Upgrade mongo driver

[stuartnelson3]

this was prompted by a security warning for mongo-driver in apm-server. after bumping the version, tests seem to be passing, so maybe it was as simple as the below command. I checked the dependency graph and upgraded to the latest strfmt:

# go mod graph | grep mongo
github.com/elastic/elastic-package go.mongodb.org/mongo-driver@v1.1.2
github.com/go-openapi/strfmt@v0.19.6 go.mongodb.org/mongo-driver@v1.0.3
# go get github.com/go-openapi/strfmt@v0.21.0

after upgrade:

# go mod graph | grep mongo
github.com/elastic/elastic-package go.mongodb.org/mongo-driver@v1.7.3
github.com/go-openapi/strfmt@v0.21.0 go.mongodb.org/mongo-driver@v1.7.3
go.mongodb.org/mongo-driver@v1.7.3 github.com/go-stack/stack@v1.8.0
go.mongodb.org/mongo-driver@v1.7.3 github.com/gobuffalo/genny@v0.1.1
go.mongodb.org/mongo-driver@v1.7.3 github.com/gobuffalo/gogen@v0.1.1
go.mongodb.org/mongo-driver@v1.7.3 github.com/gobuffalo/packr/v2@v2.2.0
go.mongodb.org/mongo-driver@v1.7.3 github.com/golang/snappy@v0.0.1
go.mongodb.org/mongo-driver@v1.7.3 github.com/google/go-cmp@v0.5.2
go.mongodb.org/mongo-driver@v1.7.3 github.com/karrick/godirwalk@v1.10.3
go.mongodb.org/mongo-driver@v1.7.3 github.com/klauspost/compress@v1.13.6
go.mongodb.org/mongo-driver@v1.7.3 github.com/kr/pretty@v0.1.0
go.mongodb.org/mongo-driver@v1.7.3 github.com/montanaflynn/stats@v0.0.0-20171201202039-1bf9dbcd8cbe
go.mongodb.org/mongo-driver@v1.7.3 github.com/pelletier/go-toml@v1.7.0
go.mongodb.org/mongo-driver@v1.7.3 github.com/pkg/errors@v0.9.1
go.mongodb.org/mongo-driver@v1.7.3 github.com/sirupsen/logrus@v1.4.2
go.mongodb.org/mongo-driver@v1.7.3 github.com/stretchr/testify@v1.6.1
go.mongodb.org/mongo-driver@v1.7.3 github.com/tidwall/pretty@v1.0.0
go.mongodb.org/mongo-driver@v1.7.3 github.com/xdg-go/scram@v1.0.2
go.mongodb.org/mongo-driver@v1.7.3 github.com/xdg-go/stringprep@v1.0.2
go.mongodb.org/mongo-driver@v1.7.3 github.com/youmark/pkcs8@v0.0.0-20181117223130-1be2e3e5546d
go.mongodb.org/mongo-driver@v1.7.3 golang.org/x/crypto@v0.0.0-20200302210943-78000ba7a073
go.mongodb.org/mongo-driver@v1.7.3 golang.org/x/sync@v0.0.0-20190911185100-cd5d95a43a6e
go.mongodb.org/mongo-driver@v1.7.3 golang.org/x/sys@v0.0.0-20190531175056-4c3a928424d2
go.mongodb.org/mongo-driver@v1.7.3 golang.org/x/tools@v0.0.0-20190531172133-b3315ee88b7d

closes #564

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-11-02T07:50:24.885+0000

• Duration: 35 min 1 sec

• Commit: f1f1755

Test stats 🧪

Test	Results
Failed	0
Passed	438
Skipped	4
Total	442

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[mtojek]

This is more like a formal action that fixing a real issue. We don't use mongo libraries, it's just a transitive dependency as you noticed.

[mtojek]

This PR is about upgrading the mongo-driver as there is a moderate security alert, but I'm having hard times understanding all other changes in Makefile. Could you please explain why did you introduce this? Did you face any issue around these? The CODE_COVERAGE_REPORT_NAME_UNIT directory is created by the tool.

[mtojek]

I looked into this deeper and agree that there is an issue. Would you mind extracting it to a separate PR?

[stuartnelson3]

Yeah, I encountered this while running the tests. I'll open a separate PR.

[stuartnelson3]

This is more like a formal action that fixing a real issue. We don't use mongo libraries, it's just a transitive dependency as you noticed.

this is true. still, it removes a moderate security alert for both elastic-package and any repo depending on it.

[mtojek]

I suppose we're good to merge this one.