search

opengovsg / FormSG

Form builder for the Singapore Government
https://form.gov.sg
Other
270 stars 81 forks source link

fix(deps): bump bson from 4.7.2 to 5.5.1 #7488

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps bson from 4.7.2 to 5.5.1.

Release notes

Sourced from bson's releases.

v5.5.1

5.5.1 (2023-09-28)

The MongoDB Node.js team is pleased to announce version 5.5.1 of the bson package!

Release Notes

Clarify BSONVersionError message

Previously, our thrown BSONVersionError stated that the "bson type must be from 6.0 or later". Our intention is to prevent cross-major BSON types from reaching the serialization logic as breaking changes to the types could lead to silent incompatibilities in the serialization process. We've updated the message to make that intention clear: "bson types must be from bson 6.x.x".

Bug Fixes

  • NODE-5641: BsonVersionError improve message clarity (#630) (d1ca218)

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

v5.5.0

5.5.0 (2023-09-12)

The MongoDB Node.js team is pleased to announce version 5.5.0 of the bson package!

Release Notes

This release is focused on a bug fix and a new feature for our Decimal128 class.

Decimal128 constructor and Decimal128.fromString now throw when detecting loss of precision

Prior to this release, Decimal128 would round numbers with more than 34 significant digits and lose precision. Now, on detecting loss of precision, Decimal128's constructor and Decimal128.fromString will throw a BSONError. This behaviour should have been the default as the Decimal128 class was always intended to be high-precision floating point value. As such, silently performing inexact rounding is undesirable behaviour.

New Decimal128.fromStringWithRounding static method

We understand that some of our users may have depended on the rounding behaviour of Decimal128.fromString for their applications. To support these users, we have exposed this behaviour via the Decimal128.fromStringWithRounding method. Anywhere that Decimal128.fromString was used with the expectation that rounding would occur can be replaced with a call to this new method.

We also want to express our gratitude to @​hconn-riparian for reporting a related rounding bug and fix in #560 which has been included in our implementation of this feature.

// pre v5.5
> let d = Decimal128.fromString('127341286781293491234791234667890123')
new Decimal128("1.273412867812934912347912346678901E+35")

// >= v5.5
> let d = Decimal128.fromString('127341286781293491234791234667890123')
Uncaught:
BSONError: "127341286781293491234791234667890123" is not a valid Decimal128 string - inexact rounding
at invalidErr (./js-bson/lib/bson.cjs:1402:11)
at Decimal128.fromStringInternal (./js-bson/lib/bson.cjs:1633:25)
</tr></table>

... (truncated)

Changelog

Sourced from bson's changelog.

5.5.1 (2023-09-28)

Bug Fixes

  • NODE-5641: BsonVersionError improve message clarity (#630) (d1ca218)

5.5.0 (2023-09-13)

Features

  • NODE-5579: add Decimal128.fromStringWithRounding() static method (#621) (70ca4fc)

Bug Fixes

  • NODE-5586: Decimal128 fromString performs inexact rounding (#620) (63fb316)

5.4.0 (2023-07-03)

Features

  • NODE-4938: improve react native bundle experience (#578) (7e16636)

Bug Fixes

  • NODE-5363: defer byte slicing to utf8 decoding API in nodejs (#585) (e087042)

5.3.0 (2023-05-10)

Features

  • NODE-5224: deprecate UUID hex string cache control (#573) (70aea75)

Bug Fixes

  • NODE-4960: UUID validation too strict (#572) (d239cd1)

5.2.0 (2023-04-04)

Features

  • NODE-4855: add hex and base64 ctor methods to Binary and ObjectId (#569) (0d49a63)

... (truncated)

Commits
  • 44ad321 chore(5.x): release 5.5.1 [skip-ci] (#631)
  • 4d5487d chore(NODE-5547): fix npm version setting var (#633)
  • d1ca218 fix(NODE-5641): BsonVersionError improve message clarity (#630)
  • d4fe723 chore(release): 5.5.0
  • ab6f784 chore(5.x): revert release 5.5.0 (#625) (#627)
  • 045dc2d chore(5.x): release 5.5.0 (#625)
  • 70ca4fc feat(NODE-5579): add Decimal128.fromStringWithRounding() static method (#621)
  • 35ec16f chore: backport release scripting to 5.x branch (#624)
  • 63fb316 fix(NODE-5586): Decimal128 fromString performs inexact rounding (#620)
  • 12d169c test(NODE-5623): use npm 9 on eol node versions (#622)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for bson since your current version.


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | bson | [>= 6.a, < 7] |

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.