[SERVER-84613] Define a version for JSON-Schema-Test-Suite Created: 05/Jan/24 Updated: 02/Feb/24 |
|
| Status: | In Progress |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Kyle Suarez |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | query-director-triage | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Query Execution
|
| Sprint: | QE 2024-02-05, QE 2024-02-19 |
| Participants: |
| Description |
|
When we vendor third party libraries, we must ensure that they've been sourced from known origins and possess meaningful version identifiers. We use version identifiers to track security vulnerabilities and their mitigations, and libraries without versions cannot be easily audited. As we work toward publishing an SBOM, this information will be made public so that our customers can make informed decisions about supply chain risk. Library JSON-Schema-Test-Suite doesn’t seem to be vendored from a specific release identified by a version identifier issued by its upstream vendor. Please either identify the release which originated the library and update README.third_party.md, update your library to a named release, or migrate to an alternative. If you require an exception, please reach out to stacey.kingpoling@mongodb.com. |
| Comments |
| Comment by Kyle Suarez [ 02/Feb/24 ] |
|
Our script clones the JSON Schema Test Suite from commit 728066f9c5. Being test-only, the repository doesn't seem to have a consistent release schedule; the only official "GitHub releases" are two releases in 2023. But they do seem to have some sort of tagging scheme. |