Fix vulnerabilities

[EricThompson-PeopleReign]

This PR bumps the versions for vow and mongodb. This fixes 5 different vulnerabilities total and allos this package to pass vulnerability testing that's required by some CI/CD process.

[EricThompson-PeopleReign]

@wzrdtales Any chance of getting this merged in?

[wzrdtales]

there is unfortunately no ci running a test against this, so not easily mergeable right now due to missing certainty that nothing breaks. If you could take the time to get gitlab actions here that would be awesome

otherwise only have two comments

[EricThompson-PeopleReign]

Thanks @wzrdtales, I have since done some manual testing and the newer version of mongodb client doesn't play well with this package. I don't know enough about this package or the mongodb client to fix the things that moved in the upgrade v3.x -> 4.x.

[wzrdtales]

as far as i remember someone from the community gave it a shot before, but stopped working on it. I guess also @BorntraegerMarc who wrote this package initially is out of time. I am not a mongo user at all and wont be, am avoiding it for a good reason :p , so all I will give here is technical advice in general. The best person to maintain the mongo driver is someone actually using it.

Writing a driver itself is fairly "easy" though see https://db-migrate.readthedocs.io/en/latest/Developers/contributing/#creating-your-own-driver

[BorntraegerMarc]

Yeah, sorry… my prios kinda shifted 🙂