Merge pull request #264 from ejarocki-cloudlinux/doc/updates

add bson lib

Author: ejarocki-cloudlinux

docs/.vuepress/components/ELSTechnology.vue

@@ -247,6 +247,11 @@ const techData = [
         versions: "0.0.6",
         link: "./base64url/",
       },
+      {
+        name: "bson",
+        versions: "0.5.7 | 1.0.9",
+        link: "./bson/",
+      },
       {
         name: "Bootstrap",
         versions: "3.4.1 | 4.6.2",

docs/.vuepress/config-client/sidebar.ts

@@ -172,6 +172,10 @@ export default {
                     path: '/els-for-runtimes-and-libraries/base64url/',
                     icon: '/images/javascript.webp',
                 },
+                {
+                    path: '/els-for-runtimes-and-libraries/bson/',
+                    icon: '/images/bson-logo.webp',
+                },
                 {
                     path: '/els-for-runtimes-and-libraries/braces/',
                     icon: '/images/placeholder-logo.webp',

docs/.vuepress/public/images/bson-logo.webp

@@ -0,0 +1,170 @@
+# bson
+
+Endless Lifecycle Support (ELS) for bson from TuxCare provides security fixes for bson versions that have reached their end of life. This allows you to continue running bson applications without vulnerability concerns, even after official support has ended.
+
+## Supported bson Versions
+
+* bson 0.5.7, 1.0.9
+
+## Connection to ELS for bson Library
+
+This guide outlines the steps needed to integrate the TuxCare ELS for the bson library.
+
+## Step 1: Get Token
+
+You need a token in order to use TuxCare ELS bson library. Anonymous access is disabled. To receive the token, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+
+## Step 2: Set Up ELS for bson
+
+TuxCare provides ELS for bson as an NPM package, hosted on a secure internal registry. Follow the steps below to add it to your project and get started.
+
+1. Navigate to the root directory of your bson project.
+2. Create a `.npmrc` file or update it if it already exists.
+
+   **Example:**
+
+   ```text
+   my-bson-project/
+   ├── node_modules/
+   ├── package.json
+   ├── .npmrc         ⚠️ ← Create it here
+   └── package-lock.json
+   ```
+
+3. Use an editor of your choice (e.g., VS Code) to add the following registry address line:
+
+   <CodeWithCopy>
+
+   ```text
+   registry=https://registry.npmjs.org/
+   @els-js:registry=https://nexus.repo.tuxcare.com/repository/els_js/
+   //nexus.repo.tuxcare.com/repository/els_js/:_auth=${TOKEN}
+   ```
+
+   </CodeWithCopy>
+
+   :::warning
+   Replace ${TOKEN} with the token you received from [sales@tuxcare.com](mailto:sales@tuxcare.com).
+   :::
+
+4. Update your `package.json` file to replace your bson dependencies with the TuxCare packages:
+
+   <TableTabs label="Choose bson version: " >
+
+     <template #bson_0.5.7>
+
+     <CodeWithCopy>
+
+     ```text
+     "dependencies": {
+       "bson": "npm:@els-js/bson@0.5.7-tuxcare.1"
+     }
+     ```
+
+     </CodeWithCopy>
+
+     </template>
+
+     <template #bson_1.0.9>
+
+     <CodeWithCopy>
+
+     ```text
+     "dependencies": {
+       "bson": "npm:@els-js/bson@1.0.9-tuxcare.1"
+     }
+     ```
+
+     </CodeWithCopy>
+
+     </template>
+
+   </TableTabs>
+
+5. You need to remove the `node_modules` directory and the `package-lock.json` file, and also clear the `npm cache` before installing the patched packages. Use the following commands:
+   
+   <CodeWithCopy>
+
+   ```text
+   rm -rf node_modules package-lock.json && npm cache clean --force
+   ```
+
+   </CodeWithCopy>
+
+6. Run the following command to install the ELS version of the bson library (token for the TuxCare repository will be automatically picked up from your `.npmrc` file):
+
+   <CodeWithCopy>
+
+   ```text
+   npm install
+   ```
+
+   </CodeWithCopy>
+
+   You will see an output like:
+
+   ```text
+    added 1 package, and audited 2 packages in 792ms
+    
+    found 0 vulnerabilities
+   ```
+
+7. You've successfully installed the Tuxcare ELS version of the bson library into your project.
+
+## Vulnerability Exploitability eXchange (VEX) 
+
+VEX is a machine-readable format that tells you if a known vulnerability and is actually exploitable in your product. It reduces false positives, helps prioritize real risks.
+
+TuxCare provides VEX for bson ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_javascript/bson/](https://security.tuxcare.com/vex/cyclonedx/els_lang_javascript/bson/).
+
+## How to Upgrade to a Newer Version of TuxCare Packages
+
+If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.2`), there are two options:
+
+* **Option 1**. Run the `npm install` command with the specific version. This will automatically update both `package.json` and `package-lock.json`:
+
+  <CodeWithCopy>
+
+  ```text
+  npm install bson@npm:@els-js/bson@1.0.9-tuxcare.2
+  ```
+
+  </CodeWithCopy>
+
+* **Option 2**. Update the version string in your `package.json`, remove installed files and clear npm cache to avoid conflicts:
+
+  <CodeWithCopy>
+
+  ```text
+  rm -rf node_modules package-lock.json && npm cache clean --force
+  npm install
+  ```
+
+  </CodeWithCopy>
+
+## Resolved CVEs
+
+Fixes for the following vulnerabilities are available in ELS for bson from TuxCare versions:
+
+<TableTabs label="Choose bson version: " >
+
+<template #bson_0.5.7>
+
+| CVE ID         | CVE Type | Severity | Affected Libraries | Vulnerable Versions |
+| :------------: | :------: |:--------:|:------------------:| :----------------: |
+| CVE-2020-7610  | Direct   | Critical | bson               | >= 1.0.0, < 1.1.4 |
+| CVE-2018-13863 | Direct   | High     | bson               | >= 0.5.0, < 1.0.5 |
+
+  </template>
+
+<template #bson_1.0.9>
+
+| CVE ID         | CVE Type | Severity | Affected Libraries | Vulnerable Versions |
+| :------------: | :------: |:--------:|:------------------:| :----------------: |
+| CVE-2020-7610  | Direct   | Critical | bson               | >= 1.0.0, < 1.1.4 |
+
+  </template>
+
+</TableTabs>
+
+If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).

docs/els-for-runtimes-and-libraries/bson/README.md

@@ -167,3 +167,4 @@ Fixes for the following vulnerabilities are available in ELS for cookie from Tux
 </TableTabs>
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+

docs/els-for-runtimes-and-libraries/cookie/README.md

@@ -132,3 +132,4 @@ Fixes for the following vulnerabilities are available in ELS for copy-anything f
 | AIKIDO-2025-10177 | Direct   | Medium   | copy-anything     | 1.0.0 - 4.0.3     |
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+

docs/els-for-runtimes-and-libraries/copy-anything/README.md

@@ -132,3 +132,4 @@ Fixes for the following vulnerabilities are available in ELS for express-jwt fro
 | CVE-2020-15084 | Direct   | Critical | express-jwt       | <= 5.3.3          |
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+

docs/els-for-runtimes-and-libraries/express-jwt/README.md

@@ -129,3 +129,4 @@ Fixes for the following vulnerabilities are available in ELS for Form-Data from
 | CVE-2025-7783  | Direct   | Critical |     form-data      | < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3 |
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+

docs/els-for-runtimes-and-libraries/form-data/README.md

@@ -130,3 +130,4 @@ Fixes for the following vulnerabilities are available in ELS for JSONPath Plus f
 | CVE-2024-21534 | Direct   | Critical | jsonpath-plus     | 0.1.0 - 10.1.0    |
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+

docs/els-for-runtimes-and-libraries/jsonpath-plus/README.md

@@ -133,3 +133,4 @@ Fixes for the following vulnerabilities are available in ELS for jsPDF from TuxC
 | CVE-2025-29907 | Direct   | High     | jspdf             |       < 3.0.1       |
 
 If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+