search

mongodb-js / data-service

The MongoDB Data Service
Apache License 2.0
7 stars 4 forks source link

build(deps): bump mongodb from 3.5.7 to 3.6.0 #239

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps mongodb from 3.5.7 to 3.6.0.

Release notes

Sourced from mongodb's releases.

v3.6.0

The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver

NOTE: This version begins our official support for MongoDB 4.4

Release Highlights

Streaming topology changes

MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome.

This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code.

Authentication

MONGODB-AWS authentication mechanism

The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our documentation.

Performance improvements

There were two projects to transparently improve performance of authentication in MongoDB 4.4:

  • A driver can now include the first saslStart command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms.

  • The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication.

OCSP stapling testing

OCSP stapling greatly improves performance when using LetsEncrypt certificates, removing the need for an external request to LetsEncrypt servers for each authentication attempt. No additional changes were required to support OCSP stapling in the driver, but extensive testing was added to verify that the feature works as expected.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/ API: http://mongodb.github.io/node-mongodb-native/3.6/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Commits
  • d84d14b chore(release): 3.6.0
  • a053f4e fix: silently ignore session with unacknowledged write
  • dfe7afa fix: ReadPreference maxStalenessSeconds from options
  • d728a13 fix: remove destructuring assignments for legacy node support
  • 4666646 chore: adds test for SRV + directConnection
  • 5d7c556 test: avoid unable to acquire lock errors on primary stepdown
  • 5bd16e2 chore: sync connectTimeoutMS SDAM spec test
  • 603d445 docs: add banner with link to new reference documentation
  • 19ec62f fix: IPv6 is not supported when using dns service discovery
  • 31ae3c9 fix: assert update/replace atomic requirements in bulk operations
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 4 years ago

Superseded by #248.