "Apache-2.0"
}
},
{
"license": {
"id": "MIT"
}
}
],
"copyright": "Copyright (c) 2017-2024, Ribose Inc. All rights reserved.",
"purl": "pkg:github/rnpgp/rnp@{{VERSION}}",
"externalReferences": [
{
"url": "https://github.com/rnpgp/rnp",
"type": "distribution"
}
],
"properties": [
{
"name": "emits_persisted_data",
"value": "false"
},
{
"name": "import_script_path",
"value": "src/third_party/rnp/scripts/import.sh"
}
],
"evidence": {
"occurrences": [
{
"location": "src/third_party/rnp"
}
]
},
"scope": "required"
}
],
"dependencies": [
@ -3254,6 +3366,10 @@
"ref": "pkg:github/antirez/linenoise@6cdc775807e57b2c3fd64bd207814f8ee1fe35f3",
"dependsOn": []
},
{
"ref": "pkg:github/apache/arrow-nanoarrow@{{VERSION}}",
"dependsOn": []
},
{
"ref": "pkg:github/apache/arrow@{{VERSION}}",
"dependsOn": [
@ -3267,6 +3383,12 @@
"ref": "pkg:github/apache/avro@{{VERSION}}",
"dependsOn": []
},
{
"ref": "pkg:github/apache/iceberg-cpp@{{VERSION}}",
"dependsOn": [
"pkg:github/apache/arrow-nanoarrow@{{VERSION}}"
]
},
{
"ref": "pkg:github/arximboldi/immer@{{VERSION}}",
"dependsOn": []
@ -3406,8 +3528,8 @@
{
"ref": "pkg:github/mongodb/mongo-c-driver@{{VERSION}}",
"dependsOn": [
"pkg:github/madler/zlib@{{VERSION}}",
"pkg:github/juliastrings/utf8proc@{{VERSION}}",
"pkg:github/madler/zlib@{{VERSION}}",
"pkg:github/troydhanson/uthash@{{VERSION}}"
]
},
@ -3430,6 +3552,7 @@
"pkg:github/antirez/linenoise@6cdc775807e57b2c3fd64bd207814f8ee1fe35f3",
"pkg:github/apache/arrow@{{VERSION}}",
"pkg:github/apache/avro@{{VERSION}}",
"pkg:github/apache/iceberg-cpp@{{VERSION}}",
"pkg:github/arximboldi/immer@{{VERSION}}",
"pkg:github/aws/aws-sdk-cpp@{{VERSION}}",
"pkg:github/azure/azure-sdk-for-cpp@azure-storage-blobs_{{VERSION}}",

13
buildscripts/sbom/sbom_utils.py
View File

@ -130,14 +130,15 @@ def convert_sbom_to_public(sbom_dict: dict):
"PUBLIC SBOM: Removed %d internal components",
original_components_len - len(sbom_dict["components"]),
)
# Remove internal proerties from public components
# Remove internal properties from public components
original_properties_len = sum(len(c.get("properties", [])) for c in sbom_dict["components"])
for component in sbom_dict["components"]:
component["properties"] = [
p
for p in component.get("properties", [])
if not p.get("name", "").startswith("internal:")
]
if "properties" in component:
component["properties"] = [
p
for p in component.get("properties", [])
if not p.get("name", "").startswith("internal:")
]
logger.info(
"PUBLIC SBOM: Removed %d internal properties from public components",
original_properties_len

8
buildscripts/sbom_linter.py
View File

@ -190,7 +190,13 @@ def validate_properties(component: dict, error_manager: ErrorManager) -> None:
comp_pedigree_version = ""
# At this point a version is attempted to be read from the import script file
script_version = get_script_version(script_path, "VERSION", error_manager)
script_version_key = "VERSION"
if "properties" in component:
for prop in component["properties"]:
if prop["name"] == "internal:generate_sbom:import_script_variable_name":
script_version_key = prop["value"]
script_version = get_script_version(script_path, script_version_key, error_manager)
if script_version == "":
error_manager.append_full_error_message(MISSING_VERSION_IN_IMPORT_FILE_ERROR + script_path)
elif strip_extra_prefixes(script_version) != strip_extra_prefixes(

58
sbom.json
View File

@ -3,9 +3,9 @@
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:71d980f0-95c5-4dfa-8987-307eb8880ce2",
"version": 3,
"version": 4,
"metadata": {
"timestamp": "2026-03-11T08:06:46Z",
"timestamp": "2026-03-16T06:12:10Z",
"lifecycles": [
{
"phase": "pre-build"
@ -1615,7 +1615,7 @@
},
{
"type": "library",
"bom-ref": "pkg:github/madler/zlib@1.3.1",
"bom-ref": "pkg:github/madler/zlib@1.3",
"supplier": {
"name": "zlib",
"url": [
@ -1625,7 +1625,7 @@
"author": "Jean-loup Gailly, Mark Adler",
"group": "madler",
"name": "zlib",
"version": "1.3.1",
"version": "1.3",
"description": "zlib is a general purpose data compression library.",
"scope": "required",
"licenses": [
@ -1636,8 +1636,8 @@
}
],
"copyright": "Copyright \u00a9 1995-2024 Jean-loup Gailly and Mark Adler.",
"cpe": "cpe:2.3:a:zlib:zlib:1.3.1:*:*:*:*:*:*:*",
"purl": "pkg:github/madler/zlib@1.3.1",
"cpe": "cpe:2.3:a:zlib:zlib:1.3:*:*:*:*:*:*:*",
"purl": "pkg:github/madler/zlib@1.3",
"externalReferences": [
{
"url": "https://zlib.net/fossils/",
@ -2393,6 +2393,38 @@
"value": "false"
}
]
},
{
"bom-ref": "pkg:github/apache/arrow-nanoarrow@apache-arrow-nanoarrow-0.7.0?package-id=614f3463351947a8",
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
],
"name": "github.com/apache/arrow-nanoarrow",
"purl": "pkg:github/apache/arrow-nanoarrow@apache-arrow-nanoarrow-0.7.0",
"type": "library",
"version": "apache-arrow-nanoarrow-0.7.0",
"scope": "excluded",
"properties": []
},
{
"bom-ref": "pkg:github/apache/iceberg-cpp@v0.2.0-rc1?package-id=ce0b9d2c8402061a",
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
],
"name": "github.com/apache/iceberg-cpp",
"purl": "pkg:github/apache/iceberg-cpp@v0.2.0-rc1",
"type": "library",
"version": "v0.2.0-rc1",
"scope": "excluded",
"properties": []
}
],
"dependencies": [
@ -2529,7 +2561,7 @@
"dependsOn": []
},
{
"ref": "pkg:github/madler/zlib@1.3.1",
"ref": "pkg:github/madler/zlib@1.3",
"dependsOn": []
},
{
@ -2539,7 +2571,7 @@
{
"ref": "pkg:github/mongodb/mongo-c-driver@1.28.1",
"dependsOn": [
"pkg:github/madler/zlib@1.3.1"
"pkg:github/madler/zlib@1.3"
]
},
{
@ -2577,7 +2609,7 @@
"pkg:github/json-schema-org/json-schema-test-suite@728066f9c5c258ba3b1804a22a5b998f2ec77ec0",
"pkg:github/libtom/libtomcrypt@v1.18.2",
"pkg:github/libunwind/libunwind@v1.8.1",
"pkg:github/madler/zlib@1.3.1",
"pkg:github/madler/zlib@1.3",
"pkg:github/mongodb/libmongocrypt@1.15.0",
"pkg:github/nlohmann/json@v3.11.3",
"pkg:github/nodejs/node@22.1.0?download_url=https%3A%2F%2Fgithub.com%2Fnodejs%2Fnode%2Fblob%2F8b45c5d26a829bcd3280401dbc1874bcd1302289%2Fsrc%2Fnode_i18n.cc%23L825%23src%2Fnode_i18n.cc%3AGetStringWidth#src/node_i18n.cc",
@ -2650,6 +2682,14 @@
{
"ref": "pkg:pypi/ocspresponder@0.5.0",
"dependsOn": []
},
{
"ref": "pkg:github/apache/arrow-nanoarrow@apache-arrow-nanoarrow-0.7.0?package-id=614f3463351947a8",
"dependsOn": []
},
{
"ref": "pkg:github/apache/iceberg-cpp@v0.2.0-rc1?package-id=ce0b9d2c8402061a",
"dependsOn": []
}
]
}