diff --git a/README.third_party.md b/README.third_party.md
index 374e456d5e7..3f28a0eae3e 100644
--- a/README.third_party.md
+++ b/README.third_party.md
@@ -1,3 +1,5 @@
+[DO NOT MODIFY THIS FILE MANUALLY. It is generated by src/third_party/tools/gen_thirdpartyreadme.py]: #
+
# MongoDB Third Party Dependencies
MongoDB depends on third party libraries to implement some
@@ -19,94 +21,107 @@ not authored by MongoDB, and has a license which requires reproduction,
a notice will be included in
`THIRD-PARTY-NOTICES`.
-| Name | License | Vendored Version | Emits persisted data | Distributed in Release Binaries |
-| -------------------------- | -------------------------------------------------------------- | -------------------------------------------------- | :------------------: | :-----------------------------: |
-| [abseil-cpp] | Apache-2.0 | 20230802.1 | | ✗ |
-| [Aladdin MD5] | Zlib | Unknown | ✗ | ✗ |
-| [ASIO] | BSL-1.0 | 1.12.2 | | ✗ |
-| [benchmark] | Apache-2.0 | 1.5.2 | | |
-| [Boost] | BSL-1.0 | 1.79.0 | | ✗ |
-| [c-ares] | MIT | 1.19.1 | | ✗ |
-| [CRoaring] | Apache-2.0/ MIT | 2.1.2.1 | | ✗ |
-| [fmt] | BSD-2-Clause | 7.1.3 | | ✗ |
-| [GPerfTools] | BSD-3-Clause | 2.9.1 | | ✗ |
-| [gRPC] | Apache-2.0 | 1.59.2 | | ✗ |
-| [ICU4] | ICU | 57.1 | ✗ | ✗ |
-| [immer] | BSL-1.0 | d98a68c + changes | | ✗ |
-| [Intel Decimal FP Library] | BSD-3-Clause | 2.0 Update 1 | | ✗ |
-| [JSON-Schema-Test-Suite] | MIT | 728066f9c5 | | |
-| [libstemmer] | BSD-3-Clause | Unknown | ✗ | ✗ |
-| [librdkafka] | BSD-2-Clause | 2.0.2 | | |
-| [libmongocrypt] | Apache-2.0 | 1.8.4 | ✗ | ✗ |
-| [linenoise] | BSD-3-Clause | 6cdc775 + changes | | ✗ |
-| [mongo-c-driver] | Apache-2.0 | 1.27.1 | ✗ | ✗ |
-| [MozJS] | MPL-2.0 | ESR 115.7 | | ✗ |
-| [MurmurHash3] | Public Domain | a6bd3ce + changes | ✗ | ✗ |
-| [ocspbuilder] | MIT | 0.10.2 | | |
-| [ocspresponder] | Apache-2.0 | 0.5.0 | | |
-| [pcre2] | BSD-3-Clause | 10.40 | | ✗ |
-| [protobuf] | BSD-3-Clause | 4.25.0 | | ✗ |
-| [re2] | BSD-3-Clause | 2021-09-01 | | ✗ |
-| [S2] | Apache-2.0 | c872048da5d1 + changes | ✗ | ✗ |
-| [SafeInt] | MIT | 3.0.26 | | |
-| [schemastore.org] | Apache-2.0 | 6847cfc3a1 | | |
-| [scons] | MIT | 3.1.2 | | |
-| [Snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
-| [TCMalloc] | Apache-2.0 | 093ba93 + changes | | ✗ |
-| [timelib] | MIT | 2022.10 | | ✗ |
-| [TomCrypt] | Public Domain | 1.18.2 | ✗ | ✗ |
-| [Unicode] | Unicode-DFS-2015 | 8.0.0 | ✗ | ✗ |
-| [libunwind] | MIT | 1.6.2 + changes | | ✗ |
-| [lz4] | BSD-2-Clause | 1.9.3 | | ✗ |
-| [Valgrind] | BSD-4-Clause\[1] | 3.17.0 | | ✗ |
-| [wiredtiger] | | \[2] | ✗ | ✗ |
-| [xxHash] | BSD-2-Clause | 0.8.0 | | ✗ |
-| [yaml-cpp] | MIT | 0.6.3 | | ✗ |
-| [Zlib] | Zlib | 1.3 | ✗ | ✗ |
-| [Zstandard] | BSD-3-Clause | 1.5.5 | ✗ | ✗ |
-| [zydis] | MIT | 4d4fe4c293c5438f32688b14b29017ae3f48369e | | ✗ |
+| Name | License | Vendored Version | Emits persisted data | Distributed in Release Binaries |
+| ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- | -------------------- | ------------------------------- |
+| [Abseil] | Apache-2.0 | 20230802.1 | | ✗ |
+| [arximboldi/immer] | BSL-1.0 | Unknown | | ✗ |
+| [Asio C++ Library] | BSL-1.0 | 1.12.2 | | ✗ |
+| [benchmark] | Apache-2.0 | v1.5.2 | | |
+| [Boost C++ Libraries - boost] | BSL-1.0 | 1.79.0 | | ✗ |
+| [c-ares] | MIT | 1.19.1 | | ✗ |
+| [concurrencytest] | GPL-3.0-or-later | 0.1.2 | unknown | |
+| [Cyrus SASL] | BSD-Attribution-HPND-disclaimer | 2.1.26 | unknown | |
+| [dcleblanc/SafeInt] | MIT | 3.0.26 | | ✗ |
+| [derickr/timelib] | MIT | 2022.10 | | ✗ |
+| [discover] | BSD-3-Clause | 0.4.0 | unknown | |
+| [fmtlib/fmt] | MIT | 7.1.3 | | ✗ |
+| [google-re2] | BSD-3-Clause | 2023-11-01 | | ✗ |
+| [google-snappy] | BSD-3-Clause | 1.1.10 | ✗ | ✗ |
+| [google/s2geometry] | Apache-2.0 | Unknown | ✗ | ✗ |
+| [gperftools] | BSD-3-Clause | 2.9.1 | | ✗ |
+| [grpc] | Apache-2.0 | 1.59.2 | | ✗ |
+| [ICU for C/C++ (ICU4C)] | BSD-3-Clause, MIT v2 with Ad Clause License, Public Domain, BSD-2-Clause | 57.1 | ✗ | ✗ |
+| [Intel Decimal Floating-Point Math Library] | BSD-3-Clause | v2.0 U1 | | ✗ |
+| [jbeder/yaml-cpp] | MIT | 0.6.3 | | ✗ |
+| [JSON-Schema-Test-Suite] | Unknown License | Unknown | | |
+| [libmongocrypt] | Apache-2.0 | 1.8.4 | ✗ | ✗ |
+| [librdkafka - the Apache Kafka C/C++ client library] | BSD-3-Clause, Xmlproc License, ISC, MIT, Public Domain, Zlib, BSD-2-Clause, Andreas Stolcke License | 2.0.2 | | ✗ |
+| [LibTomCrypt] | WTFPL, Public Domain | 1.18.2 | ✗ | ✗ |
+| [libunwind/libunwind] | MIT | v1.6.2 | | ✗ |
+| [linenoise] | BSD-2-Clause | Unknown | | ✗ |
+| [MongoDB C Driver] | Apache-2.0 | 1.27.1 | ✗ | ✗ |
+| [Mozilla Firefox] | MPL-2.0 | 115.7.0esr | unknown | ✗ |
+| [nlohmann.json.decomposed] | MIT | 3.10.5 | unknown | |
+| [node] | ISC | 22.1.0 | unknown | |
+| [ocspbuilder] | MIT | 0.10.2 | | |
+| [ocspresponder] | Apache-2.0 | 0.5.0 | | |
+| [PCRE2] | BSD-3-Clause, Public Domain | 10.40 | | ✗ |
+| [Protobuf] | BSD-3-Clause | v4.25.0 | | ✗ |
+| [pyiso8601] | MIT | 2.1.0 | unknown | |
+| [RoaringBitmap/CRoaring] | Unknown License | v3.0.1 | | ✗ |
+| [SchemaStore/schemastore] | Apache-2.0 | Unknown | | |
+| [SCons - a Software Construction tool] | MIT | 3.1.2 | | ✗ |
+| [smhasher] | Unknown License | Unknown | unknown | ✗ |
+| [Snowball Stemming Algorithms] | BSD-3-Clause | Unknown | unknown | ✗ |
+| [subunit] | BSD-3-Clause, Apache-2.0 | 1.4.4 | unknown | |
+| [tcmalloc] | Apache-2.0 | 20230227-snapshot-093ba93c | | ✗ |
+| [testing-cabal/extras] | MIT | 0.0.3 | unknown | |
+| [testscenarios] | BSD-3-Clause, Apache-2.0 | 0.4 | unknown | |
+| [testtools] | MIT | 2.7.1 | unknown | |
+| [unicode-data] | Unicode-DFS-2016 | 8.0 | ✗ | ✗ |
+| [valgrind] | GPL-2.0-or-later | Unknown | | ✗ |
+| [zlib] | Zlib | v1.3 | ✗ | ✗ |
+| [zstd] | BSD-3-Clause, GPL-2.0-or-later | 1.5.5 | ✗ | ✗ |
-[abseil-cpp]: https://github.com/abseil/abseil-cpp
-[ASIO]: https://github.com/chriskohlhoff/asio
-[benchmark]: https://github.com/google/benchmark
-[Boost]: http://www.boost.org/
-[CRoaring]: https://github.com/RoaringBitmap/CRoaring
-[fmt]: http://fmtlib.net/
-[GPerfTools]: https://github.com/gperftools/gperftools
-[gRPC]: https://github.com/grpc/grpc
-[ICU4]: http://site.icu-project.org/download/
-[immer]: https://github.com/arximboldi/immer
-[Intel Decimal FP Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
+[Abseil]: https://github.com/abseil/abseil-cpp
+[Asio C++ Library]: https://github.com/chriskohlhoff/asio
+[Boost C++ Libraries - boost]: http://www.boost.org/
+[Cyrus SASL]: https://www.cyrusimap.org/sasl/
+[ICU for C/C++ (ICU4C)]: http://site.icu-project.org/download/
+[Intel Decimal Floating-Point Math Library]: https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library
[JSON-Schema-Test-Suite]: https://github.com/json-schema-org/JSON-Schema-Test-Suite
-[libstemmer]: https://github.com/snowballstem/snowball
-[librdkafka]: https://github.com/confluentinc/librdkafka
+[LibTomCrypt]: https://github.com/libtom/libtomcrypt/releases
+[MongoDB C Driver]: https://github.com/mongodb/mongo-c-driver
+[Mozilla Firefox]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
+[PCRE2]: http://www.pcre.org/
+[Protobuf]: https://github.com/protocolbuffers/protobuf
+[RoaringBitmap/CRoaring]: https://github.com/RoaringBitmap/CRoaring
+[SCons - a Software Construction tool]: https://github.com/SCons/scons
+[SchemaStore/schemastore]: https://www.schemastore.org/json/
+[Snowball Stemming Algorithms]: https://github.com/snowballstem/snowball
+[arximboldi/immer]: https://github.com/arximboldi/immer
+[benchmark]: https://github.com/google/benchmark
+[c-ares]: https://c-ares.org/
+[concurrencytest]: https://pypi.org/project/concurrencytest/
+[dcleblanc/SafeInt]: https://github.com/dcleblanc/SafeInt
+[derickr/timelib]: https://github.com/derickr/timelib
+[discover]: https://pypi.org/project/discover/
+[fmtlib/fmt]: http://fmtlib.net/
+[google-re2]: https://github.com/google/re2
+[google-snappy]: https://github.com/google/snappy/releases
+[google/s2geometry]: https://github.com/google/s2geometry
+[gperftools]: https://github.com/gperftools/gperftools
+[grpc]: https://github.com/grpc/grpc
+[jbeder/yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
[libmongocrypt]: https://github.com/mongodb/libmongocrypt
+[librdkafka - the Apache Kafka C/C++ client library]: https://github.com/confluentinc/librdkafka
+[libunwind/libunwind]: http://www.nongnu.org/libunwind/
[linenoise]: https://github.com/antirez/linenoise
-[lz4]: https://github.com/lz4/lz4
-[mongo-c-driver]: https://github.com/mongodb/mongo-c-driver
-[MozJS]: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr
-[MurmurHash3]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
+[nlohmann.json.decomposed]: https://www.nuget.org/packages/nlohmann.json.decomposed
+[node]: https://nodejs.org/en/blog/release
[ocspbuilder]: https://github.com/wbond/ocspbuilder
[ocspresponder]: https://github.com/threema-ch/ocspresponder
-[pcre2]: http://www.pcre.org/
-[protobuf]: https://github.com/protocolbuffers/protobuf
-[S2]: https://github.com/google/s2geometry
-[SafeInt]: https://github.com/dcleblanc/SafeInt
-[schemastore.org]: https://www.schemastore.org/json/
-[scons]: https://github.com/SCons/scons
-[Snappy]: https://github.com/google/snappy/releases
-[TCMalloc]: https://github.com/google/tcmalloc
-[timelib]: https://github.com/derickr/timelib
-[TomCrypt]: https://github.com/libtom/libtomcrypt/releases
-[Unicode]: http://www.unicode.org/versions/enumeratedversions.html
-[libunwind]: http://www.nongnu.org/libunwind/
-[Valgrind]: http://valgrind.org/downloads/current.html
-[wiredtiger]: https://github.com/wiredtiger/wiredtiger
-[xxHash]: https://github.com/Cyan4973/xxHash
-[yaml-cpp]: https://github.com/jbeder/yaml-cpp/releases
-[Zlib]: https://zlib.net/
-[Zstandard]: https://github.com/facebook/zstd
-[zydis]: https://github.com/zyantific/zydis
+[pyiso8601]: https://pypi.org/project/iso8601/
+[smhasher]: https://github.com/aappleby/smhasher/blob/a6bd3ce/
+[subunit]: https://github.com/testing-cabal/subunit
+[tcmalloc]: https://github.com/google/tcmalloc
+[testing-cabal/extras]: https://github.com/testing-cabal/extras
+[testscenarios]: https://pypi.org/project/testscenarios/
+[testtools]: https://github.com/testing-cabal/testtools
+[unicode-data]: http://www.unicode.org/versions/enumeratedversions.html
+[valgrind]: http://valgrind.org/downloads/current.html
+[zlib]: https://zlib.net/
+[zstd]: https://github.com/facebook/zstd
## WiredTiger Vendored Test Libraries
@@ -114,16 +129,16 @@ The following Python libraries are transitively included by WiredTiger,
and are used by that component for testing. They don't appear in
released binary artifacts.
-| Name |
-| :-------------- |
-| concurrencytest |
-| discover |
-| extras |
-| iso8601 |
-| nlohmann/json |
-| python-subunit |
-| testscenarios |
-| testtools |
+| Name |
+| ------------------------ |
+| concurrencytest |
+| discover |
+| nlohmann.json.decomposed |
+| pyiso8601 |
+| subunit |
+| testing-cabal/extras |
+| testscenarios |
+| testtools |
## Dynamically Linked Libraries
diff --git a/sbom.json b/sbom.json
index ec02442cf27..46cc1e35079 100644
--- a/sbom.json
+++ b/sbom.json
@@ -36,6 +36,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/abseil/abseil-cpp"
}
],
"type": "library",
@@ -66,6 +74,14 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/arximboldi/immer"
}
],
"type": "library",
@@ -98,6 +114,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/chriskohlhoff/asio"
}
],
"type": "library",
@@ -129,6 +153,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/google/benchmark"
}
],
"type": "library",
@@ -160,6 +192,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "http://www.boost.org/"
}
],
"type": "library",
@@ -191,6 +231,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://c-ares.org/"
}
],
"type": "library",
@@ -222,6 +270,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://pypi.org/project/concurrencytest/"
}
],
"type": "library",
@@ -253,6 +305,10 @@
{
"name": "internal:team_responsible",
"value": "Build"
+ },
+ {
+ "name": "info_link",
+ "value": "https://www.cyrusimap.org/sasl/"
}
],
"type": "library",
@@ -277,6 +333,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/dcleblanc/SafeInt"
}
],
"type": "library",
@@ -307,6 +371,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/derickr/timelib"
}
],
"type": "library",
@@ -339,6 +411,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://pypi.org/project/discover/"
}
],
"type": "library",
@@ -370,6 +446,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "http://fmtlib.net/"
}
],
"type": "library",
@@ -401,6 +485,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/google/re2"
}
],
"type": "library",
@@ -431,6 +523,14 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/google/s2geometry"
}
],
"type": "library",
@@ -463,6 +563,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/google/snappy/releases"
}
],
"type": "library",
@@ -494,6 +602,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/gperftools/gperftools"
}
],
"type": "library",
@@ -525,6 +641,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/grpc/grpc"
}
],
"type": "library",
@@ -571,6 +695,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "http://site.icu-project.org/download/"
}
],
"type": "library",
@@ -601,6 +733,14 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://software.intel.com/en-us/articles/intel-decimal-floating-point-math-library"
}
],
"type": "library",
@@ -633,6 +773,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/jbeder/yaml-cpp/releases"
}
],
"type": "library",
@@ -663,6 +811,14 @@
{
"name": "internal:team_responsible",
"value": "Query Optimization"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/json-schema-org/JSON-Schema-Test-Suite"
}
],
"type": "library",
@@ -695,6 +851,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/mongodb/libmongocrypt"
}
],
"type": "library",
@@ -761,6 +925,14 @@
{
"name": "internal:team_responsible",
"value": "Atlas Streams"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/confluentinc/librdkafka"
}
],
"type": "library",
@@ -797,6 +969,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/libtom/libtomcrypt/releases"
}
],
"type": "library",
@@ -828,6 +1008,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "http://www.nongnu.org/libunwind/"
}
],
"type": "library",
@@ -858,6 +1046,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/antirez/linenoise"
}
],
"type": "library",
@@ -893,6 +1089,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/mongodb/mongo-c-driver"
}
],
"type": "library",
@@ -924,6 +1128,10 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
+ },
+ {
+ "name": "info_link",
+ "value": "https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr"
}
],
"type": "library",
@@ -955,6 +1163,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://www.nuget.org/packages/nlohmann.json.decomposed"
}
],
"type": "library",
@@ -986,6 +1198,10 @@
{
"name": "internal:team_responsible",
"value": "Workload Scheduling"
+ },
+ {
+ "name": "info_link",
+ "value": "https://nodejs.org/en/blog/release"
}
],
"type": "library",
@@ -1017,6 +1233,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/wbond/ocspbuilder"
}
],
"type": "library",
@@ -1048,6 +1272,14 @@
{
"name": "internal:team_responsible",
"value": "Server Security"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/threema-ch/ocspresponder"
}
],
"type": "library",
@@ -1084,6 +1316,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "http://www.pcre.org/"
}
],
"type": "library",
@@ -1115,6 +1355,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/protocolbuffers/protobuf"
}
],
"type": "library",
@@ -1146,6 +1394,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://pypi.org/project/iso8601/"
}
],
"type": "library",
@@ -1177,6 +1429,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/RoaringBitmap/CRoaring"
}
],
"type": "library",
@@ -1207,6 +1467,14 @@
{
"name": "internal:team_responsible",
"value": "Query Optimization"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://www.schemastore.org/json/"
}
],
"type": "library",
@@ -1239,6 +1507,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/SCons/scons"
}
],
"type": "library",
@@ -1269,6 +1545,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Execution"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/aappleby/smhasher/blob/a6bd3ce/"
}
],
"type": "library",
@@ -1300,6 +1580,10 @@
{
"name": "internal:team_responsible",
"value": "Query Integration"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/snowballstem/snowball"
}
],
"type": "library",
@@ -1337,6 +1621,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/testing-cabal/subunit"
}
],
"type": "library",
@@ -1368,6 +1656,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/google/tcmalloc"
}
],
"type": "library",
@@ -1399,6 +1695,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/testing-cabal/extras"
}
],
"type": "library",
@@ -1435,6 +1735,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://pypi.org/project/testscenarios/"
}
],
"type": "library",
@@ -1466,6 +1770,10 @@
{
"name": "internal:team_responsible",
"value": "Storage Engines"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/testing-cabal/testtools"
}
],
"type": "library",
@@ -1496,6 +1804,14 @@
{
"name": "internal:team_responsible",
"value": "Query Execution"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "http://www.unicode.org/versions/enumeratedversions.html"
}
],
"type": "library",
@@ -1527,6 +1843,14 @@
{
"name": "internal:team_responsible",
"value": "Build"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "false"
+ },
+ {
+ "name": "info_link",
+ "value": "http://valgrind.org/downloads/current.html"
}
],
"type": "library",
@@ -1559,6 +1883,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://zlib.net/"
}
],
"type": "library",
@@ -1595,6 +1927,14 @@
{
"name": "internal:team_responsible",
"value": "Service Arch"
+ },
+ {
+ "name": "emits_persisted_data",
+ "value": "true"
+ },
+ {
+ "name": "info_link",
+ "value": "https://github.com/facebook/zstd"
}
],
"type": "library",
diff --git a/src/third_party/scripts/README.third_party.md.template b/src/third_party/scripts/README.third_party.md.template
new file mode 100644
index 00000000000..9d535cd16e7
--- /dev/null
+++ b/src/third_party/scripts/README.third_party.md.template
@@ -0,0 +1,72 @@
+# MongoDB Third Party Dependencies
+
+MongoDB depends on third party libraries to implement some
+functionality. This document describes which libraries are depended
+upon, and how. It is maintained by and for humans, and so while it is a
+best effort attempt to describe the server's dependencies, it is subject
+to change as libraries are added or removed.
+
+## Server Vendored Libraries
+
+This is the list of third party libraries vendored into the server
+codebase, and the upstream source where updates may be obtained. These
+sources are periodically consulted, and the existence of new versions is
+reflected in this list. A ticket is filed in Jira if a determination is
+made to upgrade a vendored library.
+
+Whenever a vendored library is included in released binary artifacts, is
+not authored by MongoDB, and has a license which requires reproduction,
+a notice will be included in
+`THIRD-PARTY-NOTICES`.
+
+{{ component_chart }}
+
+{{ component_links }}
+
+## WiredTiger Vendored Test Libraries
+
+The following Python libraries are transitively included by WiredTiger,
+and are used by that component for testing. They don't appear in
+released binary artifacts.
+
+{{ wiredtiger_chart }}
+
+## Dynamically Linked Libraries
+
+Sometimes MongoDB needs to load libraries provided and managed by the
+runtime environment. These libraries are not vendored into the MongoDB
+source directory, and are not compiled into release artifacts. Because
+they are provided by the runtime environment, the precise versions of
+these libraries cannot be known in advance. Further, these libraries may
+themselves load other libraries. The full set of transitively linked
+libraries will depend on the runtime environment, and cannot be outlined
+here. On Windows and Mac OS, other libraries and components provided by
+the Operating System may be loaded.
+
+For Windows Enterprise, we may ship precompiled DLLs containing some of
+these libraries. Releases prepared in this fashion will include a copy
+of these libraries' license in a file named
+`THIRD-PARTY-NOTICES.windows`.
+
+| Name | Enterprise Only | Has Windows DLLs |
+| :--------- | :-------------: | :-----------------------------------------------------: |
+| Cyrus SASL | Yes | Yes |
+| libldap | Yes | No |
+| net-snmp | Yes | Yes |
+| OpenSSL | No | Yes\[3] |
+| libcurl | No | No |
+
+## Notes:
+
+1. ^
+ The majority of Valgrind is licensed under the GPL, with the exception of a single
+ header file which is licensed under a BSD license. This BSD licensed header is the only
+ file from Valgrind which is vendored and consumed by MongoDB.
+
+2. ^
+ WiredTiger is maintained by MongoDB in a separate repository. As a part of our
+ development process, we periodically ingest the latest snapshot of that repository.
+
+3. ^
+ OpenSSL is only shipped as a dependency of the MongoDB tools written in Go. The MongoDB
+ shell and server binaries use Windows' cryptography APIs.
diff --git a/src/third_party/scripts/gen_thirdpartyreadme.py b/src/third_party/scripts/gen_thirdpartyreadme.py
new file mode 100644
index 00000000000..9851e405405
--- /dev/null
+++ b/src/third_party/scripts/gen_thirdpartyreadme.py
@@ -0,0 +1,204 @@
+from jinja2 import Environment, FileSystemLoader
+import sys
+import os
+import json
+import bisect
+import logging
+from functools import reduce
+
+SBOM_PATH = "../../../sbom.json"
+TEMPLATE_PATH = "README.third_party.md.template"
+README_PATH = "../../../README.third_party.md"
+
+logging.basicConfig(level=logging.INFO,
+ format='%(asctime)s - %(levelname)s - %(message)s')
+
+
+def main():
+ test_filepaths()
+ sbom = load_sbom()
+
+ component_chart = sbom_to_component_chart(sbom)
+ right_pad_chart_values(component_chart)
+ component_chart_string = chart_to_string(component_chart)
+
+ component_links_string = sbom_to_component_links_string(sbom)
+
+ wiredtiger_chart = sbom_to_wiredtiger_chart(sbom)
+ right_pad_chart_values(wiredtiger_chart)
+ wiredtiger_chart_string = chart_to_string(wiredtiger_chart)
+
+ template_data = {
+ "component_chart": component_chart_string,
+ "component_links": component_links_string,
+ "wiredtiger_chart": wiredtiger_chart_string
+ }
+ create_markdown_with_template(template_data)
+
+
+def test_filepaths() -> None:
+ for filepath in [SBOM_PATH, TEMPLATE_PATH]:
+ if not os.path.exists(filepath):
+ logging.error("Error: %s does not exist. Exiting.", filepath)
+ sys.exit(1)
+
+
+def load_sbom() -> dict:
+ try:
+ with open(SBOM_PATH, 'r') as file:
+ sbom = json.load(file)
+ logging.info("%s JSON data loaded.", SBOM_PATH)
+ return sbom
+ except json.JSONDecodeError as e:
+ logging.error("Error decoding %s JSON: %e Exiting.", SBOM_PATH, e)
+ sys.exit(1)
+
+
+def sbom_to_component_chart(sbom: dict) -> list[list[str]]:
+ components = sbom["components"]
+ component_chart = []
+
+ for component in components:
+ check_component_validity(component)
+ name = component["name"]
+ license_string = []
+ for lic in component["licenses"]:
+ for key in ["id", "name"]:
+ if key in lic["license"]:
+ license_string.append(lic["license"][key])
+ license_string = ", ".join(license_string)
+ version = component["version"]
+ emits_persisted_data = "unknown"
+ for prop in component["properties"]:
+ k, v = prop["name"], prop["value"]
+ if k == "emits_persisted_data":
+ emits_persisted_data = ("", "✗")[v == "true"]
+ distributed_in_release_binaries = (
+ "", "✗")[component["scope"] == "required"]
+
+ row = [
+ item.replace(
+ "|",
+ "") for item in [
+ f"[{name}]",
+ license_string,
+ version,
+ emits_persisted_data,
+ distributed_in_release_binaries]]
+ bisect.insort(component_chart, row, key=lambda c: c[0].lower())
+
+ component_chart.insert(0,
+ ["Name",
+ "License",
+ "Vendored Version",
+ "Emits persisted data",
+ "Distributed in Release Binaries"])
+ return component_chart
+
+
+def sbom_to_component_links_string(sbom: dict) -> list[list[str]]:
+ components = sbom["components"]
+ link_list = []
+
+ for component in components:
+ check_component_validity(component)
+ info_link = get_component_info_link(component)
+ bisect.insort(
+ link_list,
+ f"[{component['name'].replace('|','')}]: {info_link}")
+
+ return "\n".join(link_list)
+
+
+def sbom_to_wiredtiger_chart(sbom: dict) -> list[list[str]]:
+ components = sbom["components"]
+ wiredtiger_chart = [["Name"]]
+
+ for component in components:
+ check_component_validity(component)
+ locations = get_component_locations(component)
+ for location in locations:
+ if location.startswith("src/third_party/wiredtiger/"):
+ bisect.insort(
+ wiredtiger_chart, [
+ component["name"].replace(
+ "|", "")])
+
+ return wiredtiger_chart
+
+
+def check_component_validity(component) -> None:
+ for required_key in ["name", "version", "licenses"]:
+ if required_key not in component:
+ logging.error(
+ "Error: no key %s found in json. Exiting. JSON dump:",
+ required_key)
+ logging.error(json.dumps(component))
+ sys.exit(1)
+
+
+def get_component_info_link(component) -> str:
+ name = component["name"]
+ links = []
+ for prop in component["properties"]:
+ k, v = prop["name"], prop["value"]
+ if k == "info_link":
+ links.append(v)
+ if len(links) != 1:
+ logging.warning(
+ "Warning: Expected 1 info_link for %s. Got %d:",
+ name,
+ len(links))
+ if len(links) > 1:
+ logging.warning(" ".join(links))
+ logging.warning("Using first link only.")
+ else:
+ logging.warning(
+ "Falling back to `purl` value: %s",
+ component['purl'])
+ links.append(component["purl"])
+ return links[0]
+
+
+def get_component_locations(component) -> list[str]:
+ if "evidence" not in component or "occurrences" not in component["evidence"]:
+ return []
+ return [occurence["location"]
+ for occurence in component["evidence"]["occurrences"]]
+
+
+def right_pad_chart_values(chart: list[list[str]]) -> list[list[str]]:
+ h, w = len(chart), len(chart[0])
+ max_lens = [3 for _ in range(w)]
+ for row in chart:
+ for c in range(0, w):
+ max_lens[c] = max(max_lens[c], len(row[c]))
+
+ for r in range(0, h):
+ for c in range(0, w):
+ chart[r][c] = chart[r][c].ljust(max_lens[c])
+ chart.insert(1, ["-" * max_len for max_len in max_lens])
+
+
+def chart_to_string(chart: list[list[str]]) -> str:
+ chart = [" | ".join(row) for row in chart]
+ chart = "\n".join(["| " + row + " |" for row in chart])
+ return chart
+
+
+def create_markdown_with_template(data: str) -> None:
+ file_loader = FileSystemLoader('.')
+ env = Environment(loader=file_loader)
+ template = env.get_template(TEMPLATE_PATH)
+ output = template.render(data)
+
+ with open(README_PATH, 'w') as f:
+ f.write("[DO NOT MODIFY THIS FILE MANUALLY. It is generated by src/third_party/tools/gen_thirdpartyreadme.py]: #\n\n")
+ f.write(output)
+ f.write("\n")
+
+ logging.info("Markdown file created successfully.")
+
+
+if __name__ == "__main__":
+ main()