search

mongodb / chatbot

MongoDB Chatbot Framework. Powered by MongoDB and Atlas Vector Search.
https://mongodb.github.io/chatbot/
Apache License 2.0
115 stars 53 forks source link

[Snyk] Upgrade mongodb from 5.8.1 to 5.9.1 #238

Closed admin-token-bot closed 9 months ago

admin-token-bot commented 9 months ago

Snyk has created this PR to upgrade mongodb from 5.8.1 to 5.9.1.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Release notes
Package name: mongodb
  • 5.9.1 - 2023-10-20

    5.9.1 (2023-10-18)

    The MongoDB Node.js team is pleased to announce version 5.9.1 of the mongodb package!

    Release Notes

    insertedIds in bulk write now contain only successful insertions

    Prior to this fix, the bulk write error's result.insertedIds property contained the _id of each attempted insert in a bulk operation.

    Now, when a bulkwrite() or an insertMany() operation rejects one or more inserts, throwing an error, the error's result.insertedIds property will only contain the _id fields of successfully inserted documents.

    Fixed edge case leak in findOne()

    When running a findOne against a time series collection, the driver left the implicit session for the cursor un-ended due to the way the server returns the resulting cursor information. Now the cursor will always be cleaned up regardless of the outcome of the find operation.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.9.0 - 2023-09-14

    5.9.0 (2023-09-14)

    The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!

    Release Notes

    Bumped bson version to make use of new Decimal128 behaviour

    In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.

    See the bson v5.5.0 release notes for more information.

    Use region settings for STS AWS credentials request

    When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

    The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

    Important
    The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

    Fix memory leak with ChangeStreams

    In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

    The function is now implemented as a loop, memory leak be gone!

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.8.1 - 2023-08-23

    5.8.1 (2023-08-23)

    The MongoDB Node.js team is pleased to announce version 5.8.1 of the mongodb package!

    Release Notes

    Import of saslprep updated to correct library.

    Fixes the import of saslprep to be the correct @ mongodb-js/saslprep library.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • 0c16582 chore(5.x): release 5.9.1 [skip-ci] (#3878)
  • 0d6c9cd fix(NODE-5691): make findOne() close implicit session to avoid memory leak (#3889)
  • df0780e test(NODE-5705): fix failing explain tests (#3894)
  • efb5e93 test(NODE-5695): update azure configuration (#3892)
  • 2ab2189 ci(NODE-5668): remove custom dep tests against master and fix prose test 14 (#3884)
  • 74833fb ci(NODE-5664): unit test on all supported Node versions (#3885)
  • 296faac ci(NODE-5653): remove vars from ci config (#3880)
  • d766ae2 fix(NODE-5627): BulkWriteResult.insertedIds includes ids that were not inserted (#3870)
  • 6f67539 docs(no-story): build docs for 5.9 release (#3868)
  • 6861e19 chore(5.x): release 5.9.0 [skip-ci] (#3852)
  • dc110e0 feat(NODE-5564): bump bson version to ^5.5.0 (#3865)
  • 3e56c67 test(NODE-5619): use npm 9 on eol node versions (#3861)
  • f60f1b5 fix(NODE-5587): recursive calls to next cause memory leak (#3842)
  • 2fab06b fix(NODE-5550): set AWS region from environment variable for STSClient (#3851)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs