Snyk has created this PR to upgrade mongodb from 3.5.0 to 3.5.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 22 days ago, on 2020-01-17.
The MongoDB Node.js team is pleased to announce version 3.5.0 of the driver
Release Highlights
CMAP-compliant Connection Pool
This release introduces a modern replacement for the driver's connection pool, available only with the
unified topology. A major effort was made in early 2019 to fully specifiy connection pools for MongoDB
drivers (see: CMAP specification), and this release brings the Node.js driver in line with that
specification.
Traceability
The new pool supports monitoring for all aspects of its behavior. This allows deep introspection into
the operation of the connection pool, as well as an ability to profile the lifetime of an operation
when used in conjunction with command monitoring.
Stream-first Connection Design
The Connection class was completely rewritten for the new pool adopting a stream-first mentality. All
wire message processing and compression is handled in a duplex stream called the MessageStream, and
that stream is connected bidirectionally to the underlaying TCP socket. The result is a connection which
gains the general benefit of streams: better performance, less memory pressure, backpressure support. It
also opens the possiblity of supporting non-TCP/UDP streams as a transport for the driver.
waitQueueTimeoutMS
The new connection pool has a concept of a "wait queue", which allows operation requests to buffer waiting
for a connection to execute against. There is no timeout by default, but users can now specify a new value waitQueueTimeoutMS in their connection string or MongoClient options to proactively cancel operations
that have waited too long.
Remember that the new connection pool is only available for the "Unified Topology", so remember to pass useUnifiedTopology: true to your MongoClient constructor to use it!
Dedicated monitoring connection
Both the legacy and unified SDAM implementations have until now executed monitoring checks as priority
messages in the legacy Pool implementation. This means that monitoring (ismaster) operations were
prioritized over other queued operations, but also means that monitoring could be indefinitely blocked,
in particular during failover or black hole scenarios. The default socket timeout is null (read: Infinity),
so if the pool was completely saturated with operations, there may be no ability to execute a monitoring
check and determine that the connection to a server was no longer valid. This version of the driver
introduces a new Monitor class which manages its own dedicated monitoring connection to each known
node.
Server selection errors
In v3.3.0 of the driver we introduced a new MongoTimeoutError for all errors covered by the server
selection loop, leading to a spike in bug reports with a title similar to Server selection timed out after 30000ms.
Even though the error type itself had an attached reason field, we still feel it was easy to miss why
the selection had failed. As a result we have introduced a new type MongoServerSelectionError which
will use the originating error (reason) for its message, better informing users what caused a
selection error, while still also conveying it is an error in server selection.
Release Notes
New Feature
[NODE-1742] - Implement Connection Monitoring and Pooling spec
Snyk has created this PR to upgrade mongodb from 3.5.0 to 3.5.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: mongodb
The MongoDB Node.js team is pleased to announce version 3.5.1 of the driver
Release Highlights
This patch release fixes a few regressions introduced with new connection pool, primarily
around the ability to use custom TLS certificates.
Release Notes
Bug
The MongoDB Node.js team is pleased to announce version 3.5.0 of the driver
Release Highlights
CMAP-compliant Connection Pool
This release introduces a modern replacement for the driver's connection pool, available only with the
unified topology. A major effort was made in early 2019 to fully specifiy connection pools for MongoDB
drivers (see: CMAP specification), and this release brings the Node.js driver in line with that
specification.
Traceability
The new pool supports monitoring for all aspects of its behavior. This allows deep introspection into
the operation of the connection pool, as well as an ability to profile the lifetime of an operation
when used in conjunction with command monitoring.
Stream-first Connection Design
The
Connection
class was completely rewritten for the new pool adopting a stream-first mentality. Allwire message processing and compression is handled in a duplex stream called the
MessageStream
, andthat stream is connected bidirectionally to the underlaying TCP socket. The result is a connection which
gains the general benefit of streams: better performance, less memory pressure, backpressure support. It
also opens the possiblity of supporting non-TCP/UDP streams as a transport for the driver.
waitQueueTimeoutMS
The new connection pool has a concept of a "wait queue", which allows operation requests to buffer waiting
for a connection to execute against. There is no timeout by default, but users can now specify a new value
waitQueueTimeoutMS
in their connection string orMongoClient
options to proactively cancel operationsthat have waited too long.
Remember that the new connection pool is only available for the "Unified Topology", so remember to pass
useUnifiedTopology: true
to yourMongoClient
constructor to use it!Dedicated monitoring connection
Both the legacy and unified SDAM implementations have until now executed monitoring checks as priority
messages in the legacy Pool implementation. This means that monitoring (
ismaster
) operations wereprioritized over other queued operations, but also means that monitoring could be indefinitely blocked,
in particular during failover or black hole scenarios. The default socket timeout is
null
(read: Infinity),so if the pool was completely saturated with operations, there may be no ability to execute a monitoring
check and determine that the connection to a server was no longer valid. This version of the driver
introduces a new
Monitor
class which manages its own dedicated monitoring connection to each knownnode.
Server selection errors
In v3.3.0 of the driver we introduced a new
MongoTimeoutError
for all errors covered by the serverselection loop, leading to a spike in bug reports with a title similar to
Server selection timed out after 30000ms
.Even though the error type itself had an attached
reason
field, we still feel it was easy to miss whythe selection had failed. As a result we have introduced a new type
MongoServerSelectionError
whichwill use the originating error (
reason
) for its message, better informing users what caused aselection error, while still also conveying it is an error in server selection.
Release Notes
New Feature
Bug
Improvement
Commit messages
Package name: mongodb
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
đ§ View latest project report
đ Adjust upgrade PR settings
đ Ignore this dependency or unsubscribe from future upgrade PRs