Bump MongoDB.Driver from 2.18.0 to 2.19.0 in /Mongo_Adapter

[dependabot[bot]]

Bumps MongoDB.Driver from 2.18.0 to 2.19.0.

Release notes

Sourced from MongoDB.Driver's releases.

NET Driver Version 2.19.0 Release Notes

.NET Driver Version 2.19.0 Release Notes

This is the general availability release for the 2.19.0 version of the driver.

The main new features in 2.19.0 include:

• Atlas Search builders
• Default LinqProvider changed to LINQ3
• ObjectSerializer allowed types configuration
• Bucket and BucketAuto stages support in LINQ3
• Support Azure VM-assigned Managed Identity for Automatic KMS Credentials
• Native support for AWS IAM Roles

This version addresses CVE-2022-48282.

ObjectSerializer allowed types configuration

The ObjectSerializer has been changed to only allow deserialization of types that are considered safe. What types are considered safe is determined by a new configurable AllowedTypes function (of type Func<Type, bool>). The default AllowedTypes function is ObjectSerializer.DefaultAllowedTypes which returns true for a number of well-known framework types that we have deemed safe. A typical example might be to allow all the default allowed types as well as your own types. This could be accomplished as follows:

var objectSerializer = new ObjectSerializer(type => ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith("MyNamespace"));
BsonSerializer.RegisterSerializer(objectSerializer);

More information about the ObjectSerializer is available in our FAQ.

Default LinqProvider changed to LINQ3

Default LinqProvider has been changed to LINQ3. LinqProvider can be changed back to LINQ2 in the following way:

var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
clientSettings.LinqProvider = LinqProvider.V2;
var client = new MongoClient(clientSettings);

If you encounter a bug in LINQ3 provider, please report it in CSHARP JIRA project.

An online version of these release notes is available here.

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

Commits

• 3db6a36 Release notes for 2.19.0. (#1013)
• 790f123 CSHARP-4475: Add an AllowedTypes filter to ObjectSerializer.
• 8993daa CSHARP-4453: Support Bucket and BucketAuto stages in LINQ3.
• ec46c34 CSHARP-4490: Fix tests related to asserting wildcardProjection output. (#1011)
• 9ee046b CSHARP-4182: Support for Range Indexes. (#988)
• 9189a58 CSHARP-4440: Incorporate MongoDB.Labs.Search library (#989)
• 0bb42fa CSHARP-4255: Fix bug and some tests. (#993)
• c0c521e CSHARP-4449: Implement Find projections in LINQ3.
• 396830c CSHARP-4468: LINQ V3 SelectMany + GroupBy results with redundant $push within...
• 70ed174 CSHARP-4463: Add aws auth connectivity examples. (#1004)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BHoM/Mongo_Toolkit/network/alerts).

[adecler]

We need to be a bit careful with updating MongoDB as it still referenced directly by multiple repos. The drivers should be fine though as I think they are only referenced in this repo (Except for ClimateDashboard_Tool but that feels like a mistake).

[FraserGreenroyd]

I've given this some thought over the last few days and I think we should merge this after the beta @adecler if you're in agreement, so that we can have a milestone of alphas testing the driver change and ensuring no incompatibilities while not risking the upcoming beta too much further?

[adecler]

@FraserGreenroyd , I completely agree.

[FraserGreenroyd]

@BHoMBot check compliance @BHoMBot check required

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `code-compliance` - check `documentation-compliance` - check `project-compliance` - check `branch-compliance` - check `dataset-compliance` - check `copyright-compliance` - check `code-compliance` - check `documentation-compliance` - check `project-compliance` - check `core` - check `null-handling` - check `serialisation` - check `versioning` - check `installer`

[FraserGreenroyd]

@dependabot rebase

[FraserGreenroyd]

@BHoMBot check project-compliance

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `project-compliance` There are 1 requests in the queue ahead of you.

[FraserGreenroyd]

@BHoMBot check compliance @BHoMBot check required

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `code-compliance` - check `documentation-compliance` - check `project-compliance` - check `branch-compliance` - check `dataset-compliance` - check `copyright-compliance` - check `code-compliance` - check `documentation-compliance` - check `project-compliance` - check `core` - check `null-handling` - check `serialisation` - check `versioning` - check `installer` There are 1 requests in the queue ahead of you.

[bhombot-ci[bot]]

The check `project-compliance` has already been run previously and recorded as a successful check. This check has not been run again at this time.

[bhombot-ci[bot]]

The check `project-compliance` has already been run previously and recorded as a successful check. This check has not been run again at this time.

[FraserGreenroyd]

@BHoMBot check core

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `core`

[FraserGreenroyd]

@BHoMBot check core

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `core`

[FraserGreenroyd]

@BHoMBot check installer

[bhombot-ci[bot]]

@FraserGreenroyd to confirm, the following actions are now queued: - check `installer`

[FraserGreenroyd]

@adecler new problem - while this PR happily bumps the driver, the MongoDB.Bson package on 2.18 is incompatible, as the driver on 2.19 requires the Bson to also be on 2.19.

The Serialiser Engine is currently on 2.18.

Merging this will cause an inability to compile for this toolkit, and throw off some things.

So I'm wondering if it's worth investigating whether 2.19 causes us any problems and upgrading both, or closing this PR entirely and accepting the vulnerability 2.18 currently poses?

What are your thoughts?

[adecler]

Hey @FraserGreenroyd ,

I think we should always bump all the Mongo related NuGet packages together. My two criteria for approving the upgrade would be:

• all serialisation text are passing (of course)
• We are fairly early in a milestone
• new BHoM NuGet packages are generated once the upgrade is merged. (This is to ensure that we don't break compatibility between directly referenced BHoM dlls and NuGet packages).

This last point is probably part of a bigger discussion on NuGet packages though.

[FraserGreenroyd]

Sounds good @adecler - as discussed offline, I'll take a look w/c 10th April for upgrades to Serialiser Engine 😄

[bhombot-ci[bot]]

@dependabot[bot] just to let you know, I have provided a `check-installer` result to this Pull Request as it was detected to be linked to other Pull Requests in a series. The comment which triggered this check came from @FraserGreenroyd on BHoM_Engine

[bhombot-ci[bot]]

@dependabot[bot] just to let you know, I have provided a `check-installer` result to this Pull Request as it was detected to be linked to other Pull Requests in a series. The comment which triggered this check came from @FraserGreenroyd on BHoM_Engine

[FraserGreenroyd]

@adecler following on from testing against this PR in addition to this, we get errors in our serialisation when upgrading to 2.19.0 or 2.19.1 for MongoDB.Bson.

As such, I am now closing these PRs because they will be incompatible for us at this time. We probably need to take another look in the future for how to handle this but for now going with closure.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.