Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump mongodb and mongoose #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump mongodb and mongoose #3

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 7, 2023

Bumps mongodb to 5.9.0 and updates ancestor dependency mongoose. These dependencies need to be updated together.

Updates mongodb from 5.7.0 to 5.9.0

Release notes

Sourced from mongodb's releases.

v5.9.0

5.9.0 (2023-09-14)

The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!

Release Notes

Bumped bson version to make use of new Decimal128 behaviour

In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.

See the bson v5.5.0 release notes for more information.

Use region settings for STS AWS credentials request

When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @​aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

[!IMPORTANT] The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

Fix memory leak with ChangeStreams

In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

The function is now implemented as a loop, memory leak be gone!

Features

Bug Fixes

  • NODE-5550: set AWS region from environment variable for STSClient (#3851) (2fab06b)
  • NODE-5587: recursive calls to next cause memory leak (#3842) (f60f1b5)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.8.1

5.8.1 (2023-08-23)

The MongoDB Node.js team is pleased to announce version 5.8.1 of the mongodb package!

... (truncated)

Changelog

Sourced from mongodb's changelog.

5.9.0 (2023-09-14)

Features

Bug Fixes

  • NODE-5550: set AWS region from environment variable for STSClient (#3851) (2fab06b)
  • NODE-5587: recursive calls to next cause memory leak (#3842) (f60f1b5)

5.8.1 (2023-08-23)

Bug Fixes

5.8.0 (2023-08-21)

Features

  • NODE-5399: use mongodb-js/saslprep instead of saslprep (#3818) (c0d3927)
  • NODE-5429: deprecate the AutoEncrypter interface (#3764) (9bb0d95)
  • NODE-5465,NODE-5538: lower @aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#3821) (39ff81d)
  • NODE-5489: update kerberos dependency (8c25d6d)

Bug Fixes

  • NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803) (c3b35b3)
  • NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810) (e81d4a2)
  • NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#3813) (4cf1e96)
Commits
  • 6861e19 chore(5.x): release 5.9.0 [skip-ci] (#3852)
  • dc110e0 feat(NODE-5564): bump bson version to ^5.5.0 (#3865)
  • 3e56c67 test(NODE-5619): use npm 9 on eol node versions (#3861)
  • f60f1b5 fix(NODE-5587): recursive calls to next cause memory leak (#3842)
  • 2fab06b fix(NODE-5550): set AWS region from environment variable for STSClient (#3851)
  • 435f88b chore(5.x): release 5.8.1 [skip-ci] (#3839)
  • 250dc21 fix(NODE-5572): fix saslprep import (#3837)
  • d6eac31 docs(NODE-5562): update upcoming crl option changes (#3836)
  • 43673fa chore(5.x): release 5.8.0 [skip-ci] (#3825)
  • 4b2fc79 docs: fix cutoff sentence on CommandStartedEvent (#3828)
  • Additional commits viewable in compare view

Updates mongoose from 7.4.2 to 7.6.0

Release notes

Sourced from mongoose's releases.

7.6.0 / 2023-10-06

7.5.4 / 2023-10-04

  • fix: avoid stripping out id property when _id is set #13933 #13892 #13867
  • fix(QueryCursor): avoid double-applying schema paths so you can include select: false fields with + projection using cursors #13932 #13773
  • fix(query): allow deselecting discriminator key using - syntax #13929 #13760
  • fix(query): handle $round in $expr as array #13928 #13881
  • fix(document): call pre('validate') hooks when modifying a path underneath triply nested subdoc #13912 #13876
  • fix(mongoose): correctly handle global applyPluginsToChildSchemas option #13911 #13887
  • types: add insertMany array overload with options #13931 t1bb4r
  • docs(compatibility): add Mongoose 7 support to compatibility matrix #13875
  • docs: amend some awkward FAQ wording #13925 peteboere

7.5.3 / 2023-09-25

  • fix(document): handle MongoDB Long when casting BigInts #13869 #13791
  • fix(model): make bulkSave() persist changes that happen in pre('save') middleware #13885 #13799
  • fix: handle casting $elemMatch underneath $not underneath another $elemMatch #13893 #13880
  • fix(model): make bulkWrite casting respect global setDefaultsOnInsert #13870 #13823
  • fix(document): handle default values for discriminator key with embedded discriminators #13891 #13835
  • fix: account for null values when assigning isNew property within document array #13883
  • types: avoid "interface can only extend object types with statically known members" error in TypeScript 4 #13871
  • docs(deprecations): fix typo in includeResultMetadata deprecation docs #13884 #13844
  • docs: fix pre element overflow in home page #13868 ghoshRitesh12

7.5.2 / 2023-09-15

  • fix(schema): handle number discriminator keys when using Schema.prototype.discriminator() #13858 #13788
  • fix: ignore id property when calling set() with both id and _id specified to avoid id setter overwriting #13762
  • types: pass correct document type to required and default function #13851 #13797
  • docs(model): add examples of using diffIndexes() to syncIndexes()and diffIndexes() api docs #13850 #13771

7.5.1 / 2023-09-11

  • fix: set default value for _update when no update object is provided and versionKey is set to false #13795 #13783 MohOraby
  • fix: avoid unexpected error when accessing null array element on discriminator array when populating #13716 ZSabakh
  • types(schematypes): use DocType for instance method this #13822 #13800 pshaddel
  • types: remove duplicated 'exists' method in Model interface in models.d.ts #13818 ohzeno
  • docs(model): replace outdated docs on deprecated findOneAndUpdate() overwrite option #13821 #13715
  • docs: add example of using virtuals.pathsToSkip option for toObject() and toJSON() #13798 RobertHunter-Pluto

7.5.0 / 2023-08-29

  • feat: use mongodb driver v5.18.1
  • feat: allow top level dollar keys with findOneAndUpdate(), update() for MongoDB 5 #13786
  • fix(document): make array getters avoid unintentionally modifying array, defer getters until index access instead #13774

... (truncated)

Changelog

Sourced from mongoose's changelog.

7.6.0 / 2023-10-06

7.5.4 / 2023-10-04

  • fix: avoid stripping out id property when _id is set #13933 #13892 #13867
  • fix(QueryCursor): avoid double-applying schema paths so you can include select: false fields with + projection using cursors #13932 #13773
  • fix(query): allow deselecting discriminator key using - syntax #13929 #13760
  • fix(query): handle $round in $expr as array #13928 #13881
  • fix(document): call pre('validate') hooks when modifying a path underneath triply nested subdoc #13912 #13876
  • fix(mongoose): correctly handle global applyPluginsToChildSchemas option #13911 #13887
  • types: add insertMany array overload with options #13931 t1bb4r
  • docs(compatibility): add Mongoose 7 support to compatibility matrix #13875
  • docs: amend some awkward FAQ wording #13925 peteboere

7.5.3 / 2023-09-25

  • fix(document): handle MongoDB Long when casting BigInts #13869 #13791
  • fix(model): make bulkSave() persist changes that happen in pre('save') middleware #13885 #13799
  • fix: handle casting $elemMatch underneath $not underneath another $elemMatch #13893 #13880
  • fix(model): make bulkWrite casting respect global setDefaultsOnInsert #13870 #13823
  • fix(document): handle default values for discriminator key with embedded discriminators #13891 #13835
  • fix: account for null values when assigning isNew property within document array #13883
  • types: avoid "interface can only extend object types with statically known members" error in TypeScript 4 #13871
  • docs(deprecations): fix typo in includeResultMetadata deprecation docs #13884 #13844
  • docs: fix pre element overflow in home page #13868 ghoshRitesh12

7.5.2 / 2023-09-15

  • fix(schema): handle number discriminator keys when using Schema.prototype.discriminator() #13858 #13788
  • fix: ignore id property when calling set() with both id and _id specified to avoid id setter overwriting #13762
  • types: pass correct document type to required and default function #13851 #13797
  • docs(model): add examples of using diffIndexes() to syncIndexes()and diffIndexes() api docs #13850 #13771

7.5.1 / 2023-09-11

  • fix: set default value for _update when no update object is provided and versionKey is set to false #13795 #13783 MohOraby
  • fix: avoid unexpected error when accessing null array element on discriminator array when populating #13716 ZSabakh
  • types(schematypes): use DocType for instance method this #13822 #13800 pshaddel
  • types: remove duplicated 'exists' method in Model interface in models.d.ts #13818 ohzeno
  • docs(model): replace outdated docs on deprecated findOneAndUpdate() overwrite option #13821 #13715
  • docs: add example of using virtuals.pathsToSkip option for toObject() and toJSON() #13798 RobertHunter-Pluto

7.5.0 / 2023-08-29

  • feat: use mongodb driver v5.18.1
  • feat: allow top level dollar keys with findOneAndUpdate(), update() for MongoDB 5 #13786
  • fix(document): make array getters avoid unintentionally modifying array, defer getters until index access instead #13774

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump mongodb and mongoose
6451334 
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) to 5.9.0 and updates ancestor dependency [mongoose](https://github.com/Automattic/mongoose). These dependencies need to be updated together.


Updates `mongodb` from 5.7.0 to 5.9.0
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/v5.9.0/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v5.7.0...v5.9.0)

Updates `mongoose` from 7.4.2 to 7.6.0
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@7.4.2...7.6.0)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-type: indirect
- dependency-name: mongoose
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants