Snyk has created this PR to upgrade mongodb from 3.5.0 to 3.5.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 22 days ago, on 2020-01-17.
The MongoDB Node.js team is pleased to announce version 3.5.0 of the driver
Release Highlights
CMAP-compliant Connection Pool
This release introduces a modern replacement for the driver's connection pool, available only with the
unified topology. A major effort was made in early 2019 to fully specifiy connection pools for MongoDB
drivers (see: CMAP specification), and this release brings the Node.js driver in line with that
specification.
Traceability
The new pool supports monitoring for all aspects of its behavior. This allows deep introspection into
the operation of the connection pool, as well as an ability to profile the lifetime of an operation
when used in conjunction with command monitoring.
Stream-first Connection Design
The Connection class was completely rewritten for the new pool adopting a stream-first mentality. All
wire message processing and compression is handled in a duplex stream called the MessageStream, and
that stream is connected bidirectionally to the underlaying TCP socket. The result is a connection which
gains the general benefit of streams: better performance, less memory pressure, backpressure support. It
also opens the possiblity of supporting non-TCP/UDP streams as a transport for the driver.
waitQueueTimeoutMS
The new connection pool has a concept of a "wait queue", which allows operation requests to buffer waiting
for a connection to execute against. There is no timeout by default, but users can now specify a new value waitQueueTimeoutMS in their connection string or MongoClient options to proactively cancel operations
that have waited too long.
Remember that the new connection pool is only available for the "Unified Topology", so remember to pass useUnifiedTopology: true to your MongoClient constructor to use it!
Dedicated monitoring connection
Both the legacy and unified SDAM implementations have until now executed monitoring checks as priority
messages in the legacy Pool implementation. This means that monitoring (ismaster) operations were
prioritized over other queued operations, but also means that monitoring could be indefinitely blocked,
in particular during failover or black hole scenarios. The default socket timeout is null (read: Infinity),
so if the pool was completely saturated with operations, there may be no ability to execute a monitoring
check and determine that the connection to a server was no longer valid. This version of the driver
introduces a new Monitor class which manages its own dedicated monitoring connection to each known
node.
Server selection errors
In v3.3.0 of the driver we introduced a new MongoTimeoutError for all errors covered by the server
selection loop, leading to a spike in bug reports with a title similar to Server selection timed out after 30000ms.
Even though the error type itself had an attached reason field, we still feel it was easy to miss why
the selection had failed. As a result we have introduced a new type MongoServerSelectionError which
will use the originating error (reason) for its message, better informing users what caused a
selection error, while still also conveying it is an error in server selection.
Release Notes
New Feature
[NODE-1742] - Implement Connection Monitoring and Pooling spec
Snyk has created this PR to upgrade mongodb from 3.5.0 to 3.5.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: mongodb
-
3.5.1 - 2020-01-17
- [NODE-2372] - db.findOne does not respect client setting bufferMaxEntries
- [NODE-2401] - "readPreference.equals is not a function" exception thrown within executeWithServerSelection
- [NODE-2424] - CMAP connection pool fails to create connection using SSL / TLS
-
3.5.0 - 2020-01-14
- [NODE-1742] - Implement Connection Monitoring and Pooling spec
- [NODE-2386] - Use a dedicated monitoring thread
- [NODE-2400] - Synchronous errors are swallowed by executeOperation
- [NODE-2417] - Server descriptions with me mismatch from primary response should be removed
- [NODE-2418] - client platform not sent in metadata for CMAP connections
- [NODE-1619] - Remove wasteful empty Buffer allocations in `Connection`
- [NODE-2049] - Add "connectionError" as a valid "reason" for a ConnectionCheckOutFailedEvent when connection set up fails
- [NODE-2397] - Make server selection errors more informative
- [NODE-2402] - Integrate CMAP connection pool into unified topology
- [NODE-2419] - Improve traceability of CMAP events
- [NODE-2033] - Ignore ConnectionReadyEvent in CMAP pool creation test
from mongodb GitHub release notesThe MongoDB Node.js team is pleased to announce version 3.5.1 of the driver
Release Highlights
This patch release fixes a few regressions introduced with new connection pool, primarily
around the ability to use custom TLS certificates.
Release Notes
Bug
The MongoDB Node.js team is pleased to announce version 3.5.0 of the driver
Release Highlights
CMAP-compliant Connection Pool
This release introduces a modern replacement for the driver's connection pool, available only with the
unified topology. A major effort was made in early 2019 to fully specifiy connection pools for MongoDB
drivers (see: CMAP specification), and this release brings the Node.js driver in line with that
specification.
Traceability
The new pool supports monitoring for all aspects of its behavior. This allows deep introspection into
the operation of the connection pool, as well as an ability to profile the lifetime of an operation
when used in conjunction with command monitoring.
Stream-first Connection Design
The
Connectionclass was completely rewritten for the new pool adopting a stream-first mentality. Allwire message processing and compression is handled in a duplex stream called the
MessageStream, andthat stream is connected bidirectionally to the underlaying TCP socket. The result is a connection which
gains the general benefit of streams: better performance, less memory pressure, backpressure support. It
also opens the possiblity of supporting non-TCP/UDP streams as a transport for the driver.
waitQueueTimeoutMS
The new connection pool has a concept of a "wait queue", which allows operation requests to buffer waiting
for a connection to execute against. There is no timeout by default, but users can now specify a new value
waitQueueTimeoutMSin their connection string orMongoClientoptions to proactively cancel operationsthat have waited too long.
Remember that the new connection pool is only available for the "Unified Topology", so remember to pass
useUnifiedTopology: trueto yourMongoClientconstructor to use it!Dedicated monitoring connection
Both the legacy and unified SDAM implementations have until now executed monitoring checks as priority
messages in the legacy Pool implementation. This means that monitoring (
ismaster) operations wereprioritized over other queued operations, but also means that monitoring could be indefinitely blocked,
in particular during failover or black hole scenarios. The default socket timeout is
null(read: Infinity),so if the pool was completely saturated with operations, there may be no ability to execute a monitoring
check and determine that the connection to a server was no longer valid. This version of the driver
introduces a new
Monitorclass which manages its own dedicated monitoring connection to each knownnode.
Server selection errors
In v3.3.0 of the driver we introduced a new
MongoTimeoutErrorfor all errors covered by the serverselection loop, leading to a spike in bug reports with a title similar to
Server selection timed out after 30000ms.Even though the error type itself had an attached
reasonfield, we still feel it was easy to miss whythe selection had failed. As a result we have introduced a new type
MongoServerSelectionErrorwhichwill use the originating error (
reason) for its message, better informing users what caused aselection error, while still also conveying it is an error in server selection.
Release Notes
New Feature
Bug
Improvement
Commit messages
Package name: mongodb
- d0bfd8a chore(release): 3.5.1
- 9169203 test: skip test that uses `mongofiles` for flakiness
- 667b34c test: fix failure to return promise in CSFLE prose test
- c8d182e fix(uri_parser): TLS uri variants imply `ssl=true`
- f8bdb8d fix(connect): listen to `secureConnect` for tls connections
- d13b153 fix(cmap): error wait queue members on failed connection creation
- 5a12683 refactor: reorganize pool properties below constructor
- 79932db refactor: integrate logger into CMAP connection pool
- 5995d1d fix(cmap): accept all node TLS options as pool options
- 9698a76 fix(transactions): use options helper to resolve read preference
- b8a7ef4 doc: correct relative reference to sdam monitoring in unified docs
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
đ§ View latest project report
đ Adjust upgrade PR settings
đ Ignore this dependency or unsubscribe from future upgrade PRs