mongodb/node-mongodb-native
### [`v3.6.2`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.2)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.1...v3.6.2)
The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver
#### Release Highlights
##### Updated `bl` dependency due to CVE-2020-8244
See this link for more details:
##### Connection pool wait queue processing is too greedy
The logic for processing the wait queue in our connection pool ran the risk of
starving the event loop. Calls to process the wait queue are now wrapped in a
`setImmediate` to prevent starvation
#### Documentation
Reference:
API:
Changelog:
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
#### Release Notes
Bug
[NODE-2798] - Update version of dependency "bl" due to vulnerability
[NODE-2803] - Connection pool wait queue processing is too greedy
### [`v3.6.1`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.1)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.0...v3.6.1)
The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver
#### Release Highlights
##### Kerberos
A bug in introducing the new [CMAP](https://togithub.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly authenticating with the `kerberos` module.
##### Index options are not respected with `createIndex`
The logic for building the `createIndex` command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist.
##### Remove strict mode for `createCollection`
Since v3.6.0 `createCollection` will no longer returned a cached `Collection` instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the `strict` option for `createCollection`, so that option has been removed from documentation.
#### Documentation
Reference:
API:
Changelog:
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
#### Release Notes
Bug
[NODE-2731] - CMAP Connection type does not provide host/port properties
[NODE-2755] - "language_override" option support for text index is broken
Improvement
[NODE-2730] - Move MongoAuthProcess into the driver source tree
[NODE-2746] - Strict mode for `createCollection` should be removed
### [`v3.6.0`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.0)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.11...v3.6.0)
The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver
**NOTE:** This version begins our official support for MongoDB 4.4
#### Release Highlights
##### Streaming topology changes
MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome.
This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code.
##### Authentication
##### MONGODB-AWS authentication mechanism
The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our [documentation](https://docs.mongodb.com/drivers/node/fundamentals/authentication/mechanisms#mongodb-aws).
##### Performance improvements
There were two projects to transparently improve performance of authentication in MongoDB 4.4:
- A driver can now include the first `saslStart` command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms.
- The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication.
##### OCSP stapling testing
OCSP stapling greatly improves performance when using LetsEncrypt certificates, removing the need for an external request to LetsEncrypt servers for each authentication attempt. No additional changes were required to support OCSP stapling in the driver, but extensive testing was added to verify that the feature works as expected.
##### Changes in behavior of `Db.prototype.createCollection`
The `createCollection` helper used to internally run a `listCollections` command in order to see if a collection already existed before running the command. If it determined a collection with the same name existed, it would skip running the command and return an instance of `Collection`. This behavior was changed in v3.6.0 to avoid potentially serious bugs, specifically that the driver was not considering options passed into `createCollection` as part of the collection equality check. Imagine the following scenario:
const client = new MongoClient('...');
await client.connect();
await client.db('foo').collection('bar').insert({ importantField: 'llamas' });
await client.db('foo').createCollection('bar', {
validator: { $jsonSchema: {
bsonType: 'object',
required: ['importantField'],
properties: { name: { bsonType: 'boolean' } }
}
});
The `createCollection` call which defines a JSON schema validator would be completely bypassed because of the existence of `bar`, which was implicitly created in the first command. Our policy is strictly adhere to semver, but in rare cases like this where we feel there is potential for a data corrupting bug, we make breaking behavioral changes to protect the user.
#### Documentation
Reference:
API:
Changelog:
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
#### Release Notes
[NODE-2559] - Reduce race conditions in SDAM error handling
[NODE-2560] - Make 'reIndex' a standalone-only command
[NODE-2564] - Clarify how a driver must handle wrong set name in single topology
[NODE-2569] - 'CommitQuorum' option support for 'createIndexes’ command on MongoDB 4.4
[NODE-2576] - Raise error when hint option is provided on unacknowledged writes against any server version
[NODE-2592] - Update documentation for Text Search
[NODE-2594] - Do not add the RetryableWriteError label to errors that occur during a write within a transaction (excepting commitTransaction and abortTransaction)
[NODE-2622] - allowDiskUse option for find should be documented as only being supported in 4.4+
[NODE-2627] - Reduce default keepalive time to align with Azure defaults
[NODE-2659] - Drivers should retry replSetStepDown after "Unable to acquire X lock" error
[NODE-2661] - Define behavior of connectTimeoutMS=0 with streaming protocol
[NODE-2675] - Test that ElectionInProgress is not resumed
[NODE-2682] - Treat CursorNotFound as a resumable change stream error
[NODE-2623] - Gridfs doesn't allow to catch exception with length that exceeds file size
[NODE-2660] - Throw an error if bulk update documents don't contain update operator expressions
[NODE-2711] - Monitoring should not be immediately scheduled on streaming failure
### [`v3.5.11`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.5.11)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.10...v3.5.11)
The MongoDB Node.js team is pleased to announce version 3.5.11 of the driver
#### Release Highlights
##### Kerberos
A bug in introducing the new [CMAP](https://togithub.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly
authenticating with the `kerberos` module.
##### Updated `bl` dependency due to CVE-2020-8244
See this link for more details:
#### Documentation
Reference:
API:
Changelog:
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
#### Release Notes
Bug
[NODE-2731] - CMAP Connection type does not provide host/port properties
[NODE-2798] - Update version of dependency "bl" due to vulnerability
### [`v3.5.10`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.5.10)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.9...v3.5.10)
The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver
**NOTE:** This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0
#### Release Highlights
##### [TypeError: Cannot read property 'documents' of null](https://jira.mongodb.org/browse/NODE-2626)
[@adrian-gierakowski](https://togithub.com/adrian-gierakowski) helped us identify a bug with our ChangeStreamCursor, specifically when the cursor
was complete it would not return a valid document but instead a `null` value.
##### Command helper not respecting server selection specification rules
The [server selection specification](https://togithub.com/mongodb/specifications/blob/master/source/server-selection/server-selection.rst#use-of-read-preferences-with-commands) indicates that the "runCommand" helper should act
as a read operation for the purposes of server selection, and that it should use a default read
preference of "primary" which can only be overridden by the helper itself. The driver had a bug
where it would inherit the read preference from its "parent" type (`Collection`, `Db`, `MongoClient`)
which is at odds with the specified behavior.
##### `mongodb+srv` invalid IPv6 support
Due to a bug in how we referred to ipv6 addresses internal to the driver, if a `mongodb+srv`
connection string was provided with an ipv6 address the driver would never be able to connect
and would result in a the following error `RangeError: Maximum call stack size exceeded`.
##### `maxStalenessSeconds` not accepted when provided via options
There was a bug in our connection string and `MongoClient` options parsing where a value provided
for `maxStalenessSeconds` would not end up being reflected in the `ReadPreference` used internal
to the driver.
##### Sessions are prohibited with unacknowledged writes
MongoDB can provide no guarantees around unacknowledged writes when used within a session. The
driver will now silently remove the `lsid` field from all writes issued with `{ w: 0 }`, and
will return an error in these situations in the upcoming 4.0 major release.
#### Documentation
Reference:
API:
Changelog:
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
#### Release Notes
This PR contains the following updates:
^3.5.9->^3.6.2^6.13.1->^6.13.2Release Notes
mongodb/node-mongodb-native
### [`v3.6.2`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.2) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.1...v3.6.2) The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver #### Release Highlights ##### Updated `bl` dependency due to CVE-2020-8244 See this link for more details:Bug
- [NODE-2798] - Update version of dependency "bl" due to vulnerability
- [NODE-2803] - Connection pool wait queue processing is too greedy
### [`v3.6.1`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.1) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.6.0...v3.6.1) The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver #### Release Highlights ##### Kerberos A bug in introducing the new [CMAP](https://togithub.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly authenticating with the `kerberos` module. ##### Index options are not respected with `createIndex` The logic for building the `createIndex` command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist. ##### Remove strict mode for `createCollection` Since v3.6.0 `createCollection` will no longer returned a cached `Collection` instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the `strict` option for `createCollection`, so that option has been removed from documentation. #### Documentation Reference:Bug
Improvement
- [NODE-2730] - Move MongoAuthProcess into the driver source tree
- [NODE-2746] - Strict mode for `createCollection` should be removed
### [`v3.6.0`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.6.0) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.11...v3.6.0) The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver **NOTE:** This version begins our official support for MongoDB 4.4 #### Release Highlights ##### Streaming topology changes MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome. This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code. ##### Authentication ##### MONGODB-AWS authentication mechanism The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our [documentation](https://docs.mongodb.com/drivers/node/fundamentals/authentication/mechanisms#mongodb-aws). ##### Performance improvements There were two projects to transparently improve performance of authentication in MongoDB 4.4: - A driver can now include the first `saslStart` command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms. - The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication. ##### OCSP stapling testing OCSP stapling greatly improves performance when using LetsEncrypt certificates, removing the need for an external request to LetsEncrypt servers for each authentication attempt. No additional changes were required to support OCSP stapling in the driver, but extensive testing was added to verify that the feature works as expected. ##### Changes in behavior of `Db.prototype.createCollection` The `createCollection` helper used to internally run a `listCollections` command in order to see if a collection already existed before running the command. If it determined a collection with the same name existed, it would skip running the command and return an instance of `Collection`. This behavior was changed in v3.6.0 to avoid potentially serious bugs, specifically that the driver was not considering options passed into `createCollection` as part of the collection equality check. Imagine the following scenario: const client = new MongoClient('...'); await client.connect(); await client.db('foo').collection('bar').insert({ importantField: 'llamas' }); await client.db('foo').createCollection('bar', { validator: { $jsonSchema: { bsonType: 'object', required: ['importantField'], properties: { name: { bsonType: 'boolean' } } } }); The `createCollection` call which defines a JSON schema validator would be completely bypassed because of the existence of `bar`, which was implicitly created in the first command. Our policy is strictly adhere to semver, but in rare cases like this where we feel there is potential for a data corrupting bug, we make breaking behavioral changes to protect the user. #### Documentation Reference:Epic
New Feature
Improvement
Bug
- [NODE-2416] - Confusing documentation for collection.aggregate collation option
- [NODE-2502] - replaceOne example in test/examples/update_documents.js incorrect
- [NODE-2537] - createCollection helper should not run listIndexes outside of strict mode
- [NODE-2567] - Fix qs dependency for older node
- [NODE-2616] - SDAM test typo "compatible"
- [NODE-2623] - Gridfs doesn't allow to catch exception with length that exceeds file size
- [NODE-2660] - Throw an error if bulk update documents don't contain update operator expressions
- [NODE-2711] - Monitoring should not be immediately scheduled on streaming failure
### [`v3.5.11`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.5.11) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.10...v3.5.11) The MongoDB Node.js team is pleased to announce version 3.5.11 of the driver #### Release Highlights ##### Kerberos A bug in introducing the new [CMAP](https://togithub.com/mongodb/specifications/blob/master/source/connection-monitoring-and-pooling/connection-monitoring-and-pooling.rst) `Connection` prevented some users from properly authenticating with the `kerberos` module. ##### Updated `bl` dependency due to CVE-2020-8244 See this link for more details:Bug
- [NODE-2731] - CMAP Connection type does not provide host/port properties
- [NODE-2798] - Update version of dependency "bl" due to vulnerability
### [`v3.5.10`](https://togithub.com/mongodb/node-mongodb-native/releases/v3.5.10) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.5.9...v3.5.10) The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver **NOTE:** This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0 #### Release Highlights ##### [TypeError: Cannot read property 'documents' of null](https://jira.mongodb.org/browse/NODE-2626) [@adrian-gierakowski](https://togithub.com/adrian-gierakowski) helped us identify a bug with our ChangeStreamCursor, specifically when the cursor was complete it would not return a valid document but instead a `null` value. ##### Command helper not respecting server selection specification rules The [server selection specification](https://togithub.com/mongodb/specifications/blob/master/source/server-selection/server-selection.rst#use-of-read-preferences-with-commands) indicates that the "runCommand" helper should act as a read operation for the purposes of server selection, and that it should use a default read preference of "primary" which can only be overridden by the helper itself. The driver had a bug where it would inherit the read preference from its "parent" type (`Collection`, `Db`, `MongoClient`) which is at odds with the specified behavior. ##### `mongodb+srv` invalid IPv6 support Due to a bug in how we referred to ipv6 addresses internal to the driver, if a `mongodb+srv` connection string was provided with an ipv6 address the driver would never be able to connect and would result in a the following error `RangeError: Maximum call stack size exceeded`. ##### `maxStalenessSeconds` not accepted when provided via options There was a bug in our connection string and `MongoClient` options parsing where a value provided for `maxStalenessSeconds` would not end up being reflected in the `ReadPreference` used internal to the driver. ##### Sessions are prohibited with unacknowledged writes MongoDB can provide no guarantees around unacknowledged writes when used within a session. The driver will now silently remove the `lsid` field from all writes issued with `{ w: 0 }`, and will return an error in these situations in the upcoming 4.0 major release. #### Documentation Reference:Bug
Improvement
sindresorhus/query-string
### [`v6.13.2`](https://togithub.com/sindresorhus/query-string/releases/v6.13.2) [Compare Source](https://togithub.com/sindresorhus/query-string/compare/v6.13.1...v6.13.2) - Fix the `ParsedQuery` TypeScript typ [`56d2923`](https://togithub.com/sindresorhus/query-string/commit/56d2923)Renovate configuration
📅 Schedule: "before 7am" in timezone GMT.
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.