etc/third_party_components.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347

# List of Third Party Components in MongoDB source code
#
# This file is consumed by buildscripts/blackduck_hub.py

# Sample
# Note: the word TO_DO is supposed to be spelled as "TODO". It is spelled awkwardly in the example
# to avoid the TODO scanner from filing an issue on the sample code.
#
# component_name: Sample Example Compnent
# 	homepage_url: https://www.example.com
# 	local_directory_path: src/third_party/example
#   open_hub_url: https://www.openhub.net/p/example
#   release_monitoring_id: 1234
#   is_test_only: false
# 	upgrade_suppression: TO_DO SERVER-12345
# 	vulnerability_suppression: TO_DO SERVER-12345
# 	team_owner: example


# Description
# component_name - string - required - Name of component in Black Duck Hub
# homepage_url - URL - required - website where to find third party component
# open_hub_url - URL - required - Black Duck Open Hub URL where to find third party component
#                         not always available, see https://www.openhub.net
#                         if not available, use text "N/A"
# release_monitoring_id - integer - required - id of Fedora's Anitya project for monitoring releases
#                         not always available, see https://release-monitoring.org/
#                         if not available, use integer "-1"
# local_directory_path - path - required - relative path to directory containing code
# is_test_only - bool - optional - false by default, true if the component is only part of test code and not shipped to users
#                test only components are not checked for upgrade or vulnerability issues
# upgrade_suppression - string - optional - SERVER- or TW- ticket in JIRA, if present upgrade issues are ignored
#                       Must be prefixed with TODO
# vulnerability_suppression - string - optional - SERVER- or WT- ticket in JIRA, if present vulnerability issues are ignored
#                             Must be prefixed with TODO
# team_owner - string - required - server team that is responsible for maintaining library

# TODO - can we query JIRA to see if the tickets are closed, check DAG code

components:

  abseil:
    homepage_url: https://abseil.io
    open_hub_url: N/A
    release_monitoring_id: 115295
    local_directory_path: src/third_party/abseil-cpp-master
    team_owner: "Service Architecture"
    # Note: abseil exists in Black Duck, but not OpenHub
    upgrade_suppression: TODO SERVER-58675

  Aladdin MD5:
    homepage_url: N/A
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: [src/mongo/util/md5.h, src/mongo/util/md5.cpp]
    team_owner: "Security"
    # Not covered in Black Duck

  "ASIO C++ Library":
    homepage_url: http://think-async.com/Asio/
    open_hub_url: N/A
    release_monitoring_id: 117
    local_directory_path: src/third_party/asio-master
    team_owner: "Service Architecture"
    upgrade_suppression: TODO SERVER-54659

  benchmark:
    homepage_url: https://github.com/google/benchmark
    open_hub_url: https://www.openhub.net/p/benchmark
    release_monitoring_id: 18299
    local_directory_path: src/third_party/benchmark
    is_test_only: true
    team_owner: "Service Architecture"

  "Boost C++ Libraries - boost":
    homepage_url: https://www.boost.org/
    open_hub_url: https://www.openhub.net/p/boost
    release_monitoring_id: 6845
    local_directory_path: src/third_party/boost
    team_owner: "Service Architecture"

  concurrencytest:
    homepage_url: https://github.com/cgoldberg/concurrencytest
    open_hub_url: https://www.openhub.net/p/concurrencytest
    release_monitoring_id: -1
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/concurrencytest-0.1.2
    is_test_only: true
    team_owner: "Wiredtiger"

  "dcleblanc/SafeInt":
    homepage_url: https://github.com/dcleblanc/SafeInt
    open_hub_url: https://www.openhub.net/p/SafeInt
    release_monitoring_id: -1
    local_directory_path: src/third_party/SafeInt
    team_owner: "Service Architecture"

  discover-python:
    homepage_url: https://pypi.org/project/discover/
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/discover-0.4.0
    is_test_only: true
    team_owner: "Wiredtiger"

  fmtlib/fmt:
    homepage_url: https://fmt.dev
    open_hub_url: https://www.openhub.net/p/fmtlib_fmt
    release_monitoring_id: 11526
    local_directory_path: src/third_party/fmt
    team_owner: "Security"
    upgrade_suppression: TODO SERVER-57876

  google/s2geometry:
    homepage_url: https://github.com/google/s2geometry
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/s2
    team_owner: "Query"
    # Note: Code in MongoDB is based on early release here - https://code.google.com/archive/p/s2-geometry-library/

  google-snappy:
    homepage_url: https://google.github.io/snappy/
    open_hub_url: N/A
    release_monitoring_id: 4844
    local_directory_path: src/third_party/snappy-1.1.7
    team_owner: "Storage Execution"
    upgrade_suppression: TODO SERVER-47281
    # TODO - bad version data

  gperftools:
    homepage_url: https://github.com/gperftools/gperftools
    open_hub_url: https://www.openhub.net/p/google-perftools
    release_monitoring_id: 1238
    local_directory_path: src/third_party/gperftools
    team_owner: "Storage Execution"
    # TODO - fix the version number in Black Duck

  "ICU for C/C++ (ICU4C)":
    homepage_url: http://site.icu-project.org/
    open_hub_url: https://www.openhub.net/p/icu4c
    release_monitoring_id: 16134
    local_directory_path: src/third_party/icu4c-57.1
    team_owner: "Query"
    vulnerability_suppression: TODO SERVER-49211
    upgrade_suppression: TODO SERVER-49211

  "Intel Decimal Floating-Point Math Library":
    homepage_url: https://software.intel.com/content/www/us/en/develop/articles/intel-decimal-floating-point-math-library.html
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/IntelRDFPMathLib20U1
    team_owner: "Storage Execution"
    # Note: IntelRDFPMathLib exists in Black Duck, but not OpenHub

  jbeder/yaml-cpp:
    homepage_url: https://github.com/jbeder/yaml-cpp
    open_hub_url: https://www.openhub.net/p/jbeder_yaml-cpp
    release_monitoring_id: 5284
    local_directory_path: src/third_party/yaml-cpp
    team_owner: "Security"
    upgrade_suppression: TODO SERVER-60439

  JSON-Schema-Test-Suite:
    homepage_url: https://github.com/json-schema-org/JSON-Schema-Test-Suite
    open_hub_url: https://www.openhub.net/p/json-schema-test-suite
    release_monitoring_id: -1
    local_directory_path: src/third_party/JSON-Schema-Test-Suite
    is_test_only: true
    team_owner: "Query"

  libmongocrypt:
    homepage_url: https://github.com/mongodb/libmongocrypt
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/kms-message
    team_owner: "Security"
    # Note: libmongocrypt exists in Black Duck, but not OpenHub
    upgrade_suppression: TODO SERVER-61193

  linenoise:
    homepage_url: https://github.com/antirez/linenoise
    open_hub_url: https://www.openhub.net/p/linenoise
    release_monitoring_id: 5691
    local_directory_path: [src/mongo/shell/linenoise.h, src/mongo/shell/linenoise.cpp]
    team_owner: "Server Tools and Methodology"
    upgrade_suppression: TODO SERVER-514767

  LibTomCrypt:
    homepage_url: https://www.libtom.net/
    open_hub_url: https://www.openhub.net/p/libtomcrypt
    release_monitoring_id: 15563
    local_directory_path: src/third_party/tomcrypt-1.18.2
    team_owner: "Security"

  libunwind:
    homepage_url: http://www.nongnu.org/libunwind/
    open_hub_url: https://www.openhub.net/p/p_w_d10376
    release_monitoring_id: 1748
    local_directory_path: src/third_party/unwind
    team_owner: "Service Architecture"

  "Mozilla Firefox":
    homepage_url: https://www.mozilla.org/en-US/firefox/organizations/
    open_hub_url: https://www.openhub.net/p/firefox
    release_monitoring_id: 16838
    local_directory_path: src/third_party/mozjs
    team_owner: "Query"
    upgrade_suppression: TODO SERVER-64574

  "mpark-variant-devel":
    homepage_url: https://github.com/mpark/variant
    open_hub_url: N/A
    release_monitoring_id: 18301
    local_directory_path: src/third_party/variant-1.4.0
    team_owner: "Service Architecture"

  ocspbuilder:
    homepage_url: https://github.com/wbond/ocspbuilder
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/mock_ocsp_responder
    is_test_only: true
    team_owner: "Security"
    # Note: ocspbuilder exists in Black Duck, but not OpenHub

  ocspresponder:
    homepage_url: https://github.com/threema-ch/ocspresponder
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/mock_ocsp_responder
    is_test_only: true
    team_owner: "Security"
    # Note: ocspresponder exists in Black Duck, but not OpenHub

  PCRE:
    homepage_url: https://www.pcre.org/
    open_hub_url: https://www.openhub.net/p/pcre
    release_monitoring_id: 2610
    local_directory_path: src/third_party/pcre-8.42
    team_owner: "Query"
    upgrade_suppression: TODO SERVER-47278

  PCRE2:
    homepage_url: https://www.pcre.org/
    open_hub_url: https://www.openhub.net/p/pcre2
    release_monitoring_id: 5832
    local_directory_path: src/third_party/pcre2
    team_owner: "Query"

  python-testscenarios:
    homepage_url: https://launchpad.net/testscenarios
    open_hub_url: https://www.openhub.net/p/testscenarios
    release_monitoring_id: 13220
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/testscenarios-0.4
    is_test_only: true
    team_owner: "Wiredtiger"

  extras:
    homepage_url: https://github.com/testing-cabal/extras
    open_hub_url: https://www.openhub.net/p/550227
    release_monitoring_id: 13192
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/extras-0.0.3
    is_test_only: true
    team_owner: "Wiredtiger"

  SchemaStore/schemastore:
    homepage_url: https://www.schemastore.org/
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/schemastore.org
    is_test_only: true
    team_owner: "Query"

  "SCons - a Software Construction tool":
    homepage_url: https://www.scons.org/
    open_hub_url: https://www.openhub.net/p/scons
    release_monitoring_id: 4770
    local_directory_path: src/third_party/scons-3.1.2
    team_owner: "Service Development Platform"
    upgrade_suppression: TODO SERVER-49324

  smhasher:
    homepage_url: https://github.com/aappleby/smhasher
    open_hub_url: https://www.openhub.net/p/smhasher
    release_monitoring_id: -1
    local_directory_path: src/third_party/murmurhash3
    team_owner: "Storage Execution"

  "Snowball Stemming Algorithms":
    homepage_url: https://snowballstem.org/
    open_hub_url: https://www.openhub.net/p/Snowball_Stemming_Algorithms
    release_monitoring_id: 7853
    local_directory_path: src/third_party/libstemmer_c
    team_owner: "Query"
    upgrade_suppression: TODO SERVER-51478

  subunit:
    homepage_url: https://launchpad.net/subunit
    open_hub_url: N/A
    release_monitoring_id: 85461
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/python-subunit-0.0.16
    is_test_only: true
    team_owner: "Wiredtiger"

  timelib:
    homepage_url: https://github.com/derickr/timelib
    open_hub_url: N/A
    release_monitoring_id: -1
    local_directory_path: src/third_party/timelib-2021.06
    team_owner: "Query"
    # Note: Not in Black Duck

  unicode:
    homepage_url: http://www.unicode.org
    open_hub_url: N/A
    release_monitoring_id: 5045
    local_directory_path: src/third_party/unicode-8.0.0
    team_owner: "Query"

  valgrind:
    homepage_url: https://valgrind.org/
    open_hub_url: https://www.openhub.net/p/valgrind
    release_monitoring_id: 13639
    local_directory_path: src/third_party/valgrind
    team_owner: "Decision Automation Group"

  testtools:
    homepage_url: https://launchpad.net/testtools
    open_hub_url: https://www.openhub.net/p/python-testtools
    release_monitoring_id: 4047
    local_directory_path: src/third_party/wiredtiger/test/3rdparty/testtools-0.9.34
    is_test_only: true
    team_owner: "Wiredtiger"

  zlib:
    homepage_url: https://www.zlib.net/
    open_hub_url: https://www.openhub.net/p/zlib
    release_monitoring_id: 5303
    local_directory_path: src/third_party/zlib-1.2.12
    team_owner: "Storage Execution"

  zstd:
    homepage_url: http://www.zstd.net/
    open_hub_url: https://www.openhub.net/p/zstd
    release_monitoring_id: 12083
    local_directory_path: src/third_party/zstandard
    team_owner: "Storage Execution"