search

SharonKoch / Wiki_Demo

Wiki.js | A modern and powerful wiki app built on Node.js
https://js.wiki
GNU Affero General Public License v3.0
1 stars 0 forks source link

chore(deps): update dependency mongodb to v3.6.10 #64

Open mend-for-github-com[bot] opened 9 months ago

mend-for-github-com[bot] commented 9 months ago

This PR contains the following updates:

Package Type Update Change
mongodb dependencies patch 3.6.5 -> 3.6.10

By merging this PR, the issue #9 will be automatically resolved and closed:

Severity CVSS Score CVE
Medium Medium 4.2 CVE-2021-32050

Release Notes

mongodb/node-mongodb-native (mongodb) ### [`v3.6.10`](https://togithub.com/mongodb/node-mongodb-native/releases/tag/v3.6.10) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.9...v3.6.10) The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package! #### Release Highlights This patch addresses a few bugs listed below. Notably the `bsonRegExp` option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example: ```javascript await collection.insertOne({ a: new BSONRegExp('(?-i)AA_') }) await collection.findOne({ a: new BSONRegExp('(?-i)AA_') }, { bsonRegExp: true }) // { _id: ObjectId, a: BSONRegExp { pattern: '(?-i)AA_', options: '' } } ``` Also there was an issue with `Cursor.forEach` where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example: ```javascript collection.find({}).forEach(doc => { if(doc.bad) throw new Error('bad document!'); }).catch(error => { // now this is called! and error is `bad document!` }) // before this fix the `bad document!` error would be thrown synchronously // and have to be caught with try catch out here ``` ##### Bug Fixes - **NODE-2035:** Exceptions thrown from awaited cursor forEach do not propagate ([#​2852](https://togithub.com/mongodb/node-mongodb-native/issues/2852)) ([a917dfa](https://togithub.com/mongodb/node-mongodb-native/commit/a917dfada67859412344ed238796cf3bee243f5f)) - **NODE-3150:** added bsonRegExp option for v3.6 ([#​2843](https://togithub.com/mongodb/node-mongodb-native/issues/2843)) ([e4a9a57](https://togithub.com/mongodb/node-mongodb-native/commit/e4a9a572427666fd1a89576dadf50b9c452e1659)) - **NODE-3358:** Command monitoring objects hold internal state references ([#​2858](https://togithub.com/mongodb/node-mongodb-native/issues/2858)) ([750760c](https://togithub.com/mongodb/node-mongodb-native/commit/750760c324ddedb72491befde9f7aff1ceec009c)) - **NODE-3380:** perform retryable write checks against server ([#​2861](https://togithub.com/mongodb/node-mongodb-native/issues/2861)) ([621677a](https://togithub.com/mongodb/node-mongodb-native/commit/621677a42772e0b26aa13883f57d7e42f86df43f)) - **NODE-3397:** report more helpful error with unsupported authMechanism in initial handshake ([#​2876](https://togithub.com/mongodb/node-mongodb-native/issues/2876)) ([3ce148d](https://togithub.com/mongodb/node-mongodb-native/commit/3ce148d8fb37faea1ee056f6e9331e5282e65cd0)) #### Documentation - Reference: https://docs.mongodb.com/drivers/node/current/ - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the mongodb package immediately, and report any issues to the [NODE project](https://jira.mongodb.org/projects/NODE). ### [`v3.6.9`](https://togithub.com/mongodb/node-mongodb-native/releases/tag/v3.6.9) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.8...v3.6.9) The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver! #### Release Highlights This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention! ##### Bug Fixes - **NODE-3309:** remove redundant iteration of bulk write result ([#​2815](https://togithub.com/mongodb/node-mongodb-native/issues/2815)) ([fac9610](https://togithub.com/mongodb/node-mongodb-native/commit/fac961086eafa0f7437576fd6af900e1f9fe22ed)) - **NODE-3234:** fix url parsing for a mongodb+srv url that has commas in the database name ([#​2789](https://togithub.com/mongodb/node-mongodb-native/issues/2789)) ([58c4e69](https://togithub.com/mongodb/node-mongodb-native/commit/58c4e693cc3a717254144d5f9bdddd8414217e97)) #### Documentation - Reference: https://docs.mongodb.com/drivers/node/current/ - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the mongodb package immediately, and report any issues to the [NODE project](https://jira.mongodb.org/projects/NODE). ### [`v3.6.8`](https://togithub.com/mongodb/node-mongodb-native/releases/tag/v3.6.8) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.7...v3.6.8) The MongoDB Node.js team is pleased to announce version 3.6.8 of the mongodb package! #### Release Highlights Thanks to the quick adoption of the previous new patch by the mongoose package ([https://github.com/Automattic/mongoose/pull/10265](https://togithub.com/Automattic/mongoose/pull/10265)) a small bug was identified when connections to mongodb would timeout causing unnecessary clean up operations to run. Thank you [@​vkarpov15](https://togithub.com/vkarpov15)! ##### Bug Fixes - **NODE-3305:** undo flipping of `beforeHandshake` flag for timeout errors ([#​2813](https://togithub.com/mongodb/node-mongodb-native/issues/2813)) ([6e3bab3](https://togithub.com/mongodb/node-mongodb-native/commit/6e3bab32204ea905ab9b949edccb68556b50d382)) #### Documentation - Reference: https://docs.mongodb.com/drivers/node/current/ - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the mongodb package immediately, and report any issues to the [NODE project](https://jira.mongodb.org/projects/NODE). ### [`v3.6.7`](https://togithub.com/mongodb/node-mongodb-native/releases/tag/v3.6.7) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.6...v3.6.7) The MongoDB Node.js team is pleased to announce version 3.6.7 of the driver #### Release Highlights This patch addresses a number of bug fixes. Notably, there was an interesting javascript related issue with sorting documents. It **only** impacts users using numerical keys in their documents. ```javascript > { a: 'asc', [23]: 'asc' } { [23]: 'asc', a: 'asc' } // numbers come first ``` In javascript, [numerical keys are always iterated first](https://262.ecma-international.org/9.0/#sec-ordinaryownpropertykeys) when looping over the keys of an object followed by the chronological specification of each string key. This effectively changes the ordering of a sort document sent to mongodb. However our driver does accept sort specification in a variety of ways and one way to avoid this problem is passing an array of tuples: ```javascript [['a', 'asc'], ['23', 'asc']] ``` This ensures that mongodb is sent the `'a'` key as the first sort key and `'23'` as the second. #### Bug Fixes - **NODE-3159:** removing incorrect apm docs ([#​2793](https://togithub.com/mongodb/node-mongodb-native/issues/2793)) ([971259a](https://togithub.com/mongodb/node-mongodb-native/commit/971259a868a8018e90ebc2f28d151eb7af3dd50a)) - **NODE-3173:** Preserve sort key order for numeric string keys ([#​2790](https://togithub.com/mongodb/node-mongodb-native/issues/2790)) ([730f43a](https://togithub.com/mongodb/node-mongodb-native/commit/730f43af6d9e53603af998353b720d8161426d8c)) - **NODE-3176:** handle errors from MessageStream ([#​2774](https://togithub.com/mongodb/node-mongodb-native/issues/2774)) ([f1afcc4](https://togithub.com/mongodb/node-mongodb-native/commit/f1afcc4efbc41ce436812a6bfa22843e939ab5cf)) - **NODE-3192:** check clusterTime is defined before access ([#​2806](https://togithub.com/mongodb/node-mongodb-native/issues/2806)) ([6ceace6](https://togithub.com/mongodb/node-mongodb-native/commit/6ceace6b245c42b8498fb1b13e7c37a97a46946d)) - **NODE-3252:** state transistion from DISCONNECTED ([#​2807](https://togithub.com/mongodb/node-mongodb-native/issues/2807)) ([5d8f649](https://togithub.com/mongodb/node-mongodb-native/commit/5d8f6493a0ba4b525434c0868e2ae12315b4c249)) - **NODE-3219:** topology no longer causes close event ([#​2791](https://togithub.com/mongodb/node-mongodb-native/issues/2791)) ([16e7064](https://togithub.com/mongodb/node-mongodb-native/commit/16e70642f25954a03b91a2c2991cea96b8356de7)) - invalid case on writeconcern makes skip check fail ([#​2773](https://togithub.com/mongodb/node-mongodb-native/issues/2773)) ([b1363c2](https://togithub.com/mongodb/node-mongodb-native/commit/b1363c26db5da5003f9db43be7e8d6e9007d45bd)) #### Documentation - Reference: http://mongodb.github.io/node-mongodb-native/3.6 - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the [NODE project](https://jira.mongodb.org/projects/NODE). Thanks very much to all the community members who contributed to this release! ### [`v3.6.6`](https://togithub.com/mongodb/node-mongodb-native/releases/tag/v3.6.6) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.5...v3.6.6) The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver #### Release Highlights This patch addresses a number of bugs listed below. Most notably, for client side encryption users upgrading to this version of the driver along with the new version of [mongodb-client-encryption@1.2.3](https://www.npmjs.com/package/mongodb-client-encryption) will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, `listCollections`) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events. #### Bug - \[[NODE-2995](https://jira.mongodb.org/browse/NODE-2995)] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption - \[[NODE-3050](https://jira.mongodb.org/browse/NODE-3050)] - Infinite loop on Windows due to a bug in require_optional package - \[[NODE-3120](https://jira.mongodb.org/browse/NODE-3120)] - TypeError: Cannot read property 'roundTripTime' of undefined - \[[NODE-3122](https://jira.mongodb.org/browse/NODE-3122)] - Pipelining an upload stream of GridFSBucket never finishes on Node v14 - \[[NODE-3129](https://jira.mongodb.org/browse/NODE-3129)] - Collection () .. .setReadPreference() not routing query to secondaries - \[[NODE-3133](https://jira.mongodb.org/browse/NODE-3133)] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch #### Improvement - \[[NODE-3070](https://jira.mongodb.org/browse/NODE-3070)] - Define error handling behavior of writeErrors and writeConcernError on Mongos #### Documentation - Reference: http://mongodb.github.io/node-mongodb-native/3.6 - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release!