From 194355aa66543b6c6e584908d8aa76367bdda913 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Wed, 12 Jun 2024 17:02:12 +0200 Subject: [PATCH] fix(ci): run static analysis reporting only once per version MONGOSH-1804 (#2025) --- .evergreen.yml | 222 +++++++++++++++--- .evergreen/compile-artifact.sh | 2 + .evergreen/create-static-analysis-report.sh | 6 + ...download-crypt-shared-and-generate-sbom.sh | 3 - .evergreen/evergreen.yml.in | 83 +++++-- package-lock.json | 175 ++------------ package.json | 8 +- packages/cli-repl/package.json | 4 +- 8 files changed, 283 insertions(+), 220 deletions(-) create mode 100755 .evergreen/create-static-analysis-report.sh diff --git a/.evergreen.yml b/.evergreen.yml index 3a8a73fe2..c3e7021d5 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -7426,7 +7426,8 @@ functions: DISTRO_ID: ${distro_id} NODE_JS_VERSION: ${node_js_version} MONGOSH_SHARED_OPENSSL: ${mongosh_shared_openssl} - upload_sbom_and_static_analysis: + GITHUB_PR_NUMBER: ${github_pr_number} + upload_sbom: - command: s3.put params: aws_key: ${aws_key} @@ -7445,16 +7446,6 @@ functions: bucket: mciuploads permissions: public-read content_type: text/plain - - command: s3.put - params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} - local_file: src/static-analysis-report.tgz - remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-static-analysis-report.tgz - bucket: mciuploads - permissions: private - visibility: signed - content_type: application/json upload_compiled_artifact: - command: shell.exec params: @@ -7480,6 +7471,16 @@ functions: bucket: mciuploads permissions: public-read content_type: application/x-gzip + upload_first_party_deps_list: + - command: s3.put + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-first-party-deps.json + bucket: mciuploads + permissions: public-read + content_type: application/json download_compiled_artifact: - command: s3.get type: setup @@ -7549,9 +7550,108 @@ functions: PACKAGE_VARIANT: ${package_variant} ARTIFACTORY_USERNAME: ${artifactory_username} ARTIFACTORY_PASSWORD: ${artifactory_password} - # for static analysis report generation + create_static_analysis_report: + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-darwin-x64-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-darwin-x64-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-darwin-arm64-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-darwin-arm64-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-x64-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-x64-openssl11-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-openssl11-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-x64-openssl3-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-openssl3-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-arm64-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-arm64-openssl11-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-openssl11-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-arm64-openssl3-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-openssl3-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-ppc64le-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-ppc64le-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-linux-s390x-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-s390x-first-party-deps.json + bucket: mciuploads + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/mongosh-win32-first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-win32-first-party-deps.json + bucket: mciuploads + - command: shell.exec + params: + working_dir: src + shell: bash + script: | + set -e + export NODE_JS_VERSION=${node_js_version} + source .evergreen/setup-env.sh + .evergreen/create-static-analysis-report.sh + env: + NODE_JS_VERSION: ${node_js_version} + FIRST_PARTY_DEPENDENCY_FILENAMES: .sbom/mongosh-darwin-x64-first-party-deps.json,.sbom/mongosh-darwin-arm64-first-party-deps.json,.sbom/mongosh-linux-x64-first-party-deps.json,.sbom/mongosh-linux-x64-openssl11-first-party-deps.json,.sbom/mongosh-linux-x64-openssl3-first-party-deps.json,.sbom/mongosh-linux-arm64-first-party-deps.json,.sbom/mongosh-linux-arm64-openssl11-first-party-deps.json,.sbom/mongosh-linux-arm64-openssl3-first-party-deps.json,.sbom/mongosh-linux-ppc64le-first-party-deps.json,.sbom/mongosh-linux-s390x-first-party-deps.json,.sbom/mongosh-win32-first-party-deps.json GITHUB_TOKEN: ${github_token} GITHUB_PR_NUMBER: ${github_pr_number} + - command: s3.put + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/static-analysis-report.tgz + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-static-analysis-report.tgz + bucket: mciuploads + permissions: private + visibility: signed + content_type: application/x-gzip package_artifact: - command: expansions.write type: setup @@ -11844,6 +11944,7 @@ tasks: mongosh_server_test_version: "latest-alpha-enterprise" mongosh_test_force_api_strict: "1" - name: compile_artifact + tags: ["compile-artifact"] depends_on: - name: compile_ts variant: linux_unit @@ -11858,6 +11959,9 @@ tasks: - func: upload_compiled_artifact vars: node_js_version: "20.12.2" + - func: upload_first_party_deps_list + vars: + node_js_version: "20.12.2" - name: generate_license_and_vulnerability_report tags: ["extra-integration-test"] @@ -13235,6 +13339,7 @@ tasks: # PACKAGING ### - name: add_crypt_shared_and_sbom_darwin_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: darwin @@ -13250,7 +13355,7 @@ tasks: vars: package_variant: darwin-x64 executable_os_id: darwin-x64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: darwin-x64 extra_upload_tag: -darwin-x64-sbom @@ -13317,6 +13422,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_darwin_arm64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: darwin_arm64 @@ -13332,7 +13438,7 @@ tasks: vars: package_variant: darwin-arm64 executable_os_id: darwin-arm64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: darwin-arm64 extra_upload_tag: -darwin-arm64-sbom @@ -13399,6 +13505,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build @@ -13414,7 +13521,7 @@ tasks: vars: package_variant: linux-x64 executable_os_id: linux-x64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64 extra_upload_tag: -linux-x64-sbom @@ -13481,6 +13588,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build @@ -13496,7 +13604,7 @@ tasks: vars: package_variant: deb-x64 executable_os_id: linux-x64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64 extra_upload_tag: -deb-x64-sbom @@ -13563,6 +13671,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build @@ -13578,7 +13687,7 @@ tasks: vars: package_variant: rpm-x64 executable_os_id: linux-x64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64 extra_upload_tag: -rpm-x64-sbom @@ -13645,6 +13754,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_x64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl11 @@ -13660,7 +13770,7 @@ tasks: vars: package_variant: linux-x64-openssl11 executable_os_id: linux-x64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl11 extra_upload_tag: -linux-x64-openssl11-sbom @@ -13727,6 +13837,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_x64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl11 @@ -13742,7 +13853,7 @@ tasks: vars: package_variant: deb-x64-openssl11 executable_os_id: linux-x64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl11 extra_upload_tag: -deb-x64-openssl11-sbom @@ -13809,6 +13920,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_x64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl11 @@ -13824,7 +13936,7 @@ tasks: vars: package_variant: rpm-x64-openssl11 executable_os_id: linux-x64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl11 extra_upload_tag: -rpm-x64-openssl11-sbom @@ -13891,6 +14003,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_x64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl3 @@ -13906,7 +14019,7 @@ tasks: vars: package_variant: linux-x64-openssl3 executable_os_id: linux-x64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl3 extra_upload_tag: -linux-x64-openssl3-sbom @@ -13973,6 +14086,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_x64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl3 @@ -13988,7 +14102,7 @@ tasks: vars: package_variant: deb-x64-openssl3 executable_os_id: linux-x64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl3 extra_upload_tag: -deb-x64-openssl3-sbom @@ -14055,6 +14169,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_x64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_x64_build_openssl3 @@ -14070,7 +14185,7 @@ tasks: vars: package_variant: rpm-x64-openssl3 executable_os_id: linux-x64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-x64-openssl3 extra_upload_tag: -rpm-x64-openssl3-sbom @@ -14137,6 +14252,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_arm64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build @@ -14152,7 +14268,7 @@ tasks: vars: package_variant: linux-arm64 executable_os_id: linux-arm64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64 extra_upload_tag: -linux-arm64-sbom @@ -14219,6 +14335,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_arm64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build @@ -14234,7 +14351,7 @@ tasks: vars: package_variant: deb-arm64 executable_os_id: linux-arm64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64 extra_upload_tag: -deb-arm64-sbom @@ -14301,6 +14418,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_arm64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build @@ -14316,7 +14434,7 @@ tasks: vars: package_variant: rpm-arm64 executable_os_id: linux-arm64 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64 extra_upload_tag: -rpm-arm64-sbom @@ -14383,6 +14501,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_arm64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl11 @@ -14398,7 +14517,7 @@ tasks: vars: package_variant: linux-arm64-openssl11 executable_os_id: linux-arm64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl11 extra_upload_tag: -linux-arm64-openssl11-sbom @@ -14465,6 +14584,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_arm64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl11 @@ -14480,7 +14600,7 @@ tasks: vars: package_variant: deb-arm64-openssl11 executable_os_id: linux-arm64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl11 extra_upload_tag: -deb-arm64-openssl11-sbom @@ -14547,6 +14667,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_arm64_openssl11 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl11 @@ -14562,7 +14683,7 @@ tasks: vars: package_variant: rpm-arm64-openssl11 executable_os_id: linux-arm64-openssl11 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl11 extra_upload_tag: -rpm-arm64-openssl11-sbom @@ -14629,6 +14750,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_arm64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl3 @@ -14644,7 +14766,7 @@ tasks: vars: package_variant: linux-arm64-openssl3 executable_os_id: linux-arm64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl3 extra_upload_tag: -linux-arm64-openssl3-sbom @@ -14711,6 +14833,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_deb_arm64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl3 @@ -14726,7 +14849,7 @@ tasks: vars: package_variant: deb-arm64-openssl3 executable_os_id: linux-arm64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl3 extra_upload_tag: -deb-arm64-openssl3-sbom @@ -14793,6 +14916,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_arm64_openssl3 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_arm64_build_openssl3 @@ -14808,7 +14932,7 @@ tasks: vars: package_variant: rpm-arm64-openssl3 executable_os_id: linux-arm64-openssl3 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-arm64-openssl3 extra_upload_tag: -rpm-arm64-openssl3-sbom @@ -14875,6 +14999,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_ppc64le + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_ppc64le_build @@ -14890,7 +15015,7 @@ tasks: vars: package_variant: linux-ppc64le executable_os_id: linux-ppc64le - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-ppc64le extra_upload_tag: -linux-ppc64le-sbom @@ -14957,6 +15082,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_ppc64le + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_ppc64le_build @@ -14972,7 +15098,7 @@ tasks: vars: package_variant: rpm-ppc64le executable_os_id: linux-ppc64le - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-ppc64le extra_upload_tag: -rpm-ppc64le-sbom @@ -15039,6 +15165,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_linux_s390x + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_s390x_build @@ -15054,7 +15181,7 @@ tasks: vars: package_variant: linux-s390x executable_os_id: linux-s390x - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-s390x extra_upload_tag: -linux-s390x-sbom @@ -15121,6 +15248,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_rpm_s390x + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: linux_s390x_build @@ -15136,7 +15264,7 @@ tasks: vars: package_variant: rpm-s390x executable_os_id: linux-s390x - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: linux-s390x extra_upload_tag: -rpm-s390x-sbom @@ -15203,6 +15331,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_win32_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: win32_build @@ -15218,7 +15347,7 @@ tasks: vars: package_variant: win32-x64 executable_os_id: win32 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: win32 extra_upload_tag: -win32-x64-sbom @@ -15285,6 +15414,7 @@ tasks: signature_tag: signed - func: verify_artifact - name: add_crypt_shared_and_sbom_win32msi_x64 + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: win32_build @@ -15300,7 +15430,7 @@ tasks: vars: package_variant: win32msi-x64 executable_os_id: win32 - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: win32 extra_upload_tag: -win32msi-x64-sbom @@ -16659,6 +16789,19 @@ tasks: admin_user_name: Administrator onhost_script_path: .evergreen/test-package-win32.sh preload_script_path: preload.sh + - name: create_static_analysis_report + tags: ["extra-integration-test"] + depends_on: + - name: ".compile-artifact" + variant: "*" + commands: + - func: checkout + - func: install + vars: + node_js_version: "20.12.2" + - func: create_static_analysis_report + vars: + node_js_version: "20.12.2" ### # RELEASE TASKS @@ -17112,10 +17255,11 @@ buildvariants: - name: test_connectivity - name: test_apistrict - name: linux_coverage - display_name: "Coverage Check" + display_name: "Coverage and Static Analysis Check" run_on: ubuntu2004-small tasks: - name: check_coverage + - name: create_static_analysis_report - name: linux_package display_name: "Ubuntu 20.04 x64 (Packaging)" run_on: ubuntu2004-small diff --git a/.evergreen/compile-artifact.sh b/.evergreen/compile-artifact.sh index f7c515f1e..89aeb016f 100755 --- a/.evergreen/compile-artifact.sh +++ b/.evergreen/compile-artifact.sh @@ -100,3 +100,5 @@ npm run create-purls-file cp .sbom/purls.txt dist/.purls.txt cat dist/.purls.txt + +npm run create-dependency-sbom-lists diff --git a/.evergreen/create-static-analysis-report.sh b/.evergreen/create-static-analysis-report.sh new file mode 100755 index 000000000..0ec467537 --- /dev/null +++ b/.evergreen/create-static-analysis-report.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +set -x + +npm run create-static-analysis-report -- --first-party-deps-list-files="${FIRST_PARTY_DEPENDENCY_FILENAMES}" +(cd .sbom && tar czvf ../static-analysis-report.tgz codeql.md codeql.sarif.json) diff --git a/.evergreen/download-crypt-shared-and-generate-sbom.sh b/.evergreen/download-crypt-shared-and-generate-sbom.sh index c4512aea5..b2c02793d 100755 --- a/.evergreen/download-crypt-shared-and-generate-sbom.sh +++ b/.evergreen/download-crypt-shared-and-generate-sbom.sh @@ -15,6 +15,3 @@ set -x docker pull artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0 docker run --rm -v ${PWD}:/pwd artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0 update \ --purls /pwd/dist/.purls.txt --sbom_out /pwd/dist/.sbom.json - -npm run create-static-analysis-report -(cd .sbom && tar czvf ../static-analysis-report.tgz codeql.md codeql.sarif.json) diff --git a/.evergreen/evergreen.yml.in b/.evergreen/evergreen.yml.in index 9e17b89c7..a57afb815 100644 --- a/.evergreen/evergreen.yml.in +++ b/.evergreen/evergreen.yml.in @@ -398,7 +398,8 @@ functions: DISTRO_ID: ${distro_id} NODE_JS_VERSION: ${node_js_version} MONGOSH_SHARED_OPENSSL: ${mongosh_shared_openssl} - upload_sbom_and_static_analysis: + GITHUB_PR_NUMBER: ${github_pr_number} + upload_sbom: - command: s3.put params: aws_key: ${aws_key} @@ -417,16 +418,6 @@ functions: bucket: mciuploads permissions: public-read content_type: text/plain - - command: s3.put - params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} - local_file: src/static-analysis-report.tgz - remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-static-analysis-report.tgz - bucket: mciuploads - permissions: private - visibility: signed - content_type: application/json upload_compiled_artifact: - command: shell.exec params: @@ -452,6 +443,16 @@ functions: bucket: mciuploads permissions: public-read content_type: application/x-gzip + upload_first_party_deps_list: + - command: s3.put + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/first-party-deps.json + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-first-party-deps.json + bucket: mciuploads + permissions: public-read + content_type: application/json download_compiled_artifact: - command: s3.get type: setup @@ -521,9 +522,44 @@ functions: PACKAGE_VARIANT: ${package_variant} ARTIFACTORY_USERNAME: ${artifactory_username} ARTIFACTORY_PASSWORD: ${artifactory_password} - # for static analysis report generation + create_static_analysis_report: + <% + let firstPartyDepsFilenames = []; + for (const { executableOsId, packages } of RELEASE_PACKAGE_MATRIX) { + const filename = `mongosh-${executableOsId}-first-party-deps.json`; + firstPartyDepsFilenames.push(filename); %> + - command: s3.get + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/.sbom/<% out(filename) %> + remote_file: mongosh/binaries/${revision}/${revision_order_id}/<% out(filename) %> + bucket: mciuploads + <% } %> + - command: shell.exec + params: + working_dir: src + shell: bash + script: | + set -e + export NODE_JS_VERSION=${node_js_version} + source .evergreen/setup-env.sh + .evergreen/create-static-analysis-report.sh + env: + NODE_JS_VERSION: ${node_js_version} + FIRST_PARTY_DEPENDENCY_FILENAMES: <% out(firstPartyDepsFilenames.map(f => `.sbom/${f}`).join(',')) %> GITHUB_TOKEN: ${github_token} GITHUB_PR_NUMBER: ${github_pr_number} + - command: s3.put + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: src/static-analysis-report.tgz + remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-static-analysis-report.tgz + bucket: mciuploads + permissions: private + visibility: signed + content_type: application/x-gzip package_artifact: - command: expansions.write type: setup @@ -1095,6 +1131,7 @@ tasks: mongosh_server_test_version: "latest-alpha-enterprise" mongosh_test_force_api_strict: "1" - name: compile_artifact + tags: ["compile-artifact"] depends_on: - name: compile_ts variant: linux_unit @@ -1109,6 +1146,9 @@ tasks: - func: upload_compiled_artifact vars: node_js_version: "<% out(NODE_JS_VERSION_20) %>" + - func: upload_first_party_deps_list + vars: + node_js_version: "<% out(NODE_JS_VERSION_20) %>" - name: generate_license_and_vulnerability_report tags: ["extra-integration-test"] @@ -1202,6 +1242,7 @@ tasks: <% for (const { executableOsId, compileBuildVariant, packages } of RELEASE_PACKAGE_MATRIX) { for (const { name: packageVariant } of packages) { %> - name: add_crypt_shared_and_sbom_<% out(packageVariant.replace(/-/g, '_')) %> + tags: ["add-sbom-task"] depends_on: - name: compile_artifact variant: <% out(compileBuildVariant) %> @@ -1217,7 +1258,7 @@ tasks: vars: package_variant: <% out(packageVariant) %> executable_os_id: <% out(executableOsId) %> - - func: upload_sbom_and_static_analysis + - func: upload_sbom vars: executable_os_id: <% out(executableOsId) %> extra_upload_tag: -<% out(packageVariant) %>-sbom @@ -1338,6 +1379,19 @@ tasks: throw new Error(`pkg ${name} is missing a valid smoke test indicator`); } %> <% } } } %> + - name: create_static_analysis_report + tags: ["extra-integration-test"] + depends_on: + - name: ".compile-artifact" + variant: "*" + commands: + - func: checkout + - func: install + vars: + node_js_version: "<% out(NODE_JS_VERSION_20) %>" + - func: create_static_analysis_report + vars: + node_js_version: "<% out(NODE_JS_VERSION_20) %>" ### # RELEASE TASKS @@ -1453,10 +1507,11 @@ buildvariants: - name: test_connectivity - name: test_apistrict - name: linux_coverage - display_name: "Coverage Check" + display_name: "Coverage and Static Analysis Check" run_on: ubuntu2004-small tasks: - name: check_coverage + - name: create_static_analysis_report - name: linux_package display_name: "Ubuntu 20.04 x64 (Packaging)" run_on: ubuntu2004-small diff --git a/package-lock.json b/package-lock.json index 01ddf0cf0..75ab62c66 100644 --- a/package-lock.json +++ b/package-lock.json @@ -44,7 +44,7 @@ "devDependencies": { "@babel/compat-data": "^7.9.0", "@mongodb-js/monorepo-tools": "^1.1.10", - "@mongodb-js/sbom-tools": "^0.6.2", + "@mongodb-js/sbom-tools": "^0.7.0", "@types/chai": "^4.2.5", "@types/mocha": "^5.2.7", "@types/node": "^14.14.6", @@ -6767,9 +6767,9 @@ } }, "node_modules/@mongodb-js/sbom-tools": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.6.2.tgz", - "integrity": "sha512-v5kZzcf2raWT2cVI8Y610BXBcf85cJNK7lOSVZf7S2p+H+6n7Zef2SIfcfVZ+c2EZrqJ9OvQxa3YnjuAW78EdA==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.7.0.tgz", + "integrity": "sha512-hjc5XrDMVaKdecLzl6IkXT2VO8fudF6aNQLRFlhJ528B5KEKBaahKU4cXnFLV7BRpi1E59FrLg3S7U6bYBfcaw==", "dev": true, "dependencies": { "@octokit/rest": "^20.1.1", @@ -16676,9 +16676,9 @@ } }, "node_modules/get-console-process-list": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/get-console-process-list/-/get-console-process-list-1.0.4.tgz", - "integrity": "sha512-vn5MA+CCTMgRuF9fxvJYLC2fMCuBPKQ7RwhA9H2TvMvy33oDivjIqA4mh2NJlUDoZXPcu/1moN3VfyukxxKwpA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/get-console-process-list/-/get-console-process-list-1.0.5.tgz", + "integrity": "sha512-K73UHh6ht+MXnnuqQAE/5IjlevHV1ePiTy8yBLsZZPxmoY1KHtouW9E2K1bVLeQzHELztb38vFNak6J+2CNCuw==", "hasInstallScript": true, "optional": true, "os": [ @@ -31189,7 +31189,7 @@ "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", - "@mongodb-js/sbom-tools": "^0.5.2", + "@mongodb-js/sbom-tools": "^0.7.0", "@mongodb-js/tsconfig-mongosh": "^1.0.0", "@types/ansi-escape-sequences": "^4.0.0", "@types/chai-as-promised": "^7.1.3", @@ -31210,60 +31210,18 @@ "node": ">=16.15.0" }, "optionalDependencies": { - "get-console-process-list": "^1.0.4", + "get-console-process-list": "^1.0.5", "glibc-version": "^1.0.0", "macos-export-certificate-and-key": "^1.1.2", "mongodb-crypt-library-version": "^1.0.5", "win-export-certificate-and-key": "^1.1.2" } }, - "packages/cli-repl/node_modules/@mongodb-js/sbom-tools": { - "version": "0.5.13", - "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.5.13.tgz", - "integrity": "sha512-V+MDWDhkCMy+f86V/CNh43yupR9axCbXqRB6xc1WyajEe9mHBn0zxkIKjVkJ8J96EJkTIdzAPcpVEhAb993hFw==", - "dev": true, - "dependencies": { - "@pkgjs/nv": "^0.2.1", - "commander": "^10.0.1", - "error-stack-parser": "^2.1.4", - "find-up": "^4.1.0", - "lodash": "^4.17.21", - "node-fetch": "^2.6.7", - "semver": "^7.5.4", - "snyk-policy": "^2.0.4", - "spdx-satisfies": "^5.0.1" - }, - "bin": { - "mongodb-sbom-tools": "bin/mongodb-sbom-tools.js" - } - }, "packages/cli-repl/node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" }, - "packages/cli-repl/node_modules/commander": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", - "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", - "dev": true, - "engines": { - "node": ">=14" - } - }, - "packages/cli-repl/node_modules/find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "dependencies": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, "packages/cli-repl/node_modules/js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -31275,45 +31233,6 @@ "js-yaml": "bin/js-yaml.js" } }, - "packages/cli-repl/node_modules/locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "dependencies": { - "p-locate": "^4.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "packages/cli-repl/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "packages/cli-repl/node_modules/p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "dependencies": { - "p-limit": "^2.2.0" - }, - "engines": { - "node": ">=8" - } - }, "packages/connectivity-tests": { "name": "@mongosh/connectivity-tests", "version": "0.0.0-dev.0", @@ -37282,9 +37201,9 @@ } }, "@mongodb-js/sbom-tools": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.6.2.tgz", - "integrity": "sha512-v5kZzcf2raWT2cVI8Y610BXBcf85cJNK7lOSVZf7S2p+H+6n7Zef2SIfcfVZ+c2EZrqJ9OvQxa3YnjuAW78EdA==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.7.0.tgz", + "integrity": "sha512-hjc5XrDMVaKdecLzl6IkXT2VO8fudF6aNQLRFlhJ528B5KEKBaahKU4cXnFLV7BRpi1E59FrLg3S7U6bYBfcaw==", "dev": true, "requires": { "@octokit/rest": "^20.1.1", @@ -37687,7 +37606,7 @@ "requires": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", - "@mongodb-js/sbom-tools": "^0.5.2", + "@mongodb-js/sbom-tools": "^0.7.0", "@mongodb-js/tsconfig-mongosh": "^1.0.0", "@mongosh/arg-parser": "0.0.0-dev.0", "@mongosh/autocomplete": "0.0.0-dev.0", @@ -37719,7 +37638,7 @@ "depcheck": "^1.4.3", "escape-string-regexp": "^4.0.0", "eslint": "^7.25.0", - "get-console-process-list": "^1.0.4", + "get-console-process-list": "^1.0.5", "glibc-version": "^1.0.0", "is-recoverable-error": "^1.0.3", "js-yaml": "^4.1.0", @@ -37741,44 +37660,11 @@ "yargs-parser": "^20.2.4" }, "dependencies": { - "@mongodb-js/sbom-tools": { - "version": "0.5.13", - "resolved": "https://registry.npmjs.org/@mongodb-js/sbom-tools/-/sbom-tools-0.5.13.tgz", - "integrity": "sha512-V+MDWDhkCMy+f86V/CNh43yupR9axCbXqRB6xc1WyajEe9mHBn0zxkIKjVkJ8J96EJkTIdzAPcpVEhAb993hFw==", - "dev": true, - "requires": { - "@pkgjs/nv": "^0.2.1", - "commander": "^10.0.1", - "error-stack-parser": "^2.1.4", - "find-up": "^4.1.0", - "lodash": "^4.17.21", - "node-fetch": "^2.6.7", - "semver": "^7.5.4", - "snyk-policy": "^2.0.4", - "spdx-satisfies": "^5.0.1" - } - }, "argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" }, - "commander": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", - "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", - "dev": true - }, - "find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "requires": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - } - }, "js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -37786,33 +37672,6 @@ "requires": { "argparse": "^2.0.1" } - }, - "locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "requires": { - "p-locate": "^4.1.0" - } - }, - "p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "requires": { - "p-try": "^2.0.0" - } - }, - "p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "requires": { - "p-limit": "^2.2.0" - } } } }, @@ -45916,9 +45775,9 @@ "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" }, "get-console-process-list": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/get-console-process-list/-/get-console-process-list-1.0.4.tgz", - "integrity": "sha512-vn5MA+CCTMgRuF9fxvJYLC2fMCuBPKQ7RwhA9H2TvMvy33oDivjIqA4mh2NJlUDoZXPcu/1moN3VfyukxxKwpA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/get-console-process-list/-/get-console-process-list-1.0.5.tgz", + "integrity": "sha512-K73UHh6ht+MXnnuqQAE/5IjlevHV1ePiTy8yBLsZZPxmoY1KHtouW9E2K1bVLeQzHELztb38vFNak6J+2CNCuw==", "optional": true, "requires": { "bindings": "^1.5.0", diff --git a/package.json b/package.json index 42bf0f402..c7ca123f6 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,8 @@ "check-coverage": "nyc check-coverage --lines=90", "generate-error-overview": "npm run generate-error-overview --workspace @mongosh/errors", "update-authors": "ts-node -P configs/tsconfig-mongosh/tsconfig.common.json scripts/generate-authors.ts", - "create-dependency-sbom-lists": "npm run webpack-build -w packages/cli-repl && npm run write-node-js-dep && npm run create-purls-file", + "create-dependency-sbom-lists": "npm run webpack-build -w packages/cli-repl && npm run write-node-js-dep && npm run create-purls-file && npm run create-first-party-dependency-lists", + "create-first-party-dependency-lists": "mongodb-sbom-tools fetch-codeql-results --first-party-deps-list-dest=.sbom/first-party-deps.json --dependencies=.sbom/dependencies.json --exclude-repos=mongodb-js/kerberos", "create-purls-file": "node scripts/create-purls.js .sbom/dependencies.json .sbom/node-js-dep.json > .sbom/purls.txt", "preupdate-third-party-notices": "npm run create-dependency-sbom-lists", "update-third-party-notices": "mongodb-sbom-tools generate-3rd-party-notices --product='mongosh' --dependencies=.sbom/dependencies.json > THIRD_PARTY_NOTICES.md", @@ -60,8 +61,7 @@ "pregenerate-vulnerability-report": "npm run create-dependency-sbom-lists && npm run snyk-test && npm run scan-node-js", "generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high > .sbom/vulnerability-report.md", "create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --create-jira-issues", - "precreate-static-analysis-report": "npm run create-dependency-sbom-lists", - "create-static-analysis-report": "mongodb-sbom-tools fetch-codeql-results --sarif-dest=.sbom/codeql.sarif.json --dependencies=.sbom/dependencies.json --exclude-repos=mongodb-js/kerberos", + "create-static-analysis-report": "mongodb-sbom-tools fetch-codeql-results --sarif-dest=.sbom/codeql.sarif.json", "postcreate-static-analysis-report": "mongodb-sbom-tools sarif-to-markdown --sarif=.sbom/codeql.sarif.json --md=.sbom/codeql.md", "where": "monorepo-where", "reformat": "npm run reformat --workspaces --if-present", @@ -94,7 +94,7 @@ "devDependencies": { "@babel/compat-data": "^7.9.0", "@mongodb-js/monorepo-tools": "^1.1.10", - "@mongodb-js/sbom-tools": "^0.6.2", + "@mongodb-js/sbom-tools": "^0.7.0", "@types/chai": "^4.2.5", "@types/mocha": "^5.2.7", "@types/node": "^14.14.6", diff --git a/packages/cli-repl/package.json b/packages/cli-repl/package.json index a9aec5354..8d777e265 100644 --- a/packages/cli-repl/package.json +++ b/packages/cli-repl/package.json @@ -97,7 +97,7 @@ "mongodb": "^6.7.0", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", - "@mongodb-js/sbom-tools": "^0.5.2", + "@mongodb-js/sbom-tools": "^0.7.0", "@mongodb-js/tsconfig-mongosh": "^1.0.0", "@types/ansi-escape-sequences": "^4.0.0", "@types/js-yaml": "^4.0.5", @@ -114,7 +114,7 @@ "webpack-merge": "^5.8.0" }, "optionalDependencies": { - "get-console-process-list": "^1.0.4", + "get-console-process-list": "^1.0.5", "glibc-version": "^1.0.0", "macos-export-certificate-and-key": "^1.1.2", "mongodb-crypt-library-version": "^1.0.5",