[Snyk] Upgrade mongodb from 6.3.0 to 6.5.0 #137
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade mongodb from 6.3.0 to 6.5.0. See this package in npm: https://www.npmjs.com/package/mongodb See this project in Snyk: https://app.snyk.io/org/sicarchitect/project/5b43f087-5806-4b90-a489-b1875712a039?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongodb from 6.3.0 to 6.5.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: mongodb
-
6.5.0 - 2024-03-11
- NODE-5968: container and Kubernetes awareness in client metadata (#4005) (28b7040)
- NODE-5988: Provide access to raw results doc on MongoServerError (#4016) (c023242)
- NODE-6008: deprecate CloseOptions interface (#4030) (f6cd8d9)
- NODE-5636: generate _ids using pkFactory in bulk write operations (#4025) (fbb5059)
- NODE-5981: read preference not applied to commands properly (#4010) (937c9c8)
- NODE-5985: throw Nodejs' certificate expired error when TLS fails to connect instead of
- NODE-5993: memory leak in the
- NODE-5986: parallelize SRV/TXT resolution (#4012) (eab8f23)
- Reference
- API
- Changelog
-
6.5.0-dev.20240417.sha.f1f816f - 2024-04-17
-
6.5.0-dev.20240416.sha.6248174 - 2024-04-16
-
6.5.0-dev.20240413.sha.8845206 - 2024-04-13
-
6.5.0-dev.20240412.sha.232bf3c - 2024-04-12
-
6.5.0-dev.20240411.sha.ddd1e81 - 2024-04-11
-
6.5.0-dev.20240409.sha.30cac05 - 2024-04-09
-
6.5.0-dev.20240406.sha.62ea94b - 2024-04-06
-
6.5.0-dev.20240405.sha.ce55ca9 - 2024-04-05
-
6.5.0-dev.20240404.sha.0e3d6ea - 2024-04-04
-
6.5.0-dev.20240403.sha.cb5903f - 2024-04-03
-
6.5.0-dev.20240328.sha.458cf6d - 2024-03-28
-
6.5.0-dev.20240326.sha.918fe69 - 2024-03-26
-
6.5.0-dev.20240323.sha.d94439f - 2024-03-23
-
6.5.0-dev.20240322.sha.a8670a7 - 2024-03-22
-
6.5.0-dev.20240321.sha.1879a04 - 2024-03-21
-
6.5.0-dev.20240320.sha.8b91c30 - 2024-03-20
-
6.5.0-dev.20240319.sha.0ebc1ac - 2024-03-19
-
6.5.0-dev.20240316.sha.159ea81 - 2024-03-16
-
6.5.0-dev.20240315.sha.77d0b47 - 2024-03-15
-
6.5.0-dev.20240314.sha.8ab2055 - 2024-03-14
-
6.5.0-dev.20240312.sha.55abb4b - 2024-03-12
-
6.4.0 - 2024-02-29
-
6.4.0-dev.20240307.sha.28b7040 - 2024-03-07
-
6.4.0-dev.20240306.sha.057c223 - 2024-03-06
-
6.4.0-dev.20240305.sha.eab8f23 - 2024-03-05
-
6.4.0-dev.20240301.sha.f2b3484 - 2024-03-01
-
6.3.0 - 2023-11-16
// In the connection string.
- NODE-3881: require hello command + OP_MSG when 'loadBalanced=True' (#3907) (fd58eec)
- NODE-5197: add server monitoring mode (#3899) (ae4c94a)
- NODE-5590: deprecate GridFS fields (#3905) (d2225da)
- NODE-4863: do not use RetryableWriteError for non-server errors (#3914) (08c9fb4)
- NODE-5709: bump mongodb-connection-string-url to 3.0.0 (#3909) (1c3dc02)
- NODE-5749: RTTPinger always sends legacy hello (#3921) (ebbfb8a)
- Reference
- API
- Changelog
from mongodb GitHub release notes6.5.0 (2024-03-11)
The MongoDB Node.js team is pleased to announce version 6.5.0 of the
mongodbpackage!Release Notes
Bulk Write Operations Generate Ids using
pkFactoryWhen performing inserts, the driver automatically generates
_ids for each document if there is no_idpresent. By default, the driver generatesObjectIds. An option,pkFactory, can be used to configure the driver to generate_ids that are not object ids.For a long time, only
Collection.insertandCollection.insertManyactually used thepkFactory, if configured. Notably,Collection.bulkWrite(),Collection.initializeOrderedBulkOp()andCollection.initializeOrderedBulkOp()always generatedObjectIds, regardless of what was configured on collection.The driver always generates
_ids for inserted documents using thepkFactory.Caution
If you are using a
pkFactoryand performing bulk writes, you may have inserted data into your database that does not have_ids generated by thepkFactory.Fixed applying read preference to commands depending on topology
When connecting to a secondary in a replica set with a direct connection, if a read operation is performed, the driver attaches a read preference of
primaryPreferredto the command.Fixed memory leak in Connection layer
The Connection class has recently been refactored to operate on our socket operations using promises. An oversight how we made async network operations interruptible made new promises for every operation. We've simplified the approach and corrected the leak.
Query SRV and TXT records in parallel
When connecting using a convenient SRV connection string (
mongodb+srv://) hostnames are obtained from an SRV dns lookup and some configuration options are obtained from a TXT dns query. Those DNS operations are now performed in parallel to reduce first-time connection latency.Container and Kubernetes Awareness
The Node.js driver now keeps track of container metadata in the
client.env.containerfield of the handshake document.If space allows, the following metadata will be included in
client.env.container:Note: If neither Kubernetes nor Docker is present,
client.envwill not have thecontainerproperty.Add property
errorResponseto MongoServerErrorThe MongoServer error maps keys from the error document returned by the server on to itself. There are some use cases where the original error document is desirable to obtain in isolation. So now, the
mongoServerError.errorResponseproperty stores a reference to the error document returned by the server.Deprecated unused
CloseOptionsinterfaceThe
CloseOptionsinterface was unintentionally made public and was only intended for use in the driver's internals. Due to recent refactoring (NODE-5915), this interface is no longer used in the driver. Since it was marked public, out of an abundance of caution we will not be removing it outside of a major version, but we have deprecated it and will be removing it in the next major version.Features
Bug Fixes
CERT_HAS_EXPIRED(#4014) (057c223)Connectionclass (#4022) (69de253)Performance Improvements
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.Read more
6.3.0 (2023-11-15)
The MongoDB Node.js team is pleased to announce version 6.3.0 of the
mongodbpackage!Release Notes
New client option
serverMonitoringModeFor users that want to control the behaviour of the monitoring connection between each node in the topology, a new option,
serverMonitoringMode, has been added. This defaults toautobut can be forced into a specific mode by providing a value ofpollorstream. When the setting isautothe monitoring mode will be determined by the environment the driver is running in, specifically, FaaS environments prefer "polling" mode and all others prefer "streaming".A polling monitor periodically issues a
hellocommand to the node at an interval ofheartbeatFrequencyMS. A streaming monitor sends an initialhelloand then will automatically get a response from the Node when a change in server configuration occurs or at a maximum time ofheartbeatFrequencyMS. The value of that option defaults to 10000 milliseconds.This new option can be provided in the connection string or as an option to the
MongoClient.new MongoClient('mongodb://127.0.0.1:27017/?serverMonitoringMode=stream');
// In the options
new MongoClient('mongodb://127.0.0.1:27017/', { serverMonitoringMode: 'stream' });
Fix connection leak when
serverApiis enabledWhen enabling
serverApithe driver's RTT measurement logic (used to determine the closest node) still sent the legacy hello command "isMaster" causing the server to return an error. Unfortunately, the error handling logic did not correctly destroy the socket which would cause a leak.Both sending the correct hello command and the error handling connection clean-up logic are fixed in this change.
GridFS fields deprecated
The GridFS
contentTypeandaliasesoptions are deprecated. According to the GridFS spec, applications wishing to storecontentTypeandaliasesshould add a corresponding field to themetadatadocument instead.Remove deprecation warning about punycode
The
mongodb-connection-string-urlpackage which parses connection strings relied on Node's punycode module, the package now imports the community package removing the deprecation warning on Node.js 20+.Features
Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately and report any issues to the NODE project.Commit messages
Package name: mongodb
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs