Snyk has created this PR to upgrade mongodb from 3.6.4 to 3.6.9.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 5 versions ahead of your current version.
The recommended version was released 14 days ago, on 2021-05-26.
The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver!
Release Highlights
This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention!
The MongoDB Node.js team is pleased to announce version 3.6.8 of the mongodb package!
Release Highlights
Thanks to the quick adoption of the previous new patch by the mongoose package (Automattic/mongoose#10265) a small bug was identified when connections to mongodb would timeout causing unnecessary clean up operations to run. Thank you @ vkarpov15!
Bug Fixes
NODE-3305: undo flipping of beforeHandshake flag for timeout errors (#2813) (6e3bab3)
The MongoDB Node.js team is pleased to announce version 3.6.7 of the driver
Release Highlights
This patch addresses a number of bug fixes. Notably, there was an interesting javascript related issue with sorting documents. It only impacts users using numerical keys in their documents.
>{a: 'asc',[23]: 'asc'}{[23]: 'asc',a: 'asc'}// numbers come first
In javascript, numerical keys are always iterated first when looping over the keys of an object followed by the chronological specification of each string key. This effectively changes the ordering of a sort document sent to mongodb. However our driver does accept sort specification in a variety of ways and one way to avoid this problem is passing an array of tuples:
[['a','asc'],['23','asc']]
This ensures that mongodb is sent the 'a' key as the first sort key and '23' as the second.
The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver
Release Highlights
This patch addresses a number of bugs listed below.
Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, listCollections) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.
Bug
[NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
[NODE-3050] - Infinite loop on Windows due to a bug in require_optional package
[NODE-3120] - TypeError: Cannot read property 'roundTripTime' of undefined
[NODE-3122] - Pipelining an upload stream of GridFSBucket never finishes on Node v14
[NODE-3129] - Collection () .. .setReadPreference() not routing query to secondaries
[NODE-3133] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch
Improvement
[NODE-3070] - Define error handling behavior of writeErrors and writeConcernError on Mongos
The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!
Notable Fixes
In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause startSession to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.
In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's process.emitWarning API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.
Bug
session support detection spec compliance (#2732) (9baec71)
[NODE-3100] - startSession fails intermittently on servers that support sessions
The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver
Release Highlights
Explain Support
The full set of $explain verbosity settings are now supported:
queryPlanner
queryPlannerExtended
executionStats
allPlansExecution
In the following commands:
aggregate() (MDB 3.0+)
find() (MDB 3.0+)
remove() (MDB 3.0+)
update() (MDB 3.0+)
distinct() (MDB 3.2+)
findAndModify() (MDB 3.2+)
mapReduce() (MDB 4.4+)
You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
To learn more about how to use explain read here.
Direct Connection Issue Revert
We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.
NOTE: In the next major version the unifiedTopology is the only Topology and it is required to either specify a replicaSet name or enable directConnection in order to connect to single nodes in a replica set.
Support Azure and GCP keystores in FLE
There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.
[NODE-2828] - noCursorTimeout does not seem to for find()
[NODE-2874] - Setting connectionTimeoutMS to 0 will result in a disconnection every heartbeatFrequencyMS
[NODE-2876] - Race condition when resetting server monitor
[NODE-2916] - Legacy topology hangs with unlimited socket timeout
[NODE-2945] - ignoreUndefined not works on findOneAndUpdate when { upsert: true }
[NODE-2965] - MongoClient.readPreference returns "primary" ignoring readPref from connection string
[NODE-2966] - Unified topology: server selection fails when trying to connect to a remote replica set with a member whose 'host' attribute resolves to 'localhost'
[NODE-2977] - Query parameters with path in connection string not working on windows
Snyk has created this PR to upgrade mongodb from 3.6.4 to 3.6.9.
Release notes
Package name: mongodb
The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver!
Release Highlights
This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention!
Bug Fixes
Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.8 of the mongodb package!
Release Highlights
Thanks to the quick adoption of the previous new patch by the mongoose package (Automattic/mongoose#10265) a small bug was identified when connections to mongodb would timeout causing unnecessary clean up operations to run. Thank you @ vkarpov15!
Bug Fixes
beforeHandshake
flag for timeout errors (#2813) (6e3bab3)Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.7 of the driver
Release Highlights
This patch addresses a number of bug fixes. Notably, there was an interesting javascript related issue with sorting documents. It only impacts users using numerical keys in their documents.
In javascript, numerical keys are always iterated first when looping over the keys of an object followed by the chronological specification of each string key. This effectively changes the ordering of a sort document sent to mongodb. However our driver does accept sort specification in a variety of ways and one way to avoid this problem is passing an array of tuples:
This ensures that mongodb is sent the
'a'
key as the first sort key and'23'
as the second.Bug Fixes
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver
Release Highlights
This patch addresses a number of bugs listed below.
Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g,
listCollections
) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.Bug
Improvement
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!
Notable Fixes
In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause
startSession
to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's
process.emitWarning
API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.Bug
MongoDB Driver v3.6.4
The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver
Release Highlights
Explain Support
The full set of $explain verbosity settings are now supported:
queryPlanner
queryPlannerExtended
executionStats
allPlansExecution
In the following commands:
aggregate()
(MDB 3.0+)find()
(MDB 3.0+)remove()
(MDB 3.0+)update()
(MDB 3.0+)distinct()
(MDB 3.2+)findAndModify()
(MDB 3.2+)mapReduce()
(MDB 4.4+)You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
To learn more about how to use explain read here.
Direct Connection Issue Revert
We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.
Support Azure and GCP keystores in FLE
There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
Release Notes
Bug
Features
Improvement
Db
Commit messages
Package name: mongodb
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:![](https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZTBlZGU2Yi0zODQ5LTQwODEtOTdjYi1kZmY0NTc0ZjM3Y2YiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhlMGVkZTZiLTM4NDktNDA4MS05N2NiLWRmZjQ1NzRmMzdjZiJ9fQ==)
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs