Snyk has created this PR to upgrade mongodb from 5.8.1 to 5.9.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2023-09-14.
The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!
Release Notes
Bumped bson version to make use of new Decimal128 behaviour
In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.
Use region settings for STS AWS credentials request
When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.
The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().
Important
The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTSMUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.
Fix memory leak with ChangeStreams
In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.
The function is now implemented as a loop, memory leak be gone!
Snyk has created this PR to upgrade mongodb from 5.8.1 to 5.9.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: mongodb
-
5.9.0 - 2023-09-14
- NODE-5564: bump bson version to ^5.5.0 (#3865) (dc110e0)
- NODE-5550: set AWS region from environment variable for STSClient (#3851) (2fab06b)
- NODE-5587: recursive calls to next cause memory leak (#3842) (f60f1b5)
- Reference
- API
- Changelog
-
5.8.1 - 2023-08-23
- NODE-5572: fix saslprep import (#3837) (250dc21)
- Reference
- API
- Changelog
from mongodb GitHub release notes5.9.0 (2023-09-14)
The MongoDB Node.js team is pleased to announce version 5.9.0 of the
mongodbpackage!Release Notes
Bumped
bsonversion to make use of newDecimal128behaviourIn this release, we have adopted the changes made to
Decimal128in bson version 5.5. TheDecimal128constructor andfromString()methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a newfromStringWithRounding()method which restores the previous rounding behaviour.See the bson v5.5.0 release notes for more information.
Use region settings for STS AWS credentials request
When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables
AWS_STS_REGIONAL_ENDPOINTSandAWS_REGIONdo not directly control the region the SDK's STS client contacts for credentials.The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().
Important
The driver will only set region options if BOTH environment variables are present.
AWS_STS_REGIONAL_ENDPOINTSMUST be set to either'legacy'or'regional', andAWS_REGIONmust be set.Fix memory leak with ChangeStreams
In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the
nextfunction that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. ForChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.The function is now implemented as a loop, memory leak be gone!
Features
Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.5.8.1 (2023-08-23)
The MongoDB Node.js team is pleased to announce version 5.8.1 of the
mongodbpackage!Release Notes
Import of
saslprepupdated to correct library.Fixes the import of saslprep to be the correct
@ mongodb-js/saslpreplibrary.Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.Commit messages
Package name: mongodb
- 6861e19 chore(5.x): release 5.9.0 [skip-ci] (#3852)
- dc110e0 feat(NODE-5564): bump bson version to ^5.5.0 (#3865)
- 3e56c67 test(NODE-5619): use npm 9 on eol node versions (#3861)
- f60f1b5 fix(NODE-5587): recursive calls to next cause memory leak (#3842)
- 2fab06b fix(NODE-5550): set AWS region from environment variable for STSClient (#3851)
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs