From 74b341cc5aa62077bc7892cddfec7d8868877215 Mon Sep 17 00:00:00 2001 From: Eduard Kovalets Date: Thu, 20 Nov 2025 08:44:42 +0000 Subject: [PATCH 1/5] NODE-7025: New SBOM generation workflow on dependencies change --- .github/actions/sbom-update/action.yml | 27 ++++++ .github/actions/setup-sbom/action.yml | 19 +++++ .github/actions/setup/action.yml | 19 +++++ .github/workflows/sbom.yml | 113 +++++++++++++++++++++++++ 4 files changed, 178 insertions(+) create mode 100644 .github/actions/sbom-update/action.yml create mode 100644 .github/actions/setup-sbom/action.yml create mode 100644 .github/actions/setup/action.yml create mode 100644 .github/workflows/sbom.yml diff --git a/.github/actions/sbom-update/action.yml b/.github/actions/sbom-update/action.yml new file mode 100644 index 0000000000..d826c33e36 --- /dev/null +++ b/.github/actions/sbom-update/action.yml @@ -0,0 +1,27 @@ +name: Generate SBOM +description: Generates CycloneDX SBOM using cdxgen +inputs: + output-file: + description: "Output filename for the SBOM" + required: false + default: "sbom.json" + +runs: + using: composite + steps: + - name: Generate SBOM + shell: bash + working-directory: ${{ inputs.working-directory }} + run: | + echo "Generating SBOM for 'node' project..." + cdxgen -t 'node' --spec-version 1.5 --json-pretty -o ${{ inputs.output-file }} . + + - name: Validate SBOM + shell: bash + run: | + if [ ! -f "${{ inputs.output-file }}" ]; then + echo "Error: SBOM file not found" + exit 1 + fi + + echo "SBOM file validated: ${{ inputs.output-file }}" \ No newline at end of file diff --git a/.github/actions/setup-sbom/action.yml b/.github/actions/setup-sbom/action.yml new file mode 100644 index 0000000000..2502fd9a99 --- /dev/null +++ b/.github/actions/setup-sbom/action.yml @@ -0,0 +1,19 @@ +name: Setup PHP SBOM +description: Sets up environment for generating SBOM in PHP projects +inputs: + working-directory: + description: "The directory where composer.json is located" + required: false + default: "." + +runs: + using: composite + steps: + - name: Setup Node.js (for cdxgen) + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install cdxgen + shell: bash + run: npm install -g @cyclonedx/cdxgen \ No newline at end of file diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml new file mode 100644 index 0000000000..e865cbc789 --- /dev/null +++ b/.github/actions/setup/action.yml @@ -0,0 +1,19 @@ +name: Setup Node SBOM +description: Sets up environment for generating SBOM in Node.js projects +inputs: + working-directory: + description: "The directory where package.json is located" + required: false + default: "." + +runs: + using: composite + steps: + - name: Setup Node.js (for cdxgen) + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install cdxgen + shell: bash + run: npm install -g @cyclonedx/cdxgen \ No newline at end of file diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 0000000000..ec50bfb979 --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,113 @@ +name: Post-Merge SBOM Update + +on: + push: + branches: + - main + paths: + - 'package.json' + - 'package-lock.json' + workflow_dispatch: +env: + SBOM_FILE: "sbom.json" +permissions: + contents: write + pull-requests: write + +jobs: + sbom: + name: Generate SBOM and Create PR + runs-on: ubuntu-latest + + concurrency: + group: sbom-${{ github.ref }} + cancel-in-progress: false + + steps: + - name: Checkout repository (Base Branch) + uses: actions/checkout@v5 + with: + ref: ${{ github.event.pull_request.base.ref || github.ref }} + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install Node and dependencies + uses: mongodb-labs/drivers-github-tools/node/setup@v3 + with: + ignore_install_scripts: false + + - name: Load version and package info + uses: mongodb-labs/drivers-github-tools/node/get_version_info@v3 + with: + npm_package_name: mongodb + + - name: Generate/Update package-lock.json + run: | + echo "Resolving dependencies and generating package-lock.json..." + npm install --package-lock-only + echo "package-lock.json generated with resolved versions" + + - name: Setup SBOM environment + uses: ./.github/actions/setup-sbom + + - name: Generate SBOM + uses: ./.github/actions/sbom-update + with: + output-file: ${SBOM_FILE} + + - name: Check for Changes in sbom.json + id: git_status + run: | + # Filter to remove/normalize serialNumber and timestamp fields + JQ_NORMALIZER='del(.serialNumber) | del(.metadata.timestamp) | walk(if type == "object" and .timestamp then .timestamp = "TIMESTAMP_NORMALIZED" else . end)' + + # Check if the base file exists in Git (to prevent errors on first commit) + if ! git show HEAD:$SBOM_FILE > /dev/null 2>&1; then + echo "HAS_CHANGES=true" >> $GITHUB_OUTPUT + exit 0 + fi + + # Compare the normalized committed version vs. the normalized current version + if diff -q \ + <(git show HEAD:$SBOM_FILE | jq -r "$JQ_NORMALIZER") \ + <(cat $SBOM_FILE | jq -r "$JQ_NORMALIZER"); then + + echo "HAS_CHANGES=false" >> $GITHUB_OUTPUT + echo "No changes detected in sbom.json" + else + echo "HAS_CHANGES=true" >> $GITHUB_OUTPUT + echo "Changes detected in sbom.json" + fi + + - name: Create Pull Request + if: steps.git_status.outputs.HAS_CHANGES == 'true' + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: 'chore: update SBOM after dependency changes' + branch: auto-update-sbom-${{ github.run_id }} + delete-branch: true + title: 'chore: Update SBOM' + body: | + ## Automated SBOM Update + + This PR was automatically generated because package files changed. + + ### Environment + - Node.js version: ${{ steps.versions.outputs.node-version }} + + ### Changes + - Updated `sbom.json` to reflect current dependencies + + ### Verification + The SBOM was generated using CycloneDX NPM. + + ### Triggered by + - Commit: ${{ github.sha }} + - Workflow run: ${{ github.run_id }} + + --- + _This PR was created automatically by the [SBOM workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})_ + labels: | + sbom + automated + dependencies \ No newline at end of file From c32122b8c950ecf412a3964a24e167392952c7a6 Mon Sep 17 00:00:00 2001 From: Eduard Kovalets Date: Tue, 2 Dec 2025 08:54:09 +0000 Subject: [PATCH 2/5] NODE-7025: Using cyclone npm --- .github/actions/sbom-update/action.yml | 2 +- .github/actions/setup-sbom/action.yml | 5 ++--- .github/workflows/sbom.yml | 2 ++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/actions/sbom-update/action.yml b/.github/actions/sbom-update/action.yml index d826c33e36..adad518e7d 100644 --- a/.github/actions/sbom-update/action.yml +++ b/.github/actions/sbom-update/action.yml @@ -14,7 +14,7 @@ runs: working-directory: ${{ inputs.working-directory }} run: | echo "Generating SBOM for 'node' project..." - cdxgen -t 'node' --spec-version 1.5 --json-pretty -o ${{ inputs.output-file }} . + npx @cyclonedx/cyclonedx-npm --output-file sbom.json --output-format json --spec-version 1.5 - name: Validate SBOM shell: bash diff --git a/.github/actions/setup-sbom/action.yml b/.github/actions/setup-sbom/action.yml index 2502fd9a99..e89c73dcc5 100644 --- a/.github/actions/setup-sbom/action.yml +++ b/.github/actions/setup-sbom/action.yml @@ -14,6 +14,5 @@ runs: with: node-version: '20' - - name: Install cdxgen - shell: bash - run: npm install -g @cyclonedx/cdxgen \ No newline at end of file + - name: Install dependencies + run: npm ci diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index ec50bfb979..ac77d44075 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -84,6 +84,8 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore: update SBOM after dependency changes' + add-paths: | + sbom.json branch: auto-update-sbom-${{ github.run_id }} delete-branch: true title: 'chore: Update SBOM' From 46659eebc192a6f3bfccb596c957de1e47d14d2d Mon Sep 17 00:00:00 2001 From: Eduard Kovalets Date: Tue, 2 Dec 2025 08:56:49 +0000 Subject: [PATCH 3/5] NODE-7025: Shell use fix --- .github/actions/setup-sbom/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/setup-sbom/action.yml b/.github/actions/setup-sbom/action.yml index e89c73dcc5..3f8fa173ed 100644 --- a/.github/actions/setup-sbom/action.yml +++ b/.github/actions/setup-sbom/action.yml @@ -15,4 +15,5 @@ runs: node-version: '20' - name: Install dependencies + shell: bash run: npm ci From e5f5aac2e85054c25c3be786a4be19656cec19ef Mon Sep 17 00:00:00 2001 From: Eduard Kovalets Date: Mon, 8 Dec 2025 08:11:36 +0000 Subject: [PATCH 4/5] NODE-7025: Excluding dev dependencies --- .github/actions/sbom-update/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/sbom-update/action.yml b/.github/actions/sbom-update/action.yml index adad518e7d..f168432118 100644 --- a/.github/actions/sbom-update/action.yml +++ b/.github/actions/sbom-update/action.yml @@ -14,7 +14,7 @@ runs: working-directory: ${{ inputs.working-directory }} run: | echo "Generating SBOM for 'node' project..." - npx @cyclonedx/cyclonedx-npm --output-file sbom.json --output-format json --spec-version 1.5 + npx @cyclonedx/cyclonedx-npm --omit dev --output-file sbom.json --output-format json --spec-version 1.5 - name: Validate SBOM shell: bash From f3e86bc504273b2f4d3b88c460230869ef9da08a Mon Sep 17 00:00:00 2001 From: ekovalets <210755696+ekovalets@users.noreply.github.com> Date: Mon, 8 Dec 2025 08:13:44 +0000 Subject: [PATCH 5/5] chore: update SBOM after dependency changes --- sbom.json | 782 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 734 insertions(+), 48 deletions(-) diff --git a/sbom.json b/sbom.json index fd35d3c1aa..02b9f42cd0 100644 --- a/sbom.json +++ b/sbom.json @@ -1,51 +1,737 @@ { - "metadata": { - "timestamp": "2024-05-01T19:10:42.500672+00:00", - "tools": [ - { - "externalReferences": [ - { - "type": "build-system", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" - }, - { - "type": "distribution", - "url": "https://pypi.org/project/cyclonedx-python-lib/" - }, - { - "type": "documentation", - "url": "https://cyclonedx-python-library.readthedocs.io/" - }, - { - "type": "issue-tracker", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" - }, - { - "type": "license", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" - }, - { - "type": "release-notes", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" - }, - { - "type": "vcs", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib" - }, - { - "type": "website", - "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" - } - ], - "name": "cyclonedx-python-lib", - "vendor": "CycloneDX", - "version": "6.4.4" - } - ] - }, - "serialNumber": "urn:uuid:3781f04d-8667-4c43-96e4-bec88e9e4278", - "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5" -} + "specVersion": "1.5", + "version": 1, + "serialNumber": "urn:uuid:d9fe1ef0-c8e7-4b93-af83-ac75eb06e4ec", + "metadata": { + "timestamp": "2025-12-08T08:13:43.077Z", + "tools": { + "components": [ + { + "type": "application", + "name": "npm", + "version": "10.8.2" + }, + { + "type": "application", + "name": "cyclonedx-npm", + "group": "@cyclonedx", + "version": "4.1.2", + "author": "Jan Kowalleck", + "description": "Create CycloneDX Software Bill of Materials (SBOM) from NPM projects.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "type": "library", + "name": "cyclonedx-library", + "group": "@cyclonedx", + "version": "9.4.1", + "author": "Jan Kowalleck", + "description": "Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ] + }, + "component": { + "type": "application", + "name": "mongodb", + "version": "7.0.0", + "bom-ref": "mongodb@7.0.0", + "author": "The MongoDB NodeJS Team", + "description": "The official MongoDB driver for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/mongodb@7.0.0?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fmongodb%2Fnode-mongodb-native.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mongodb/node-mongodb-native.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mongodb/node-mongodb-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://jira.mongodb.org/projects/NODE/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "saslprep", + "group": "@mongodb-js", + "version": "1.3.2", + "bom-ref": "mongodb@7.0.0|@mongodb-js/saslprep@1.3.2", + "author": "Dmitry Tsvettsikh", + "description": "SASLprep: Stringprep Profile for User Names and Passwords, rfc4013", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40mongodb-js/saslprep@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mongodb-js/devtools-shared.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mongodb-js/devtools-shared/tree/main/packages/saslprep", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://jira.mongodb.org/projects/COMPASS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4200390324aa076edc1935c11669e989f022ec7c6819479ecf0a3aa7d748d3732e0c1e8fa77df381c96a55bea854ade3e88f557ac834fa8a235b65f1079f521a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mongodb-js/saslprep" + } + ] + }, + { + "type": "library", + "name": "bson", + "version": "7.0.0", + "bom-ref": "mongodb@7.0.0|bson@7.0.0", + "author": "The MongoDB NodeJS Team", + "description": "A bson parser for node.js and the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bson@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mongodb/js-bson.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mongodb/js-bson#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://jira.mongodb.org/projects/NODE/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bson/-/bson-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b073a5a1e254393a692aa8a85818a22e10b5e5f843d848239b544e9b5aca754ff70690e08137423cc05fd3e38062ba11f2362d6698a54f5e4eb4778d7167b93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bson" + } + ] + }, + { + "type": "library", + "name": "mongodb-connection-string-url", + "version": "7.0.0", + "bom-ref": "mongodb@7.0.0|mongodb-connection-string-url@7.0.0", + "description": "MongoDB connection strings, based on the WhatWG URL API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/mongodb-connection-string-url@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mongodb-js/mongodb-connection-string-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mongodb-js/mongodb-connection-string-url", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mongodb-js/mongodb-connection-string-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ab8618d154b136d216e4465e33a4060b9c330cfb32199e9d080c1f5a900145519a7fdd774e7f0c1d75cef2e9c36f17658212d7d3611c186c87d86b6915634a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mongodb-connection-string-url" + } + ] + }, + { + "type": "library", + "name": "sparse-bitfield", + "version": "3.0.3", + "bom-ref": "mongodb@7.0.0|sparse-bitfield@3.0.3", + "author": "Mathias Buus", + "description": "Bitfield that allocates a series of small buffers to support sparse bits without allocating a massive buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sparse-bitfield@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/sparse-bitfield.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/sparse-bitfield", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/sparse-bitfield/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92fce18bbbea2937e48743d953ed83d8f225970db29aa24aba351cc8f31df58ef936fe273db189657361c6c81d41a6f606694372dd589df40282e12f1ebed5b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sparse-bitfield" + } + ] + }, + { + "type": "library", + "name": "whatwg-url", + "group": "@types", + "version": "13.0.0", + "bom-ref": "mongodb@7.0.0|@types/whatwg-url@13.0.0", + "description": "TypeScript definitions for whatwg-url", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/whatwg-url@13.0.0#types/whatwg-url", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/whatwg-url", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/whatwg-url", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37c597a5b13a5a0ae2eca512beb99072aacc965299f6ec6461632dfa60921b035cd07b30f554135bb029a88e1736bc7afd268cd904090b330f0c45c4d39f2cf9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/whatwg-url" + } + ] + }, + { + "type": "library", + "name": "whatwg-url", + "version": "14.2.0", + "bom-ref": "mongodb@7.0.0|whatwg-url@14.2.0", + "author": "Sebastian Mayr", + "description": "An implementation of the WHATWG URL Standard's URL API and parsing machinery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/whatwg-url@14.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jsdom/whatwg-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jsdom/whatwg-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jsdom/whatwg-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-14.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0deef619d419ccd4d40410a1b17b9e4149cf283920ff9039ce9ee9143b90023e5416810da62002534c250afce90069d3923fbe8a1a4ac0ac987b09ff5cd51b2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/whatwg-url" + } + ] + }, + { + "type": "library", + "name": "memory-pager", + "version": "1.5.0", + "bom-ref": "mongodb@7.0.0|memory-pager@1.5.0", + "author": "Mathias Buus", + "description": "Access memory using small fixed sized buffers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/memory-pager@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/memory-pager.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/memory-pager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/memory-pager/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memory-pager/-/memory-pager-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "652e01a78aff6687aaebe34b2693fed19ce6d2947cc21b463dfd5713128b24101ccc63274a2dc8b75e0e88d092b6342333a354d689234064b180464df1e0582a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memory-pager" + } + ] + }, + { + "type": "library", + "name": "webidl-conversions", + "group": "@types", + "version": "7.0.3", + "bom-ref": "mongodb@7.0.0|@types/webidl-conversions@7.0.3", + "description": "TypeScript definitions for webidl-conversions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/webidl-conversions@7.0.3#types/webidl-conversions", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/webidl-conversions", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/webidl-conversions", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2249bdc46d220cda7470985f0edda849cc3518e11999582b4e4c8fd3b292da95f2e553f1f0f6045381ed2d6ec011372a3d99fb85323e6170fc8c60c3f2c094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/webidl-conversions" + } + ] + }, + { + "type": "library", + "name": "tr46", + "version": "5.1.1", + "bom-ref": "mongodb@7.0.0|tr46@5.1.1", + "author": "Sebastian Mayr", + "description": "An implementation of the Unicode UTS #46: Unicode IDNA Compatibility Processing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tr46@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jsdom/tr46.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jsdom/tr46#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jsdom/tr46/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tr46/-/tr46-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85d1796608d3aa0027b4a924958c34474dcc1b6c7f6d2cd3b64c66211c3fb13355f185ec089d6d7cb017db7961c611c99447f709108e086196c37bc8dc66923f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tr46" + } + ] + }, + { + "type": "library", + "name": "webidl-conversions", + "version": "7.0.0", + "bom-ref": "mongodb@7.0.0|webidl-conversions@7.0.0", + "author": "Domenic Denicola", + "description": "Implements the WebIDL algorithms for converting to and from JavaScript values", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/webidl-conversions@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jsdom/webidl-conversions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jsdom/webidl-conversions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jsdom/webidl-conversions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "57075d06e903ceeef5a1f7c0411f7be6e9c1206a9f299a4cfbc657eb24a4f27621568a39098699cb3b77601bd8b51b4ef9aa0696ac4f83f07cecd19567f7eeea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/webidl-conversions" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "mongodb@7.0.0|punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + } + ], + "dependencies": [ + { + "ref": "mongodb@7.0.0", + "dependsOn": [ + "mongodb@7.0.0|@mongodb-js/saslprep@1.3.2", + "mongodb@7.0.0|bson@7.0.0", + "mongodb@7.0.0|mongodb-connection-string-url@7.0.0" + ] + }, + { + "ref": "mongodb@7.0.0|@mongodb-js/saslprep@1.3.2", + "dependsOn": [ + "mongodb@7.0.0|sparse-bitfield@3.0.3" + ] + }, + { + "ref": "mongodb@7.0.0|bson@7.0.0" + }, + { + "ref": "mongodb@7.0.0|mongodb-connection-string-url@7.0.0", + "dependsOn": [ + "mongodb@7.0.0|@types/whatwg-url@13.0.0", + "mongodb@7.0.0|whatwg-url@14.2.0" + ] + }, + { + "ref": "mongodb@7.0.0|sparse-bitfield@3.0.3", + "dependsOn": [ + "mongodb@7.0.0|memory-pager@1.5.0" + ] + }, + { + "ref": "mongodb@7.0.0|@types/whatwg-url@13.0.0", + "dependsOn": [ + "mongodb@7.0.0|@types/webidl-conversions@7.0.3" + ] + }, + { + "ref": "mongodb@7.0.0|whatwg-url@14.2.0", + "dependsOn": [ + "mongodb@7.0.0|tr46@5.1.1", + "mongodb@7.0.0|webidl-conversions@7.0.0" + ] + }, + { + "ref": "mongodb@7.0.0|memory-pager@1.5.0" + }, + { + "ref": "mongodb@7.0.0|@types/webidl-conversions@7.0.3" + }, + { + "ref": "mongodb@7.0.0|tr46@5.1.1", + "dependsOn": [ + "mongodb@7.0.0|punycode@2.3.1" + ] + }, + { + "ref": "mongodb@7.0.0|webidl-conversions@7.0.0" + }, + { + "ref": "mongodb@7.0.0|punycode@2.3.1" + } + ] +} \ No newline at end of file