[Snyk] Upgrade mongodb from 4.3.1 to 4.5.0

[Hashen110]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 4.3.1 to 4.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-04-04.

Release notes

Package name: mongodb

• 4.5.0 - 2022-04-04
  

  The MongoDB Node.js team is pleased to announce version 4.5.0 of the mongodb package!

  Release Highlights

  This release includes a number of enhancements noted below.

  comment option support

  The comment option is now widely available: by setting a comment on an operation you can trace its value in database logs for more insights.

  collection.insertOne(
    { name: 'spot' },
    { comment: { started: new Date() } }
  )

  An example of a log line, trimmed for brevity. We can see the timestamp of the log and the time created on our client application differ.

  {
    "t": { "$date": "2022-04-04T16:08:56.079-04:00" },
    "attr": {
      "commandArgs": {
        "documents": [ { "_id": "...", "name": "spot" } ],
        "comment": { "started": { "$date": "2022-04-04T20:08:56.072Z" } } }
    }
  }

  Socket timeout fixes for FaaS environments

  This release includes a fix for serverless environments where transient serverHeartBeatFailure events that could be corrected to serverHeartBeatSucceeded events in the next tick of the event loop were nonetheless handled as an actual issue with the client's connection and caused unnecessary resource clean up routines.

  It turns out that since Node.js handles timeout events first in the event loop, socket timeouts expire while the FaaS environment is dormant and the timeout handler code is the first thing that runs upon function wake prior to checking for any data from the server. Delaying the timeout handling until after the data reading phase avoids the sleep-induced timeout error in the cases where the connection is still healthy.

  TS fixes for 4.7

  Typescript 4.7 may not be out yet but in preparation for its release we've fixed issues compiling against that version. The main new obstacle was defaulting generic arguments that require that the constraining condition enforce similarity with the defaulted type. You may notice that our change stream watch<T extends Document = Document>() methods now requires that T extends Document, a requirement that already had to be met by the underlying ChangeStreamDocument type.

  Features

  • NODE-3697: reduce serverSession allocation (#3171) (5132bc9)
  • NODE-3699: add support for comment field (#3167) (4e2f9bf)
  • NODE-4014: Add let option to bulk write operations (#3160) (6f633d1)

  Bug Fixes

  • NODE-3769: retryable writes are not compliant with specification (#3144) (ff26b12)
  • NODE-3810: delay timeout errors by one event loop tick (#3180) (0ed7cbf)
  • NODE-4069: remove 'default' from options for fullDocument field in change stream options (#3169) (799689e)
  • NODE-4074: ensure getTopology doesn't throw synchronously (#3172) (329f081)
  • NODE-4129: constrain watch type parameter to extend ChangeStream type parameter (#3183) (43ba9fc)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.5
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.4.1 - 2022-03-03
  

  The MongoDB Node.js team is pleased to announce version 4.4.1 of the mongodb package!

  Bug Fixes

  • NODE-3521: update session support checks (#3151) (aaa453d)
  • NODE-3948: Add error code to MongoSystemError (#3149) (446da95)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node
  • API: https://mongodb.github.io/node-mongodb-native/4.4
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.4.0 - 2022-02-17
  

  The MongoDB Node.js team is pleased to announce version 4.4.0 of the mongodb package!

  Release Highlights

  This release includes a few new features described below.

  KMIP

  KMIP can now be configured as a KMS provider for CSFLE by providing the KMIP endpoint in the kmsProviders option.

  Example:

  new MongoClient(uri, { autoEncryption: { kmsProviders: { kmip: { endpoint: 'host:port' }}}})

  CSFLE TLS

  Custom TLS options can now be provided for connection to the KMS servers on a per KMS provider basis.

  Example:

  new MongoClient(uri, { autoEncryption: { tlsOptions: { aws: { tlsCAFile: 'path/to/file' }}}})

  Valid options are tlsCAFile, tlsCertificateKeyFile, tlsCertificateKeyFilePassword and all accept strings as values: a string path to a certificate location on the file system or a string password.

  Kerberos

  Hostname canonicalization when using GSSAPI authentication now accepts 'none', 'forward', and 'forwardAndReverse' as auth mechanism properties. 'none' will perform no canonicalization (default), 'forward' will perform a forward cname lookup, and 'forwardAndReverse' will perform a forward lookup followed by a reverse PTR lookup on the IP address. Previous boolean values are still accepted and map to false -> 'none' and true -> 'forwardAndReverse'.

  Example:

  new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME=forward');

  For cases when the service host name differs from the connection’s host name (most likely when creating new users on localhost), a SERVICE_HOST auth mechanism property may now be provided.

  Example:

  new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=SERVICE_HOST:example.com')

  ⚠️ collection.count() and cursor.count()

  In the 4.0.0 release of the driver, the deprecated collection.count() method was inadvertently changed to behave like collection.countDocuments(). In this release, we have updated the collection.count() behavior to match the legacy behavior:

  • If a query is passed in, collection.count will behave the same as collection.countDocuments and perform a collection scan.
  • If no query is passed in, collection.count will behave the same as collection.estimatedDocumentCount and rely on collection metadata.

  We also deprecated the cursor.count() method and will remove it in the next major version along with collection.count(); please use collection.estimatedDocumentCount() or collection.countDocuments() instead.

  Features

  • NODE-2938: add service host mechanism property (#3130) (46d5821)
  • NODE-2939: add new hostname canonicalization opts (#3131) (d0390d0)
  • NODE-3351: use hostname canonicalization (#3122) (f5c76f3)
  • NODE-3777: add csfle kmip support (#3070) (44bbd6e)
  • NODE-3867: deprecate cursor count and update v4 docs (#3127) (a48d7e2)

  Bug Fixes

  • NODE-3621: fixed type of documentKey property on ChangeStreamDocument (#3118) (c63a21b)
  • NODE-3795: unexpected No auth provider for DEFAULT defined error (#3092) (fb38a56)
  • NODE-3813: unexpected type conversion of read preference tags (#3138) (3e7b894)
  • NODE-3878: use legacy count operation on collection.count (#3126) (12c6835)
  • NODE-3917: Throw an error when directConnection is set with multiple hosts (#3143) (b192493)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node
  • API: https://mongodb.github.io/node-mongodb-native/4.4
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.3.1 - 2022-01-18
  Read more

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 3dba3ae chore(release): 4.5.0
• 6ffa661 docs: generate next version API documentation (Using CreateConnections Only Slows Down the Server Automattic/mongoose#3188)
• 43f748c chore(NODE-4153): make type fixes for ts 4.7 (Regression Mongoose 4.0.7 -> 4.0.8, $set does not work with sub documents anymore Automattic/mongoose#3185)
• 0ed7cbf fix(NODE-3810): delay timeout errors by one event loop tick (Scope projection to the query module Automattic/mongoose#3180)
• 4e2f9bf feat(NODE-3699): add support for `comment` field (Update validation using positional operator validates as error, still updates Automattic/mongoose#3167)
• 43ba9fc fix(NODE-4129): constrain `watch` type parameter to extend `ChangeStream` type parameter (Mongoose Disconnect/reconnect event Issue Automattic/mongoose#3183)
• 5132bc9 feat(NODE-3697): reduce serverSession allocation (Model.update with $rename does not seem to work Automattic/mongoose#3171)
• de9fd7f chore: add failpoint interface (Switch to Travis CI container infrastructure Automattic/mongoose#3181)
• d2897ab feat(NODE-4085): add typings for csfle shared library option support (Default set on sub-property causes its parent to appear in result even when not selected Automattic/mongoose#3179)
• d266158 chore: bump bson 4.6.1 -> 4.6.2 (Fix documentarray id method when _id is null-ish. Automattic/mongoose#3178)
• 329f081 fix(NODE-4074): ensure getTopology doesn't throw synchronously (Proposal: Model.rename() method Automattic/mongoose#3172)
• 799689e fix(NODE-4069): remove 'default' from options for fullDocument field in change stream options (Under certain circumstances undefined values are recorded in database as null values Automattic/mongoose#3169)
• d43bd10 docs(NODE-4072): update change stream example tests for the docs team (findOneAndUpdate doesn't return the result object, only the value that was found Automattic/mongoose#3173)
• ff26b12 fix(NODE-3769): retryable writes are not compliant with specification (need to upgrade node-mongodb-native driver of mongoose 3.8.x to >= 1.4.36 Automattic/mongoose#3144)
• 6f633d1 feat(NODE-4014): Add let option to bulk write operations (Aggregate cursor is undefined Automattic/mongoose#3160)
• 6e2661b docs: build docs from latest main (Crashing after upgrade to newest node 12.6 Automattic/mongoose#3168)
• be89aea docs: update build script to pin version of typedoc (Is there a plugin that can track data change and sync to client? Automattic/mongoose#3166)
• 4390819 refactor: correct types for AbstractOperation.execute (Remove duplicated paragraphs in doc for Model#findByIdAndUpdate Automattic/mongoose#3164)
• 4e91607 docs: rebuild docs off of main with gitRevision set to `main` (BUG: $all throw CastError, but was passed when using raw mongo shell query Automattic/mongoose#3163)
• 5e77882 docs: rebuild next docs off main (I want to hook cast error with custom error message. Automattic/mongoose#3162)
• aff59ff refactor(NODE-4042): remove execute legacy operation (Changing misspelled word "modeling" to "model". Automattic/mongoose#3154)
• 33a6fed docs(NODE-4818): Add next docs to main and bring in missing css/js files (findAndUpdate doesn't add date when creating new record Automattic/mongoose#3161)
• ad03e94 docs(NODE-4018): Doc generation script improvements and site enhancements (Fix documentarray id method when using object _id Automattic/mongoose#3157)
• 178804b test(NODE-3991): Sync sessions spec tests with latest (ensureIndex Automattic/mongoose#3156)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs