search

DeviaVir / zenbot

Zenbot is a command-line cryptocurrency trading bot using Node.js and MongoDB.
MIT License
8.21k stars 2.04k forks source link

[Snyk] Upgrade mongodb from 3.6.4 to 3.6.9 #2706

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade mongodb from 3.6.4 to 3.6.9.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Release notes
Package name: mongodb
  • 3.6.9 - 2021-05-26

    The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver!

    Release Highlights

    This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention!

    Bug Fixes

    Documentation

    We invite you to try the mongodb package immediately, and report any issues to the NODE project.

  • 3.6.8 - 2021-05-21

    The MongoDB Node.js team is pleased to announce version 3.6.8 of the mongodb package!

    Release Highlights

    Thanks to the quick adoption of the previous new patch by the mongoose package (Automattic/mongoose#10265) a small bug was identified when connections to mongodb would timeout causing unnecessary clean up operations to run. Thank you @ vkarpov15!

    Bug Fixes

    Documentation

    We invite you to try the mongodb package immediately, and report any issues to the NODE project.

  • 3.6.7 - 2021-05-18

    The MongoDB Node.js team is pleased to announce version 3.6.7 of the driver

    Release Highlights

    This patch addresses a number of bug fixes. Notably, there was an interesting javascript related issue with sorting documents. It only impacts users using numerical keys in their documents.

    > { a: 'asc', [23]: 'asc' }
{ [23]: 'asc', a: 'asc' } // numbers come first

    In javascript, numerical keys are always iterated first when looping over the keys of an object followed by the chronological specification of each string key. This effectively changes the ordering of a sort document sent to mongodb. However our driver does accept sort specification in a variety of ways and one way to avoid this problem is passing an array of tuples:

    [['a', 'asc'], ['23', 'asc']]

    This ensures that mongodb is sent the 'a' key as the first sort key and '23' as the second.

    Bug Fixes

    Documentation

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

  • 3.6.6 - 2021-04-06

    The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver

    Release Highlights

    This patch addresses a number of bugs listed below.
    Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, listCollections) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.

    Bug

    • [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
    • [NODE-3050] - Infinite loop on Windows due to a bug in require_optional package
    • [NODE-3120] - TypeError: Cannot read property 'roundTripTime' of undefined
    • [NODE-3122] - Pipelining an upload stream of GridFSBucket never finishes on Node v14
    • [NODE-3129] - Collection () .. .setReadPreference() not routing query to secondaries
    • [NODE-3133] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch

    Improvement

    • [NODE-3070] - Define error handling behavior of writeErrors and writeConcernError on Mongos

    Documentation

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

  • 3.6.5 - 2021-03-16

    The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!

    Notable Fixes

    In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause startSession to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.

    In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's process.emitWarning API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.

    Bug

    • session support detection spec compliance (#2732) (9baec71)
    • [NODE-3100] - startSession fails intermittently on servers that support sessions
    • [NODE-3066] - Accessing non-existent property 'MongoError' of module exports inside circular dependency
    • [NODE-3114] - Incorrect warning: Top-level use of w, wtimeout, j, and fsync is deprecated
    • [NODE-3119] - Node 14.5.4, mongo 3.6.4 Circular warnings
  • 3.6.4 - 2021-02-02

    MongoDB Driver v3.6.4

    The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver

    Release Highlights

    Explain Support

    The full set of $explain verbosity settings are now supported:

    • queryPlanner
    • queryPlannerExtended
    • executionStats
    • allPlansExecution

    In the following commands:

    • aggregate() (MDB 3.0+)
    • find() (MDB 3.0+)
    • remove() (MDB 3.0+)
    • update() (MDB 3.0+)
    • distinct() (MDB 3.2+)
    • findAndModify() (MDB 3.2+)
    • mapReduce() (MDB 4.4+)

    You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
    To learn more about how to use explain read here.

    Direct Connection Issue Revert

    We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.

    NOTE: In the next major version the unifiedTopology is the only Topology and it is required to either specify a replicaSet name or enable directConnection in order to connect to single nodes in a replica set.

    Support Azure and GCP keystores in FLE

    There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.

    Documentation

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2355] - GridFSBucketWriteStream doesn't implement stream.Writable properly
    • [NODE-2828] - noCursorTimeout does not seem to for find()
    • [NODE-2874] - Setting connectionTimeoutMS to 0 will result in a disconnection every heartbeatFrequencyMS
    • [NODE-2876] - Race condition when resetting server monitor
    • [NODE-2916] - Legacy topology hangs with unlimited socket timeout
    • [NODE-2945] - ignoreUndefined not works on findOneAndUpdate when { upsert: true }
    • [NODE-2965] - MongoClient.readPreference returns "primary" ignoring readPref from connection string
    • [NODE-2966] - Unified topology: server selection fails when trying to connect to a remote replica set with a member whose 'host' attribute resolves to 'localhost'
    • [NODE-2977] - Query parameters with path in connection string not working on windows
    • [NODE-2986] - MongoError: pool destroyed

    Features

    • [NODE-2762] - Comprehensive Support for Explain
    • [NODE-2852] - Add explain support to non-cursor commands
    • [NODE-2853] - Add explain support to cursor-based commands

    Improvement

    • [NODE-1726] - Deprecate Topology events in Db
    • [NODE-2825] - Support Azure and GCP keystores in FLE
    • [NODE-2880] - Improve stack traces in the session leak checker
    • [NODE-2895] - Update AggregateCursor "unwind" method to match the native driver
    • [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • 394832a chore(release): 3.6.9
  • fac9610 fix(NODE-3309): remove redundant iteration of bulk write result (#2815)
  • 58c4e69 fix: fix url parsing for a mongodb+srv url that has commas in the database name (#2789)
  • 6c8cc84 chore(release): 3.6.8
  • 6e3bab3 fix(cmap): undo flipping of `beforeHandshake` flag for timeout errors (#2813)
  • 4fd03e8 chore(release): 3.6.7
  • 6ceace6 fix(NODE-3192): check clusterTime is defined before access (#2806)
  • 1967515 test(NODE-3187): port unified test runner (#2783)
  • 5d8f649 fix(NODE-3252): state transistion from DISCONNECTED (#2807)
  • f916843 refactor(NODE-1812): Deprecate returnOriginal in favor of returnDocument (#2808)
  • 945e915 refactor: deprecate remove, removeOne, insertMany bulk operations (#2797)
  • be269b1 chore(NODE-3198): bump optional-require for yarn v2 pnp support (#2781)
  • 730f43a fix(NODE-3173): Preserve sort key order for numeric string keys (#2790)
  • 16e7064 fix(sdam): topology no longer causes close event (#2791)
  • 971259a fix(docs): removing incorrect apm docs (#2793)
  • d8784d1 Remove callback from Collection.initializeOrderedBulkOp() (#2782)
  • 2b18411 chore(NODE-3186): ensure all aws tests are run (#2776)
  • f1afcc4 fix(NODE-3176): handle errors from MessageStream (#2774)
  • b1363c2 fix: invalid case on writeconcern makes skip check fail (#2773)
  • dfb03ad chore(release): 3.6.6
  • 5a0d706 chore: reintroduce nodejs fermium testing (#2775)
  • af49ba3 test(NODE-3070): Ensure that SDAM should ignore the writeErrors field (#2769)
  • 312ffef fix(NODE-3109): prevent servername from being IP (#2763)
  • 9256242 fix(NODE-2995): Add shared metadata MongoClient (#2760)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs