Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongodb from 5.8.0 to 6.0.0 #14

Merged
merged 4 commits into from
Oct 11, 2023
Merged

[Snyk] Upgrade mongodb from 5.8.0 to 6.0.0 #14

merged 4 commits into from
Oct 11, 2023
+38 −34

Conversation

aravindbuilt
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongodb from 5.8.0 to 6.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-08-28.
Release notes
Package name: mongodb
  • 6.0.0 - 2023-08-28
    Read more
  • 6.0.0-alpha.2 - 2023-08-24
  • 6.0.0-alpha.1 - 2023-08-24
  • 6.0.0-alpha.0 - 2023-08-08
  • 5.9.0 - 2023-09-14

    5.9.0 (2023-09-14)

    The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!

    Release Notes

    Bumped bson version to make use of new Decimal128 behaviour

    In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.

    See the bson v5.5.0 release notes for more information.

    Use region settings for STS AWS credentials request

    When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

    The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

    Important
    The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

    Fix memory leak with ChangeStreams

    In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

    The function is now implemented as a loop, memory leak be gone!

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.8.1 - 2023-08-23

    5.8.1 (2023-08-23)

    The MongoDB Node.js team is pleased to announce version 5.8.1 of the mongodb package!

    Release Notes

    Import of saslprep updated to correct library.

    Fixes the import of saslprep to be the correct @ mongodb-js/saslprep library.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.8.0 - 2023-08-21

    5.8.0 (2023-08-21)

    The MongoDB Node.js team is pleased to announce version 5.8.0 of the mongodb package!

    Release Notes

    The AutoEncrypter interface has been deprecated

    The AutoEncrypter interface was used internally but accidentally made public in the 4.x version of the driver. It is now deprecated and will be made internal in the next major release.

    Kerberos support for 1.x and 2.x

    Moves the kerberos dependency back to ^1.0.0 || ^2.0.0 to indicate support for both 1.x and 2.x. Support for 1.x is removed in 6.0.

    Fixed accidental deprecation warning

    Because of internal options handling, a deprecation was emitted for tlsCertificateFile when using tlsCertificateKeyFile. That has been corrected.

    Remove credential availability on ConnectionPoolCreatedEvent

    In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • e57b738 chore(main): release 6.0.0 [skip-ci] (#3762)
  • e70826a docs: generate docs from latest main [skip-ci] (#3744)
  • df1b4f2 docs(NODE-5560): add v6 upgrade guide (#3844)
  • 7bef363 feat(NODE-5584)!: adopt bson v6 and mongodb-client-encryption v6 (#3845)
  • 05d2725 fix(NODE-5592): withTransaction return type (#3846)
  • 91152b9 chore(NODE-5581): pull in bson alpha.1 and mongodb-legacy main (#3843)
  • ecb2e20 chore: fix alpha version guard
  • ea2d60a refactor(NODE-5514): make FLE logic use async-await (#3830)
  • a17b0af feat(NODE-5484)!: mark MongoError for internal use and remove Node14 cause assignment logic (#3800)
  • 33c86c9 feat(NODE-5566): add ability to provide CRL file via tlsCRLFile (#3834)
  • 2323ca8 ci(NODE-5125): fix flaky case 14 prose test (#3833)
  • a0955bd fix(NODE-5548): ensure that tlsCertificateKeyFile maps to cert and key (#3819)
  • bf00e32 docs(no-story): generate api docs for 5.8 release (#3832)
  • 11682d0 docs(NODE-5532): fix docs for `types` and regenerate 5.7 docs (#3822)
  • a7ffdf5 ci(NODE-5446): revert bump dev dependencies (#3801) (#3829)
  • 46e15e7 docs: fix cutoff sentence on CommandStartedEvent (#3827)
  • 1c05b38 docs: generate 4.17.0 documentation (#3826)
  • 45f8fb9 chore(NODE-5544): fix duplicate PR highlights (#3816)
  • bd031fc feat(NODE-5396): add `mongodb-js/saslprep` as a required dependency (#3815)
  • fd9a467 chore(NODE-5446): bump dev dependencies (#3801)
  • 6483276 docs(NODE-5540): Fix MDB University links in GH pages (#3814)
  • 7955610 fix(NODE-4788)!: use implementer Writable methods for GridFSBucketWriteStream (#3808)
  • 2fbb715 docs(NODE-5523): add component support matrix to readme (#3806)
  • af47529 docs(NODE-5535): fix link to Transactions quickstart (#3811)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@aravindbuilt aravindbuilt requested a review from a team as a code owner September 26, 2023 17:39
@netrajpatel netrajpatel changed the base branch from master to development October 5, 2023 11:41
@netrajpatel netrajpatel merged commit 182b5cc into development Oct 11, 2023
@netrajpatel netrajpatel deleted the snyk-upgrade-efbdcac2c45e90a75e99bc82636c1fc7 branch October 11, 2023 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@netrajpatel netrajpatel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aravindbuilt @netrajpatel @snyk-bot @vkalta