The MongoDB Node.js team is pleased to announce version 5.8.0 of the mongodb package!
Release Notes
The AutoEncrypter interface has been deprecated
The AutoEncrypter interface was used internally but accidentally made public in the 4.x version of the driver. It is now deprecated and will be made internal in the next major release.
Kerberos support for 1.x and 2.x
Moves the kerberos dependency back to ^1.0.0 || ^2.0.0 to indicate support for both 1.x and 2.x. Support for 1.x is removed in 6.0.
Fixed accidental deprecation warning
Because of internal options handling, a deprecation was emitted for tlsCertificateFile when using tlsCertificateKeyFile. That has been corrected.
Remove credential availability on ConnectionPoolCreatedEvent
In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.
Features
NODE-5399: use mongodb-js/saslprep instead of saslprep (#3818) (c0d3927)
NODE-5429: deprecate the AutoEncrypter interface (#3764) (9bb0d95)
NODE-5465,NODE-5538: lower @aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#3821) (39ff81d)
Bug Fixes
NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803) (c3b35b3)
NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810) (e81d4a2)
NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#3813) (4cf1e96)
Bumps the npm_and_yarn group with 23 updates in the / directory:
1.6.2
1.6.3
3.1.8
3.1.10
4.18.1
4.19.2
4.14.4
4.15.5
8.5.1
9.0.0
5.7.0
5.8.0
7.4.3
7.4.4
5.74.0
5.76.0
0.4.23
0.5.0
3.4.2
4.9.6
7.19.3
7.24.5
3.10.3
3.13.0
4.2.1
4.2.3
2.1.3
2.1.4
4.1.1
4.2.0
0.2.0
0.2.2
0.10.62
0.10.64
2.0.0
2.0.2
4.1.0
4.1.1
1.1.8
1.1.9
4.2.2
4.2.4
5.22.0
5.28.4
1.2.3
1.2.5
Updates
axios
from 1.6.2 to 1.6.3Release notes
Sourced from axios's releases.
Changelog
Sourced from axios's changelog.
Commits
b15b918
chore(release): v1.6.3 (#6151)b76cce0
chore(ci): added branches filter for notify action; (#6084)5e7ad38
fix: Regular Expression Denial of Service (ReDoS) (#6132)8befb86
docs: update alloy link (#6145)d18f40d
docs: add headline sponsorsUpdates
ejs
from 3.1.8 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.mdUpdates
express
from 4.18.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
jose
from 4.14.4 to 4.15.5Release notes
Sourced from jose's releases.
Changelog
Sourced from jose's changelog.
... (truncated)
Commits
765aafd
chore(release): 4.15.5b36e45e
test: add export check to x509 pem import testse839ecb
test: stop testing JWE RSA1_5 Algorithm1b91d88
fix: add a maxOutputLength option to zlib inflate9ca2b24
build: remove release actionf3035d8
chore: cleanup after releasef0bb220
chore(release): 4.15.46f38554
chore: bump dev deps936c9df
fix(types): export GetKeyFunction (#592)5ac6619
chore: bump dev depsUpdates
jsonwebtoken
from 8.5.1 to 9.0.0Changelog
Sourced from jsonwebtoken's changelog.
Commits
e1fa9dc
Merge pull request from GHSA-8cf7-32gw-wr335eaedbf
chore(ci): remove github test actions job (#861)cd4163e
chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6cc
fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030
fix(sign&verify)!: Remove defaultnone
support fromsign
andverify
met...7e6a86b
Upload OpsLevel YAML (#849)74d5719
docs: update references vercel/ms references (#770)d71e383
docs: document "invalid token" error3765003
docs: fix spelling in README.md: Peak -> Peek (#754)a46097e
docs: make decode impossible to discover before verifyMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates
mongodb
from 5.7.0 to 5.8.0Release notes
Sourced from mongodb's releases.
Changelog
Sourced from mongodb's changelog.
Commits
43673fa
chore(5.x): release 5.8.0 [skip-ci] (#3825)4b2fc79
docs: fix cutoff sentence on CommandStartedEvent (#3828)39ff81d
feat(NODE-5465,NODE-5538): lower@aws-sdk/credential-providers
version to 3...e1af343
chore: update release automation scripts 5.x (#3823)c0d3927
feat(NODE-5399): use mongodb-js/saslprep instead of saslprep (#3818)4cf1e96
fix(NODE-5537): remove credentials from ConnectionPoolCreatedEvent options (#...e81d4a2
fix(NODE-5495): do not emit deprecation warning when tlsCertificateKeyFile is...c3b35b3
fix(NODE-5489): set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803)cc3069d
Revert "feat(NODE-5489): update kerberos dependency"8c25d6d
feat(NODE-5489): update kerberos dependencyUpdates
mongoose
from 7.4.3 to 7.4.4Release notes
Sourced from mongoose's releases.
Changelog
Sourced from mongoose's changelog.
Commits
57b6eab
chore: release 7.4.4244a543
Merge pull request #13739 from maybesmurf/masteracbd957
Merge pull request #13747 from Idnan/master812b014
Merge pull request #13759 from yury-ivaniutsenka/fix_change_streamb0258e1
Merge pull request #13758 from Automattic/vkarpov15/mongoose-autopopulate-965fdb89c
Merge pull request #13761 from Automattic/vkarpov15/gh-137252591f9f
fix(schema): support 'ascending', 'asc', 'descending', 'desc' for index direc...b2e7315
Merge branch 'master' of github.com:Automattic/mongoose6e6e190
Merge branch '6.x'0604133
chore: release 6.11.6Updates
semver
from 7.3.8 to 7.6.0Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
377f709
chore: release 7.6.0 (#661)a7ab13a
feat: preserve pre-release and build parts of a version on coerce (#671)816c7b2
chore: postinstall for dependabot template-oss PR0bd24d9
chore: bump@npmcli/template-oss
from 4.21.1 to 4.21.3e521932
chore: postinstall for dependabot template-oss PR8873991
chore: chore: chore: postinstall for dependabot template-oss PRf317dc8
chore: bump@npmcli/template-oss
from 4.19.0 to 4.21.07303db1
chore: add clean() test for build metadata (#658)6240d75
chore: add missing quotes in README.md (#656)14d263f
chore: postinstall for dependabot template-oss PRMaintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Updates
webpack
from 5.74.0 to 5.76.0Release notes
Sourced from webpack's releases.
... _Description has been truncated_