Update dependency mongodb to v3

[mend-for-github-com[bot]]

This PR contains the following updates:

Package	Type	Update	Change
mongodb	dependencies	major	^2.1.18 -> ^3.0.0

By merging this PR, the issue #59 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2020-7610
Medium	6.5	WS-2019-0311
Medium	5.3	CVE-2022-25883
Medium	4.2	CVE-2019-2391

---

Release Notes

mongodb/node-mongodb-native (mongodb)

### [`v3.6.6`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.6) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.5...v3.6.6) The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver #### Release Highlights This patch addresses a number of bugs listed below. Most notably, for client side encryption users upgrading to this version of the driver along with the new version of [mongodb-client-encryption@1.2.3](https://www.npmjs.com/package/mongodb-client-encryption) will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, `listCollections`) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events. #### Bug - \[[NODE-2995](https://jira.mongodb.org/browse/NODE-2995)] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption - \[[NODE-3050](https://jira.mongodb.org/browse/NODE-3050)] - Infinite loop on Windows due to a bug in require_optional package - \[[NODE-3120](https://jira.mongodb.org/browse/NODE-3120)] - TypeError: Cannot read property 'roundTripTime' of undefined - \[[NODE-3122](https://jira.mongodb.org/browse/NODE-3122)] - Pipelining an upload stream of GridFSBucket never finishes on Node v14 - \[[NODE-3129](https://jira.mongodb.org/browse/NODE-3129)] - Collection () .. .setReadPreference() not routing query to secondaries - \[[NODE-3133](https://jira.mongodb.org/browse/NODE-3133)] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch #### Improvement - \[[NODE-3070](https://jira.mongodb.org/browse/NODE-3070)] - Define error handling behavior of writeErrors and writeConcernError on Mongos #### Documentation - Reference: http://mongodb.github.io/node-mongodb-native/3.6 - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! ### [`v3.6.5`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.5) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.4...v3.6.5) The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver! #### Notable Fixes In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause `startSession` to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix. In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's `process.emitWarning` API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once. #### Bug - session support detection spec compliance ([#​2732](https://redirect.github.com/mongodb/node-mongodb-native/issues/2732)) ([9baec71](https://redirect.github.com/mongodb/node-mongodb-native/commit/9baec7128f612f2d9c290c85d24e33602f911499)) - \[[NODE-3100](https://jira.mongodb.org/browse/NODE-3100)] - startSession fails intermittently on servers that support sessions - \[[NODE-3066](https://jira.mongodb.org/browse/NODE-3066)] - Accessing non-existent property 'MongoError' of module exports inside circular dependency - \[[NODE-3114](https://jira.mongodb.org/browse/NODE-3114)] - Incorrect warning: Top-level use of w, wtimeout, j, and fsync is deprecated - \[[NODE-3119](https://jira.mongodb.org/browse/NODE-3119)] - Node 14.5.4, mongo 3.6.4 Circular warnings ### [`v3.6.4`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.4) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.3...v3.6.4) ### MongoDB Driver v3.6.4 The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver #### Release Highlights ##### Explain Support The full set of $explain verbosity settings are now supported: - `queryPlanner` - `queryPlannerExtended` - `executionStats` - `allPlansExecution` In the following commands: - `aggregate()` (MDB 3.0+) - `find()` (MDB 3.0+) - `remove()` (MDB 3.0+) - `update()` (MDB 3.0+) - `distinct()` (MDB 3.2+) - `findAndModify()` (MDB 3.2+) - `mapReduce()` (MDB 4.4+) You can get a lot of insight into the performance of a query or optimization using these fine grained reports. To learn more about how to use explain [read here](https://docs.mongodb.com/manual/reference/method/cursor.explain/). ##### Direct Connection Issue Revert We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases. > **NOTE:** In the next major version the `unifiedTopology` is the only Topology and it is required to either specify a `replicaSet` name or enable `directConnection` in order to connect to single nodes in a replica set. ##### Support Azure and GCP keystores in FLE There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found [here](https://redirect.github.com/mongodb/libmongocrypt/releases/tag/node-v1.2.0) which prominently features support for these key stores. #### Documentation - Reference: http://mongodb.github.io/node-mongodb-native/3.6 - API: http://mongodb.github.io/node-mongodb-native/3.6/api - Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes ##### Bug - \[[NODE-2355](https://jira.mongodb.com/browse/NODE-2355)] - GridFSBucketWriteStream doesn't implement stream.Writable properly - \[[NODE-2828](https://jira.mongodb.com/browse/NODE-2828)] - noCursorTimeout does not seem to for find() - \[[NODE-2874](https://jira.mongodb.com/browse/NODE-2874)] - Setting connectionTimeoutMS to 0 will result in a disconnection every heartbeatFrequencyMS - \[[NODE-2876](https://jira.mongodb.com/browse/NODE-2876)] - Race condition when resetting server monitor - \[[NODE-2916](https://jira.mongodb.com/browse/NODE-2916)] - Legacy topology hangs with unlimited socket timeout - \[[NODE-2945](https://jira.mongodb.com/browse/NODE-2945)] - ignoreUndefined not works on findOneAndUpdate when { upsert: true } - \[[NODE-2965](https://jira.mongodb.com/browse/NODE-2965)] - MongoClient.readPreference returns "primary" ignoring readPref from connection string - \[[NODE-2966](https://jira.mongodb.com/browse/NODE-2966)] - Unified topology: server selection fails when trying to connect to a remote replica set with a member whose 'host' attribute resolves to 'localhost' - \[[NODE-2977](https://jira.mongodb.com/browse/NODE-2977)] - Query parameters with path in connection string not working on windows - \[[NODE-2986](https://jira.mongodb.com/browse/NODE-2986)] - MongoError: pool destroyed ##### Features - \[[NODE-2762](https://jira.mongodb.com/browse/NODE-2762)] - Comprehensive Support for Explain - \[[NODE-2852](https://jira.mongodb.com/browse/NODE-2852)] - Add explain support to non-cursor commands - \[[NODE-2853](https://jira.mongodb.com/browse/NODE-2853)] - Add explain support to cursor-based commands ##### Improvement - \[[NODE-1726](https://jira.mongodb.com/browse/NODE-1726)] - Deprecate Topology events in `Db` - \[[NODE-2825](https://jira.mongodb.com/browse/NODE-2825)] - Support Azure and GCP keystores in FLE - \[[NODE-2880](https://jira.mongodb.com/browse/NODE-2880)] - Improve stack traces in the session leak checker - \[[NODE-2895](https://jira.mongodb.com/browse/NODE-2895)] - Update AggregateCursor "unwind" method to match the native driver - \[[NODE-2995](https://jira.mongodb.com/browse/NODE-2995)] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption ### [`v3.6.3`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.3) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.2...v3.6.3) The MongoDB Node.js team is pleased to announce version 3.6.3 of the driver #### Release Highlights ##### [`MongoError: not master` when running `createIndex`](https://jira.mongodb.org/browse/NODE-2784) A regression introduced in v3.6.2 meant that `createIndex` operations would not be executed with a fixed primary read preference. This resulted in the driver selecting any server for the operation, which would fail if a non-primary was selected. ##### [Performance issues on AWS Lambda](https://jira.mongodb.org/browse/NODE-2829) The driver periodically monitors members of the replicaset for changes in the topology, but ensures that the "monitoring thread" is never woken sooner than 500ms. Measuring this elapsed time depends on a stable clock, which is not available to us in some virtualized environments like AWS Lambda. The result was that periodically operations would think there were no available servers, and the driver would force a wait of `heartbeatFrequencyMS` (10s by default) before reaching out to servers again for a new monitoring check. The internal async interval timer has been improved to account for these environments ##### [GSSAPI AuthProvider reuses single kerberos client](https://jira.mongodb.org/browse/NODE-2859) A regression introduced in v3.6.0 forced the driver to reuse a single kerberos client for all authentication attempts. This would result in incomplete authentication flows, and occaisionally even a crash in the `kerberos` module. The driver has been reverted to creating a kerberos client per authentication attempt. ##### [Performance regression due to use of `setImmediate`](https://jira.mongodb.org/browse/NODE-2861) A change introduced in v3.6.1 switched all our usage of `process.nextTick` in the connection pool with `setImmediate` per [Node.js core recommendation](https://nodejs.org/en/docs/guides/event-loop-timers-and-nexttick/#process-nexttick-vs-setimmediate). This was observed to introduce noticeable latency when the event loop was experiencing pressure, so the change was reverted for this release pending further investigation. ##### Community Contributions - [@​jswangjunsheng](https://redirect.github.com/jswangjunsheng) submitted a fix for a rare scenario when wait queue members time out before connection establishment - [@​through-a-haze](https://redirect.github.com/through-a-haze) submitted a fix for incorrect construction of an X509 authentication message - [@​andreialecu](https://redirect.github.com/andreialecu) helped us indicate peer optional dependencies in our `package.json` for stricter package managers (pnpm, yarn2) #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.6/ API: http://mongodb.github.io/node-mongodb-native/3.6/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2172] - Change stream breaks on disconnection when there&#​39;s something piped into it.
• [NODE-2784] - MongoError: Not Master when running createIndex in 3.6.0
• [NODE-2807] - MongoClient.readPreference always returns primary
• [NODE-2827] - Connecting to single mongos makes driver think it is connected to a standalone
• [NODE-2829] - MongoDB Driver 3.6+ Performance issues on AWS Lambda
• [NODE-2835] - Remove default timeout for read operations
• [NODE-2859] - GSSAPI AuthProvider causing crashes in Compass
• [NODE-2861] - Performance Regression for usage of mongodb connections (queries, inserts, ...)
• [NODE-2865] - Connections can be leaked if wait queue members are cancelled
• [NODE-2869] - Invalid assignment of X509 username makes authentication impossible

Improvement

• [NODE-2834] - Remove deprecation of AggregationCursor#geoNear
• [NODE-2867] - Use peerDependenciesMeta field to mark peer optional dependencies

### [`v3.6.2`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.2) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.1...v3.6.2) The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver #### Release Highlights ##### Updated `bl` dependency due to CVE-2020-8244 See this link for more details: https://github.com/advisories/GHSA-pp7h-53gx-mx7r ##### Connection pool wait queue processing is too greedy The logic for processing the wait queue in our connection pool ran the risk of starving the event loop. Calls to process the wait queue are now wrapped in a `setImmediate` to prevent starvation #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.6/ API: http://mongodb.github.io/node-mongodb-native/3.6/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2798] - Update version of dependency "bl" due to vulnerability
• [NODE-2803] - Connection pool wait queue processing is too greedy

### [`v3.6.1`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.1) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.6.0...v3.6.1) The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver #### Release Highlights ##### Kerberos A bug in introducing the new [CMAP](https://redirect.github.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly authenticating with the `kerberos` module. ##### Index options are not respected with `createIndex` The logic for building the `createIndex` command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist. ##### Remove strict mode for `createCollection` Since v3.6.0 `createCollection` will no longer returned a cached `Collection` instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the `strict` option for `createCollection`, so that option has been removed from documentation. #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.6/ API: http://mongodb.github.io/node-mongodb-native/3.6/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2755] - "language_override" option support for text index is broken

Improvement

• [NODE-2730] - Move MongoAuthProcess into the driver source tree
• [NODE-2746] - Strict mode for `createCollection` should be removed

### [`v3.6.0`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.6.0) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.11...v3.6.0) The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver **NOTE:** This version begins our official support for MongoDB 4.4 #### Release Highlights ##### Streaming topology changes MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome. This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code. ##### Authentication ##### MONGODB-AWS authentication mechanism The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our [documentation](https://docs.mongodb.com/drivers/node/fundamentals/authentication/mechanisms#mongodb-aws). ##### Performance improvements There were two projects to transparently improve performance of authentication in MongoDB 4.4: - A driver can now include the first `saslStart` command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms. - The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication. ##### Changes in behavior of `Db.prototype.createCollection` The `createCollection` helper used to internally run a `listCollections` command in order to see if a collection already existed before running the command. If it determined a collection with the same name existed, it would skip running the command and return an instance of `Collection`. This behavior was changed in v3.6.0 to avoid potentially serious bugs, specifically that the driver was not considering options passed into `createCollection` as part of the collection equality check. Imagine the following scenario: const client = new MongoClient('...'); await client.connect();   await client.db('foo').collection('bar').insert({ importantField: 'llamas' }); await client.db('foo').createCollection('bar', { validator: { $jsonSchema: { bsonType: 'object', required: ['importantField'], properties: { name: { bsonType: 'boolean' } } } }); The `createCollection` call which defines a JSON schema validator would be completely bypassed because of the existence of `bar`, which was implicitly created in the first command. Our policy is strictly adhere to semver, but in rare cases like this where we feel there is potential for a data corrupting bug, we make breaking behavioral changes to protect the user. #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.6/ API: http://mongodb.github.io/node-mongodb-native/3.6/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Epic

• [NODE-2450] - Node MongoDB 4.4 Support

New Feature

• [NODE-2434] - Reduce Client Time To Recovery On Topology Changes
• [NODE-2288] - MONGODB-AWS Support
• [NODE-2289] - Support for allowDiskUse on find operations
• [NODE-2290] - Allow passing hint to findAndModify update and replace operations
• [NODE-2291] - Improve testing around default writeConcern
• [NODE-2295] - Collection and index creation in multi-doc txns
• [NODE-2427] - OCSP Support
• [NODE-2487] - Support speculative authentication attempts in isMaster
• [NODE-2301] - Support shorter SCRAM conversation
• [NODE-2269] - Add support for validate command "background" option

Improvement

• [NODE-2175] - Avoid using readConcern snapshot in sharded transaction tests
• [NODE-2176] - Resync bson-corpus array.json to fix duplicate test names
• [NODE-2393] - Change uri_options/auth-options spec test to enable conditional tests
• [NODE-2394] - Verify max set version and max election id on topologies in SDAM spec tests
• [NODE-2422] - Validate that mongocryptd is not spawned if bypassAutoEncryption=true
• [NODE-2430] - Raise error if hint specified for unacknowledged update using OP_MSG or OP_UPDATE
• [NODE-2431] - Reduce floating point precision required of extended json implementations
• [NODE-2432] - Clarify behavior when "me" field doesn&#​39;t match any values in "hosts" array
• [NODE-2477] - Allow hinting the delete command
• [NODE-2504] - Add SDAM test for incompatible server becoming compatible
• [NODE-2506] - Ensure that the WriteConcernError "errInfo" object is propagated
• [NODE-2538] - Add RetryableWriteError error labels to retryable transaction tests
• [NODE-2546] - Deprecate geoHaystack and geoSearch
• [NODE-2559] - Reduce race conditions in SDAM error handling
• [NODE-2560] - Make &#​39;reIndex&#​39; a standalone-only command
• [NODE-2564] - Clarify how a driver must handle wrong set name in single topology
• [NODE-2569] - &#​39;CommitQuorum&#​39; option support for &#​39;createIndexes’ command on MongoDB 4.4
• [NODE-2576] - Raise error when hint option is provided on unacknowledged writes against any server version
• [NODE-2592] - Update documentation for Text Search
• [NODE-2594] - Do not add the RetryableWriteError label to errors that occur during a write within a transaction (excepting commitTransaction and abortTransaction)
• [NODE-2622] - allowDiskUse option for find should be documented as only being supported in 4.4+
• [NODE-2627] - Reduce default keepalive time to align with Azure defaults
• [NODE-2659] - Drivers should retry replSetStepDown after "Unable to acquire X lock" error
• [NODE-2661] - Define behavior of connectTimeoutMS=0 with streaming protocol
• [NODE-2675] - Test that ElectionInProgress is not resumed
• [NODE-2682] - Treat CursorNotFound as a resumable change stream error
• [NODE-2150] - Bump wire protocol version for 4.4
• [NODE-2379] - Expand use of error labels for RetryableWrites
• [NODE-2423] - Deprecate oplogReplay find command option from CRUD spec
• [NODE-2426] - Make ExceededTimeLimit retryable writes error
• [NODE-2429] - GridFS index checking should support indexes created in the shell
• [NODE-2433] - Lift restriction on authSource without credentials
• [NODE-2452] - Unify behavior around configuration for replica set discovery
• [NODE-2510] - Driver support for server Hedged Reads
• [NODE-2516] - Update comment in Transactions withTxn examples for the manual.
• [NODE-2557] - Remove replicaset from tests that perform reIndex command

Bug

• [NODE-2416] - Confusing documentation for collection.aggregate collation option
• [NODE-2502] - replaceOne example in test/examples/update_documents.js incorrect
• [NODE-2537] - createCollection helper should not run listIndexes outside of strict mode
• [NODE-2567] - Fix qs dependency for older node
• [NODE-2616] - SDAM test typo "compatible"
• [NODE-2623] - Gridfs doesn&#​39;t allow to catch exception with length that exceeds file size
• [NODE-2660] - Throw an error if bulk update documents don&#​39;t contain update operator expressions
• [NODE-2711] - Monitoring should not be immediately scheduled on streaming failure

### [`v3.5.11`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.11) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.10...v3.5.11) The MongoDB Node.js team is pleased to announce version 3.5.11 of the driver #### Release Highlights ##### Kerberos A bug in introducing the new [CMAP](https://redirect.github.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly authenticating with the `kerberos` module. ##### Updated `bl` dependency due to CVE-2020-8244 See this link for more details: https://github.com/advisories/GHSA-pp7h-53gx-mx7r #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.5/ API: http://mongodb.github.io/node-mongodb-native/3.5/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2798] - Update version of dependency "bl" due to vulnerability

### [`v3.5.10`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.10) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.9...v3.5.10) The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver **NOTE:** This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0 #### Release Highlights ##### [TypeError: Cannot read property 'documents' of null](https://jira.mongodb.org/browse/NODE-2626) [@​adrian-gierakowski](https://redirect.github.com/adrian-gierakowski) helped us identify a bug with our ChangeStreamCursor, specifically when the cursor was complete it would not return a valid document but instead a `null` value. ##### Command helper not respecting server selection specification rules The [server selection specification](https://redirect.github.com/mongodb/specifications/blob/master/source/server-selection/server-selection.rst#use-of-read-preferences-with-commands) indicates that the "runCommand" helper should act as a read operation for the purposes of server selection, and that it should use a default read preference of "primary" which can only be overridden by the helper itself. The driver had a bug where it would inherit the read preference from its "parent" type (`Collection`, `Db`, `MongoClient`) which is at odds with the specified behavior. ##### `mongodb+srv` invalid IPv6 support Due to a bug in how we referred to ipv6 addresses internal to the driver, if a `mongodb+srv` connection string was provided with an ipv6 address the driver would never be able to connect and would result in a the following error `RangeError: Maximum call stack size exceeded`. ##### `maxStalenessSeconds` not accepted when provided via options There was a bug in our connection string and `MongoClient` options parsing where a value provided for `maxStalenessSeconds` would not end up being reflected in the `ReadPreference` used internal to the driver. ##### Sessions are prohibited with unacknowledged writes MongoDB can provide no guarantees around unacknowledged writes when used within a session. The driver will now silently remove the `lsid` field from all writes issued with `{ w: 0 }`, and will return an error in these situations in the upcoming 4.0 major release. #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.5/ API: http://mongodb.github.io/node-mongodb-native/3.5/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2626] - initialising change stream results in: TypeError: Cannot read property &#​39;documents&#​39; of null
• [NODE-2649] - Driver 3.5.x with useUnifiedTopology sends admin commands to secondary
• [NODE-2671] - ipv6 is not supported when using dns service discovering
• [NODE-2678] - ReadPreference.fromOptions doesn&#​39;t pull "maxStalenessSeconds" from options

Improvement

• [NODE-1341] - Prohibit using unacknowledged writes with explicit sessions

### [`v3.5.9`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.9) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.8...v3.5.9) The MongoDB Node.js team is pleased to announce version 3.5.9 of the driver #### Release Highlights ##### [Use duration of handshake if no previous roundTripTime exists](https://jira.mongodb.org/browse/NODE-2652'>NODE-2652) The default `roundTripTime` of a `ServerDescription` is -1, which means if that value is used we can potentially calculate a negative `roundTripTime`. Instead, if no previous `roundTripTime` exists, we use the duration of the initial handshake. ##### [the options \[maxIdleTimeMS\] is not supported](https://jira.mongodb.org/browse/NODE-2637) A number of new options were added when the [CMAP](https://redirect.github.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) compliant connection pool was introduced in 3.5.x. Unfortunately, these options were not documented properly. Now they are mentioned in the `MongoClient` documentation, with a notice that they are only supported with the unified topology. ##### [TypeError: Reduce of empty array with no initial value](https://jira.mongodb.org/browse/NODE-2641) A fix in 3.5.8 which ensured proper filtering of servers during server selection exposed an issue in max staleness calculations when the topology type is `ReplicaSetNoPrimary` and no servers are currently known. In order to estimate an upper bound of max staleness when there is no primary, the most stale known server is known to compare the others to - if there are no known servers, you can't reduce the array! ##### [Server monitoring is prevented under heavy request load](https://jira.mongodb.org/browse/NODE-2643) In certain very high load fail-over scenarios the driver is unable to reschedule a monitoring check in order to update its view of the topology for retryability. This would result in a high number of failed operations, as they were unable to determine a new viable server. #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.5/ API: http://mongodb.github.io/node-mongodb-native/3.5/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2637] - connection pool options support for MongoClient
• [NODE-2641] - maxStalenessReducer fails on empty set of servers
• [NODE-2643] - Server monitoring is prevented under heavy request load
• [NODE-2652] - Use duration of initial handshake if no roundTripTime value exists for server

Improvement

• [NODE-2651] - Use consistent means of measuring time

### [`v3.5.8`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.8) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8) The MongoDB Node.js team is pleased to announce version 3.5.8 of the driver #### Release Highlights ##### [Fixes for NEAREST latency window calculation](https://jira.mongodb.org/browse/NODE-2407) [@​adityapatadia](https://redirect.github.com/adityapatadia) helped uncover an issue with our server selection logic which filtered out servers after evaluating whether they were in the latency window. This meant that non-viable servers were considered during the window calculation and would render certain viable servers unviable. ##### [BulkWriteError `writeErrors` property](https://jira.mongodb.org/browse/NODE-2625) [@​vkarpov15](https://redirect.github.com/vkarpov15) submitted a patch to always include `writeErrors` on a `BulkWriteError`. We have logic to set the `message` of `BulkWriteError` to the message of the first error encountered if there is only one error. Unfortunately, this logic removed the `writeErrors` field when doing that, so users could be faced with an error which conditionally changed shape. ##### [Memory leak in timed out wait queue members](https://jira.mongodb.org/browse/NODE-2413) [@​dead-horse](https://redirect.github.com/dead-horse) identified a memory leak in the new connection pool where wait queue members which timed out might be left in the queue indefinitely under sufficient load. The fix here was to ensure that all wait queue members are flushed during wait queue processing before evaluating whether there were available sockets to process new requests. ##### [Implicit sessions cleanup improvements](https://jira.mongodb.org/browse/NODE-2630) Once [@​dead-horse](https://redirect.github.com/dead-horse) was able to patch the connection pool memory leak, they also identified a edge case where implicit sessions could be leaked in a very specific error condition. The logic to release implicit sessions was simplified, preventing this from happening in the future ##### [Unordered bulk writes continue-on-error](https://jira.mongodb.org/browse/NODE-2619) A bug introduced last summer prevented unordered bulk write operations from continuing after the first write error - one of the most important features of being an unordered operation. We now properly support this feature again. ##### [`journal` in connection string is ignored](https://jira.mongodb.org/browse/NODE-2442) [@​nknighter](https://redirect.github.com/nknighter) filed a report that the `journal` option was ignored when provided via the connection string. The paramater `j` was supported both through the connection string and explicit added to `MongoClient` options, but the official documentation for connection strings support a `journal` option. #### Documentation Reference: http://mongodb.github.io/node-mongodb-native/3.5/ API: http://mongodb.github.io/node-mongodb-native/3.5/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md We invite you to try the driver immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2407] - UnifiedTopology + near read makes application crash with timeout error when one of replica server is down
• [NODE-2413] - The node process enters an infinite loop at the pool and causes OOM
• [NODE-2442] - journal=true is ignored in connection string
• [NODE-2548] - Change streams do not resume from errors
• [NODE-2565] - Change stream should not check for NonResumableChangeStreamError label
• [NODE-2619] - Unordered bulk write aborts on first encountered error
• [NODE-2625] - BulkWriteError should always have a writeErrors field

Task

• [NODE-2478] - Use white list for change stream resumability
• [NODE-2598] - Change stream close refactor
• [NODE-2605] - Refactor shared test helpers to improve usability

Improvement

• [NODE-2522] - Remove ElectionInProgress (216) from ResumableChangeStreamError
• [NODE-2571] - Don&#​39;t use admin database for FLE tests
• [NODE-2630] - Simplify code path for ending implicit sessions in cursors

### [`v3.5.7`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.7) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.6...v3.5.7) The MongoDB Node.js team is pleased to announce version 3.5.7 of the driver #### Release Highlights ##### Warning: Accessing non-existent property 'count' of module exports inside circular dependency Work earlier this year left some dead code in our operations code, resulting in this warning message reported by multiple users. While we still have a few cycles in our codebase yet, this will quiet Node.js 14's circular dependency warnings. ##### Sessions are only acquired when operations are executed Drivers use an implicit session for all operations where an explicit session is not provided. A subtle bug was introduced when session support was implemented where implicit sessions were created and assigned to operations even if they were about to sit in a queue waiting for execution. This results in the driver creating many sessions rather than reusing pooled ones. The fix is to ensure a session is only checked out of the pool when the operation is about to be written to a server. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2536] - Circular dependency in Node.js 14 nightly
• [NODE-2552] - Server session creation grows unbounded with every operation call

Improvement

• [NODE-2534] - Document options supported by the unified topology
• [NODE-2560] - Make &#​39;reIndex&#​39; a standalone-only command

### [`v3.5.6`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.6) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.5...v3.5.6) The MongoDB Node.js team is pleased to announce version 3.5.6 of the driver #### Release Highlights ##### Regression in `map` when cursor used as a stream [@​dobesv](https://redirect.github.com/dobesv) helped identify a regression where a map function would be applied twice if defined on a cursor, and that cursor was used to stream data. ##### TypeError: Cannot read property 'code' of undefined User [@​linus-hologram](https://redirect.github.com/linus-hologram) originally reported an issue with a TypeError when the lambda passed to the `withTransaction` helper rejected with a `null` value. [@​vkarpov15](https://redirect.github.com/vkarpov15) submitted the fix. ##### `readPreferenceTags` interpreted as an array A bug was fixed where `readPreferenceTags` with a single value in the connection string was not properly interpreted as an array of tags. This prevented the [Use Analytics Nodes to Isolate Workload](https://docs.atlas.mongodb.com/reference/replica-set-tags/#use-analytics-nodes-to-isolate-workloads) guidance from working correctly. ##### Cannot set property 'isDirty' of null User [@​sean-daley](https://redirect.github.com/sean-daley) reported seeing this in an AWS Lambda environment, but has proven to be somewhat of a heisenbug. We are rolling out a fix here that ensures sessions (implicit or not) are not used after they have been explicitly ended. Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2503] - Cursor ReadStream applies map function twice
• [NODE-2515] - TypeError when transaction is rejected with empty reason
• [NODE-2541] - readPreferenceTags are not interpreted as an array
• [NODE-2545] - Cannot set property &#​39;isDirty&#​39; of null
• [NODE-2549] - Unknown topology should return empty array for server selection with read preference

### [`v3.5.5`](https://redirect.github.com/mongodb/node-mongodb-native/releases/tag/v3.5.5) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.4...v3.5.5) The MongoDB Node.js team is pleased to announce version 3.5.5 of the driver #### Release Highlights ##### Regression in `hasNext` when using a cursor with a limit [@​peterbroadhurst](https://redirect.github.com/peterbroadhurst) helped point out a regression introduced in v3.5.4 where using `hasNext` on a cusor with a limit would not return the full set of results. ##### Ignored topology updates cause servers to fall out of latency window A change introduced across all MongoDB drivers, and in particular v3.5.0 of the Node.js driver, attempted to prevent needless duplicate `topologyDescriptionChanged` topology events by introducing a `ServerDescription` equality operator. Since equality does not take the `lastUpdateTime` and `lastWriteDate` fields of an ismaster into account, the driver could eventually consider servers non-suitable for server selection, since they would fall out of the [latency window](https://redirect.github.com/mongodb/specifications/blob/master/source/server-selection/server-selection.rst#round-trip-times-and-the-latency-window). All updates are considered viable for topology updates now, and *only* event emission is gated by `ServerDescription` equality. ##### Memory leaks with Node.js v12+ The legacy topology types (in particular if you were connected to a replic set) used a custom `Timeout` class to wrap a timer. Unfortunately, the class depended on an undocumented, private variable `_called`, which was removed in Node.js v12. This would lead to the driver thinking the timeout never occurred, and therefore never releasing the object for garbage collection. We recommend users of the legacy topology types immediately update to this version of the driver, or use the Unified Topology which is unaffected by this bug. ##### TypeError: Cannot read property 'Symbol(cancelled)' of undefined [@​erfanium](https://redirect.github.com/erfanium) and [@​Paic](https://redirect.github.com/Paic) helped us identify an issue in rare failover events where multiple requests to process the server selection queue would result in an attempted property access of an `undefined` variable. ##### `promiseLibrary` not respected by newly introduced `maybePromise` helper [@​tobyealden](https://redirect.github.com/tobyealden) pointed out that an internal refactor to use a helper to optionally return a `Promise` for top level API methods was not, in fact, using a custom promise library if one was provided! Thanks very much to all the community members who contributed to this release! #### Release Notes

Bug

• [NODE-2460] - Memory Leak with ReplSet and NodeJS v12
• [NODE-2472] - TypeError on server available with useUnifiedTopology: true
• [NODE-2474] - Server_Description update with lastUpdateTime / lastWriteDate fields is ignored in topology
• [NODE-2480] - TypeError after reconnecting
• [NODE-2483] - Regression using hasNext on cursor with limit
• [NODE-2490] - promiseLibrary option is not honoured

### [`v3.5.4`](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#354-2020-02-25) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.3...v3.5.4) ##### Bug Fixes - **cmap:** don't run min connection thread if no minimum specified ([2d1b713](https://redirect.github.com/mongodb/node-mongodb-native/commit/2d1b713)) - **sdam:** use ObjectId comparison to track maxElectionId ([a1e0849](https://redirect.github.com/mongodb/node-mongodb-native/commit/a1e0849)) - **topology:** ensure selection wait queue is always processed ([bf701d6](https://redirect.github.com/mongodb/node-mongodb-native/commit/bf701d6)) - **topology:** enter `STATE_CLOSING` before draining waitQueue ([494dffb](https://redirect.github.com/mongodb/node-mongodb-native/commit/494dffb)) - don't consume first document when calling `hasNext` on cursor ([bb359a1](https://redirect.github.com/mongodb/node-mongodb-native/commit/bb359a1)) ##### Features - add utility helper for returning promises or using callbacks ([ac9e4c9](https://redirect.github.com/mongodb/node-mongodb-native/commit/ac9e4c9)) ### [`v3.5.3`](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#353-2020-02-12) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.2...v3.5.3) ##### Bug Fixes - **message-stream:** support multiple inbound message packets ([8388443](https://redirect.github.com/mongodb/node-mongodb-native/commit/8388443)) - **server:** non-timeout network errors transition to Unknown state ([fa4b01b](https://redirect.github.com/mongodb/node-mongodb-native/commit/fa4b01b)) ##### Features - **connection:** support exhaust behavior at the transport level ([9ccf268](https://redirect.github.com/mongodb/node-mongodb-native/commit/9ccf268)) ### [`v3.5.2`](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#352-2020-01-20) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.1...v3.5.2) ##### Bug Fixes - properly handle err messages in MongoDB 2.6 servers ([0f4ab38](https://redirect.github.com/mongodb/node-mongodb-native/commit/0f4ab38)) - **topology:** always emit SDAM unrecoverable errors ([57f158f](https://redirect.github.com/mongodb/node-mongodb-native/commit/57f158f)) ### [`v3.5.1`](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#351-2020-01-17) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.5.0...v3.5.1) ##### Bug Fixes - **cmap:** accept all node TLS options as pool options ([5995d1d](https://redirect.github.com/mongodb/node-mongodb-native/commit/5995d1d)) - **cmap:** error wait queue members on failed connection creation ([d13b153](https://redirect.github.com/mongodb/node-mongodb-native/commit/d13b153)) - **connect:** listen to `secureConnect` for tls connections ([f8bdb8d](https://redirect.github.com/mongodb/node-mongodb-native/commit/f8bdb8d)) - **transactions:** use options helper to resolve read preference ([9698a76](https://redirect.github.com/mongodb/node-mongodb-native/commit/9698a76)) - **uri_parser:** TLS uri variants imply `ssl=true` ([c8d182e](https://redirect.github.com/mongodb/node-mongodb-native/commit/c8d182e)) ### [`v3.5.0`](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#350-2020-01-14) [Compare Source](https://redirect.github.com/mongodb/node-mongodb-native/compare/v3.4.1...v3.5.0) ##### Bug Fixes - copy `ssl` option to pool connection options ([563ced6](https://redirect.github.com/mongodb/node-mongodb-native/commit/563ced6)) - destroy connections marked as closed on checkIn / checkOut ([2bd17a6](https://redirect.github.com/mongodb/node-mongodb-native/commit/2bd17a6)) - ensure sync errors are thrown, and don't callback twice ([cca5b49](https://redirect.github.com/mongodb/node-mongodb-native/commit/cca5b49)) - ignore connection errors during pool destruction ([b8805dc](https://redirect.github.com/mongodb/node-mongodb-native/commit/b8805dc)) - not all message payloads are arrays of Buffer ([e4df5f4](https://redirect.github.com/mongodb/node-mongodb-native/commit/e4df5f4)) - recover on network error during initial connect ([a13dc68](https://redirect.github.com/mongodb/node-mongodb-native/commit/a13dc68)) - remove servers with me mismatch in `updateRsFromPrimary` ([95a772e](https://redirect.github.com/mongodb/node-mongodb-native/commit/95a772e)) - report the correct platform in client metadata ([35d0274](https://redirect.github.com/mongodb/node-mongodb-native/commit/35d0274)) - reschedule monitoring before emitting heartbeat events ([7fcbeb5](https://redirect.github.com/mongodb/node-mongodb-native/commit/7fcbeb5)) - socket timeout for handshake should be `connectTimeoutMS` ([c83af9a](https://redirect.github.com/mongodb/node-mongodb-native/commit/c83af9a)) - timed out streams should be destroyed on `timeout` event ([5319ff9](https://redirect.github.com/mongodb/node-mongodb-native/commit/5319ff9)) - use remote address for stream identifier ([f13c20b](https://redirect.github.com/mongodb/node-mongodb-native/commit/f13c20b)) - used weighted RTT calculation for server selection ([d446be5](https://redirect.github.com/mongodb/node-mongodb-native/commit/d446be5)) - **execute-operation:** don't swallow synchronous errors ([0a2d4e9](https://redirect.github.com/mongodb/node-mongodb-native/commit/0a2d4e9)) - **gridfs:** make a copy of chunk before writing to server ([b4ec5b8](https://redirect.github.com/mongodb/node-mongodb-native/commit/b4ec5b8)) ##### Features - add a `withConnection` helper to the connection pool ([d59dced](https://redirect.github.com/mongodb/node-mongodb-native/commit/d59dced)) - include `connectionId` for APM with new CMAP connection pool ([9bd360c](https://redirect.github.com/mongodb/node-mongodb-native/commit/9bd360c)) - integrate CMAP connection pool into unified topology ([9dd3939](https://redirect.github.com/mongodb/node-mongodb-native/commit/9dd3939)) - introduce `MongoServerSelectionError` ([0cf7ec9](https://redirect.github.com/mongodb/node-mongodb-native/commit/0cf7ec9)) - introduce a class for tracking stream specific attributes ([f6bf82c](https://redirect.github.com/mongodb/no