Merge branch 'master' into retry-inplace

mdb-ad · mdb-ad · commit d2951a42c79e · 2025-07-02T22:59:01.000-07:00
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -559,7 +559,7 @@ tasks:
 - name: "release-python-linux"
   tags: ["release_python_tag"]
   run_on: ubuntu2004-large
-  exec_timeout_secs: 216000  # 60 minutes (manylinux task is slow).
+  exec_timeout_secs: 3600  # 60 minutes (manylinux task is slow).
   commands:
     - func: "fetch source"
     - func: "build python release"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,12 +9,8 @@ updates:
       actions:
         patterns:
           - "*"
-    assignees:
-      - "@mongodb/dbx-python"
   # Python
   - package-ecosystem: "pip"
     directory: "/bindings/python"
     schedule:
       interval: "weekly"
-    assignees:
-      - "@mongodb/dbx-python"
diff --git a/.github/workflows/codeql-actions.yml b/.github/workflows/codeql-actions.yml
@@ -37,14 +37,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+      uses: github/codeql-action/init@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
       with:
         languages: actions
         build-mode: none
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         queries: security-extended
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+      uses: github/codeql-action/analyze@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
       with:
         category: "/language:actions"
diff --git a/.github/workflows/codeql-python.yml b/.github/workflows/codeql-python.yml
@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+      uses: github/codeql-action/init@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
       with:
         languages: python
         build-mode: none
@@ -61,6 +61,6 @@ jobs:
         pip install dist/*.whl
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+      uses: github/codeql-action/analyze@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
       with:
         category: "/language:python"
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -19,15 +19,15 @@ jobs:
         with:
           persist-credentials: false
       - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1
+        uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1
       - name: Get zizmor
         run: cargo install zizmor
       - name: Run zizmor
         run: zizmor --format sarif . > results.sarif
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+        uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
         with:
           sarif_file: results.sarif
           category: zizmor
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -5,3 +5,6 @@
 
 # Python Bindings
 bindings/python @mongodb/dbx-python
+
+# GitHub actions (currently only used by Python Bindings)
+.github @mongodb/dbx-python
diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c
@@ -2186,6 +2186,8 @@ _check_cmd_for_auto_encrypt(mongocrypt_binary_t *cmd, bool *bypass, char **targe
         *bypass = true;
     } else if (0 == strcmp(cmd_name, "updateSearchIndex")) {
         *bypass = true;
+    } else if (0 == strcmp(cmd_name, "serverStatus")) {
+        *bypass = true;
     }
 
     /* database/client commands are ineligible. */
diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c
@@ -990,6 +990,7 @@ static void _test_encrypt_init_each_cmd(_mongocrypt_tester_t *tester) {
     _init_bypass(tester, "{'createSearchIndexes': 'coll' }");
     _init_bypass(tester, "{'dropSearchIndex': 'coll' }");
     _init_bypass(tester, "{'updateSearchIndex': 'coll' }");
+    _init_bypass(tester, "{'serverStatus': 1 }");
 }
 
 static void _test_encrypt_invalid_siblings(_mongocrypt_tester_t *tester) {

Original file line number	Diff line number	Diff line change
`@@ -2186,6 +2186,8 @@ _check_cmd_for_auto_encrypt(mongocrypt_binary_t cmd, bool bypass, char **targe`
`2186`	`2186`	`*bypass = true;`
`2187`	`2187`	`} else if (0 == strcmp(cmd_name, "updateSearchIndex")) {`
`2188`	`2188`	`*bypass = true;`
	`2189`	`+ } else if (0 == strcmp(cmd_name, "serverStatus")) {`
	`2190`	`+ *bypass = true;`
`2189`	`2191`	`}`
`2190`	`2192`
`2191`	`2193`	`/* database/client commands are ineligible. */`
Original file line number	Diff line number	Diff line change
`@@ -990,6 +990,7 @@ static void _test_encrypt_init_each_cmd(_mongocrypt_tester_t *tester) {`
`990`	`990`	`_init_bypass(tester, "{'createSearchIndexes': 'coll' }");`
`991`	`991`	`_init_bypass(tester, "{'dropSearchIndex': 'coll' }");`
`992`	`992`	`_init_bypass(tester, "{'updateSearchIndex': 'coll' }");`
	`993`	`+ _init_bypass(tester, "{'serverStatus': 1 }");`
`993`	`994`	`}`
`994`	`995`
`995`	`996`	`static void _test_encrypt_invalid_siblings(_mongocrypt_tester_t *tester) {`