search

apiaryio / dredd-example

Example application using Dredd and CI
MIT License
85 stars 61 forks source link

chore(deps-dev): bump mongodb from 3.3.3 to 3.5.5 #94

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps mongodb from 3.3.3 to 3.5.5.

Release notes

Sourced from mongodb's releases.

v3.5.5

The MongoDB Node.js team is pleased to announce version 3.5.5 of the driver

Release Highlights

Regression in hasNext when using a cursor with a limit

@peterbroadhurst helped point out a regression introduced in v3.5.4 where using hasNext on a cusor with a limit would not return the full set of results.

Ignored topology updates cause servers to fall out of latency window

A change introduced across all MongoDB drivers, and in particular v3.5.0 of the Node.js driver, attempted to prevent needless duplicate topologyDescriptionChanged topology events by introducing a ServerDescription equality operator. Since equality does not take the lastUpdateTime and lastWriteDate fields of an ismaster into account, the driver could eventually consider servers non-suitable for server selection, since they would fall out of the latency window. All updates are considered viable for topology updates now, and only event emission is gated by ServerDescription equality.

Memory leaks with Node.js v12+

The legacy topology types (in particular if you were connected to a replic set) used a custom Timeout class to wrap a timer. Unfortunately, the class depended on an undocumented, private variable _called, which was removed in Node.js v12. This would lead to the driver thinking the timeout never occurred, and therefore never releasing the object for garbage collection. We recommend users of the legacy topology types immediately update to this version of the driver, or use the Unified Topology which is unaffected by this bug.

TypeError: Cannot read property 'Symbol(cancelled)' of undefined

@erfanium and @Paic helped us identify an issue in rare failover events where multiple requests to process the server selection queue would result in an attempted property access of an undefined variable.

promiseLibrary not respected by newly introduced maybePromise helper

@tobyealden pointed out that an internal refactor to use a helper to optionally return a Promise for top level API methods was not, in fact, using a custom promise library if one was provided!

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

  • [NODE-2460] - Memory Leak with ReplSet and NodeJS v12
  • [NODE-2472] - TypeError on server available with useUnifiedTopology: true
  • [NODE-2474] - Server_Description update with lastUpdateTime / lastWriteDate fields is ignored in topology
  • [NODE-2480] - TypeError after reconnecting ... (truncated)
Commits
  • d7ac176 chore(release): 3.5.5
  • f69f51c fix: multiple concurrent attempts to process the queue may fail
  • cde11ec fix: pass optional promise lib to maybePromise
  • 0c36a32 NODE-2474: update equal server description (#2260)
  • 6b3b64d test: ensure mock server is setup before continuing with tests
  • 6238c84 fix: correctly use template string for connection string error message
  • 44097c2 test: use a reduced minHeartbeatFrequencyMS for spec test runner
  • ef04d00 fix(cursor): hasNext consumes documents on cursor with limit
  • b72fefe docs: update community links to use MongoDB Community forums
  • e7dd608 docs: fix typo and formatting of bulletted lists
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in the `.dependabot/config.yml` file in this repo: - Update frequency - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 4 years ago

Superseded by #96.