[SERVER-84613] Define a version for JSON-Schema-Test-Suite Created: 05/Jan/24  Updated: 02/Feb/24

Status: In Progress
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Kyle Suarez
Resolution: Unresolved Votes: 0
Labels: query-director-triage
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Query Execution
Sprint: QE 2024-02-05, QE 2024-02-19
Participants:

 Description   

When we vendor third party libraries, we must ensure that they've been sourced from known origins and possess meaningful version identifiers. We use version identifiers to track security vulnerabilities and their mitigations, and libraries without versions cannot be easily audited. As we work toward publishing an SBOM, this information will be made public so that our customers can make informed decisions about supply chain risk.

Library JSON-Schema-Test-Suite doesn’t seem to be vendored from a specific release identified by a version identifier issued by its upstream vendor. Please either identify the release which originated the library and update README.third_party.md, update your library to a named release, or migrate to an alternative.

If you require an exception, please reach out to stacey.kingpoling@mongodb.com.



 Comments   
Comment by Kyle Suarez [ 02/Feb/24 ]

Our script clones the JSON Schema Test Suite from commit 728066f9c5. Being test-only, the repository doesn't seem to have a consistent release schedule; the only official "GitHub releases" are two releases in 2023. But they do seem to have some sort of tagging scheme.

Generated at Thu Feb 08 06:55:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.