Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump MongoDB.Driver from 2.15.0 to 2.19.0 in /Watchman.Web #240

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump MongoDB.Driver from 2.15.0 to 2.19.0 in /Watchman.Web #240

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2023

Bumps MongoDB.Driver from 2.15.0 to 2.19.0.

Release notes

Sourced from MongoDB.Driver's releases.

NET Driver Version 2.19.0 Release Notes

.NET Driver Version 2.19.0 Release Notes

This is the general availability release for the 2.19.0 version of the driver.

The main new features in 2.19.0 include:

  • Atlas Search builders
  • Default LinqProvider changed to LINQ3
  • ObjectSerializer allowed types configuration
  • Bucket and BucketAuto stages support in LINQ3
  • Support Azure VM-assigned Managed Identity for Automatic KMS Credentials
  • Native support for AWS IAM Roles

This version addresses CVE-2022-48282.

ObjectSerializer allowed types configuration

The ObjectSerializer has been changed to only allow deserialization of types that are considered safe. What types are considered safe is determined by a new configurable AllowedTypes function (of type Func<Type, bool>). The default AllowedTypes function is ObjectSerializer.DefaultAllowedTypes which returns true for a number of well-known framework types that we have deemed safe. A typical example might be to allow all the default allowed types as well as your own types. This could be accomplished as follows:

var objectSerializer = new ObjectSerializer(type => ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith("MyNamespace"));
BsonSerializer.RegisterSerializer(objectSerializer);

More information about the ObjectSerializer is available in our FAQ.

Default LinqProvider changed to LINQ3

Default LinqProvider has been changed to LINQ3. LinqProvider can be changed back to LINQ2 in the following way:

var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
clientSettings.LinqProvider = LinqProvider.V2;
var client = new MongoClient(clientSettings);

If you encounter a bug in LINQ3 provider, please report it in CSHARP JIRA project.

An online version of these release notes is available here.

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

.NET Driver Version 2.18.0 Release Notes

... (truncated)

Commits
  • 3db6a36 Release notes for 2.19.0. (#1013)
  • 790f123 CSHARP-4475: Add an AllowedTypes filter to ObjectSerializer.
  • 8993daa CSHARP-4453: Support Bucket and BucketAuto stages in LINQ3.
  • ec46c34 CSHARP-4490: Fix tests related to asserting wildcardProjection output. (#1011)
  • 9ee046b CSHARP-4182: Support for Range Indexes. (#988)
  • 9189a58 CSHARP-4440: Incorporate MongoDB.Labs.Search library (#989)
  • 0bb42fa CSHARP-4255: Fix bug and some tests. (#993)
  • c0c521e CSHARP-4449: Implement Find projections in LINQ3.
  • 396830c CSHARP-4468: LINQ V3 SelectMany + GroupBy results with redundant $push within...
  • 70ed174 CSHARP-4463: Add aws auth connectivity examples. (#1004)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump MongoDB.Driver from 2.15.0 to 2.19.0 in /Watchman.Web
93bd451 
Bumps [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) from 2.15.0 to 2.19.0.
- [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases)
- [Commits](mongodb/mongo-csharp-driver@v2.15.0...v2.19.0)

---
updated-dependencies:
- dependency-name: MongoDB.Driver
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Mar 4, 2023
@codecov-commenter
Copy link

Codecov Report

Patch coverage has no change and project coverage change: -0.10 ⚠️

Comparison is base (764dcac) 53.20% compared to head (18827e2) 53.11%.

❗ Current head 18827e2 differs from pull request most recent head 93bd451. Consider uploading reports for the commit 93bd451 to get more accurate results

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #240      +/-   ##
==========================================
- Coverage   53.20%   53.11%   -0.10%     
==========================================
  Files         283      283              
  Lines        5475     5475              
  Branches      424      424              
==========================================
- Hits         2913     2908       -5     
- Misses       2457     2460       +3     
- Partials      105      107       +2
Impacted Files Coverage Δ
...Discord/Areas/Users/Controllers/UsersController.cs 92.18% <0.00%> (-7.82%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@codecov-commenter