From fdb06d65555ada5aad0290e1fd10a743c6882848 Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Thu, 13 Jun 2024 13:39:53 -0600
Subject: [PATCH] update SBOM file and add test confirming we do not
 accidentally upgrade libmongocrypt without updating deps

---
 sbom.json                          | 19 ++++++++++++-------
 test/libmongocrypt_version.test.ts | 13 +++++++++++++
 2 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 test/libmongocrypt_version.test.ts

diff --git a/sbom.json b/sbom.json
index aee9cb6..253c9dd 100644
--- a/sbom.json
+++ b/sbom.json
@@ -1,26 +1,31 @@
 {
   "components": [
     {
-      "bom-ref": "pkg:github/mongodb/libmongocrypt",
+      "bom-ref": "pkg:github/mongodb/libmongocrypt@1.10.0",
       "externalReferences": [
+        {
+          "type": "distribution",
+          "url": "https://github.com/mongodb/libmongocrypt/archive/refs/tags/1.10.0.tar.gz"
+        },
         {
           "type": "website",
-          "url": "https://github.com/mongodb/libmongocrypt"
+          "url": "https://github.com/mongodb/libmongocrypt/tree/1.10.0"
         }
       ],
       "group": "mongodb",
       "name": "libmongocrypt",
-      "purl": "pkg:github/mongodb/libmongocrypt",
-      "type": "library"
+      "purl": "pkg:github/mongodb/libmongocrypt@1.10.0",
+      "type": "library",
+      "version": "1.10.0"
     }
   ],
   "dependencies": [
     {
-      "ref": "pkg:github/mongodb/libmongocrypt"
+      "ref": "pkg:github/mongodb/libmongocrypt@1.10.0"
     }
   ],
   "metadata": {
-    "timestamp": "2024-05-01T20:55:10.513782+00:00",
+    "timestamp": "2024-06-13T19:31:46.989110+00:00",
     "tools": [
       {
         "externalReferences": [
@@ -63,7 +68,7 @@
       }
     ]
   },
-  "serialNumber": "urn:uuid:d39c0f4e-9f42-4f2b-8102-01c5da520fe7",
+  "serialNumber": "urn:uuid:ecd6916a-5c14-448c-a399-161adf46a609",
   "version": 1,
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
diff --git a/test/libmongocrypt_version.test.ts b/test/libmongocrypt_version.test.ts
new file mode 100644
index 0000000..c8d60a3
--- /dev/null
+++ b/test/libmongocrypt_version.test.ts
@@ -0,0 +1,13 @@
+import { expect } from 'chai';
+import { join } from 'path';
+
+describe('libmongocrypt version', function () {
+  it('the version in the package.json matches the version declared in the sbom file', function () {
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    const packageVersion = require(join(__dirname, '../package.json'))['mongodb:libmongocrypt'];
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    const sbom = require(join(__dirname, '../sbom.json')).dependencies[0].ref;
+
+    expect(sbom).to.include(packageVersion);
+  });
+});