From 8aadaed958a69d7b22aa32f1c9fe0c3f0e44be24 Mon Sep 17 00:00:00 2001 From: "mongo-pr-bot[bot]" <230616009+mongo-pr-bot[bot]@users.noreply.github.com> Date: Thu, 7 May 2026 20:50:13 +0000 Subject: [PATCH] SERVER-111072 Auto-generated SBOM files [master] (#53094) Co-authored-by: mongo-pr-bot[bot] <230616009+mongo-pr-bot[bot]@users.noreply.github.com> Co-authored-by: Jason Hills GitOrigin-RevId: 196d4880b49efdec38e5055a4aa283ff45feae08 --- README.third_party.md | 2 +- buildscripts/sbom/config.py | 1 + buildscripts/sbom/metadata.cdx.json | 8 ++++++++ sbom.json | 30 ++++++++++++++--------------- 4 files changed, 25 insertions(+), 16 deletions(-) diff --git a/README.third_party.md b/README.third_party.md index 49fddf77b2a..dc801ed4568 100644 --- a/README.third_party.md +++ b/README.third_party.md @@ -33,7 +33,7 @@ a notice will be included in | [CRoaring] | Apache-2.0 OR MIT | 3.0.1 | | ✗ | | [Cyrus SASL] | BSD-Attribution-HPND-disclaimer | 2.1.28 | | | | [fmt] | MIT | 11.2.0 | | ✗ | -| [folly] | Apache-2.0 | 2023.12.25.00 | | ✗ | +| [folly] | Apache-2.0 | 2025.04.21.00 | | ✗ | | [fuzztest] | BSD-3-Clause, Apache-2.0, HPND | 2025-07-28 | | | | [googletest] | BSD-3-Clause | 1.17.0 | | | | [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ | diff --git a/buildscripts/sbom/config.py b/buildscripts/sbom/config.py index c930c58a1bb..7e977e6f084 100644 --- a/buildscripts/sbom/config.py +++ b/buildscripts/sbom/config.py @@ -53,6 +53,7 @@ third_party_folders_remove = [ license_replacements = [ # "LicenseRef-The-BSD-License" is not a valid SPDX identifier; replace with BSD-2-Clause ["LicenseRef-The-BSD-License", "BSD-2-Clause"], + ["LicenseRef-Unicode-3.0", "Unicode-3.0"], ] # ################ Component Renaming ################ diff --git a/buildscripts/sbom/metadata.cdx.json b/buildscripts/sbom/metadata.cdx.json index f55b36e96e2..816084af70e 100644 --- a/buildscripts/sbom/metadata.cdx.json +++ b/buildscripts/sbom/metadata.cdx.json @@ -1341,6 +1341,10 @@ { "name": "import_script_path", "value": "src/third_party/folly/scripts/import.sh" + }, + { + "name": "internal:generate_sbom:priority_version_source", + "value": "import_script" } ] }, @@ -2463,6 +2467,10 @@ { "name": "mdb_first_party", "value": "true" + }, + { + "name": "internal:generate_sbom:priority_version_source", + "value": "import_script" } ] }, diff --git a/sbom.json b/sbom.json index e64e5f6ff72..e094cfb6810 100644 --- a/sbom.json +++ b/sbom.json @@ -3,9 +3,9 @@ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:2d7fbf85-c8b6-4f90-9966-70da88224a36", - "version": 4, + "version": 5, "metadata": { - "timestamp": "2026-04-28T06:12:06Z", + "timestamp": "2026-05-07T17:08:19Z", "lifecycles": [ { "phase": "pre-build" @@ -63,7 +63,7 @@ "services": [ { "name": "Endor Labs Inc", - "version": "v1.7.946" + "version": "v1.7.957" } ] } @@ -742,7 +742,7 @@ }, { "type": "library", - "bom-ref": "pkg:github/facebook/folly@v2023.12.25.00", + "bom-ref": "pkg:github/facebook/folly@v2025.04.21.00", "supplier": { "name": "Meta Open Source", "url": [ @@ -752,7 +752,7 @@ "author": "Meta", "group": "facebook", "name": "folly", - "version": "2023.12.25.00", + "version": "2025.04.21.00", "description": "An open-source C++ library developed and used at Facebook.", "scope": "required", "licenses": [ @@ -763,8 +763,8 @@ } ], "copyright": "Copyright (c) Meta Platforms, Inc. and affiliates.", - "cpe": "cpe:2.3:a:facebook:folly:2023.12.25.00:*:*:*:*:*:*:*", - "purl": "pkg:github/facebook/folly@v2023.12.25.00", + "cpe": "cpe:2.3:a:facebook:folly:2025.04.21.00:*:*:*:*:*:*:*", + "purl": "pkg:github/facebook/folly@v2025.04.21.00", "externalReferences": [ { "url": "https://github.com/facebook/folly.git", @@ -1760,7 +1760,7 @@ }, { "type": "library", - "bom-ref": "pkg:github/mongodb/libmongocrypt@1.16.0", + "bom-ref": "pkg:github/mongodb/libmongocrypt@1.17.0", "supplier": { "name": "MongoDB, Inc.", "url": [ @@ -1770,7 +1770,7 @@ "author": "MongoDB, Inc.", "group": "mongodb", "name": "libmongocrypt", - "version": "1.16.0", + "version": "1.17.0", "description": "Required C library for Client Side and Queryable Encryption in MongoDB", "scope": "required", "licenses": [ @@ -1781,8 +1781,8 @@ } ], "copyright": "Copyright 2019-present MongoDB, Inc.", - "cpe": "cpe:2.3:a:mongodb:libmongocrypt:1.16.0:*:*:*:*:*:*:*", - "purl": "pkg:github/mongodb/libmongocrypt@1.16.0", + "cpe": "cpe:2.3:a:mongodb:libmongocrypt:1.17.0:*:*:*:*:*:*:*", + "purl": "pkg:github/mongodb/libmongocrypt@1.17.0", "externalReferences": [ { "url": "https://github.com/mongodb/libmongocrypt.git", @@ -2623,7 +2623,7 @@ "dependsOn": [] }, { - "ref": "pkg:github/facebook/folly@v2023.12.25.00", + "ref": "pkg:github/facebook/folly@v2025.04.21.00", "dependsOn": [] }, { @@ -2707,7 +2707,7 @@ "dependsOn": [] }, { - "ref": "pkg:github/mongodb/libmongocrypt@1.16.0", + "ref": "pkg:github/mongodb/libmongocrypt@1.17.0", "dependsOn": [] }, { @@ -2734,7 +2734,7 @@ "pkg:github/davea42/libdwarf-code@libdwarf-2.1.0", "pkg:github/dcleblanc/safeint@3.0.28a", "pkg:github/derickr/timelib@2022.13", - "pkg:github/facebook/folly@v2023.12.25.00", + "pkg:github/facebook/folly@v2025.04.21.00", "pkg:github/facebook/zstd@v1.5.5", "pkg:github/fmtlib/fmt@11.2.0", "pkg:github/google/benchmark@v1.5.2", @@ -2752,7 +2752,7 @@ "pkg:github/libtom/libtomcrypt@v1.18.2", "pkg:github/libunwind/libunwind@v1.8.1", "pkg:github/madler/zlib@1.3.2", - "pkg:github/mongodb/libmongocrypt@1.16.0", + "pkg:github/mongodb/libmongocrypt@1.17.0", "pkg:github/nlohmann/json@v3.11.3", "pkg:github/nodejs/node@22.1.0?download_url=https%3A%2F%2Fgithub.com%2Fnodejs%2Fnode%2Fblob%2F8b45c5d26a829bcd3280401dbc1874bcd1302289%2Fsrc%2Fnode_i18n.cc%23L825%23src%2Fnode_i18n.cc%3AGetStringWidth#src/node_i18n.cc", "pkg:github/open-telemetry/opentelemetry-cpp@v1.24.0",