Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongodb from 3.1.13 to 3.7.3 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mongodb from 3.1.13 to 3.7.3 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade mongodb from 3.1.13 to 3.7.3.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 50 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2021-10-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Internal Property Tampering
SNYK-JS-BSON-561052		 416/1000
Why? CVSS 8.1		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongodb
  • 3.7.3 - 2021-10-20

    The MongoDB Node.js team is pleased to announce version 3.7.3 of the mongodb package!

    What's Changed

    Full Changelog: v3.7.2...v3.7.3

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.7.2 - 2021-10-05

    The MongoDB Node.js team is pleased to announce version 3.7.2 of the mongodb package!

    Release Highlights

    This release contains a fix for optional require of dependencies on yarn berry.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.7.1 - 2021-09-14

    The MongoDB Node.js team is pleased to announce version 3.7.1 of the mongodb package!

    Release Highlights

    This release contains an internal improvement that makes our monitor utilize the new hello handshake for monitoring when available.

    Features

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.7.0 - 2021-08-31

    The MongoDB Node.js team is pleased to announce version 3.7.0 of the mongodb package!

    Release Highlights

    Versioned API

    Versioned API is a new feature in MongoDB 5.0 that allows user-selectable API versions, subsets of MongoDB server semantics, to be declared on a client. During communication with a server, clients with a declared API version will force the server to behave in a manner compatible with the API version. Declaring an API version on a client can be used to ensure consistent responses from a server, providing long term API stability for an application. The declared API version is applied to all commands run through the client, including those sent through the generic RunCommand helper. Specifying versioned API options in the command document AND declaring an API version on the client is not supported and will lead to undefined behavior.

    Declare an API version on a client

    // Declare API version "1" for the client
    client = new MongoClient(uri, { serverApi: { version: '1' } });

    cursor = client.db('database').collection('coll').find(...);

    Strict mode

    Declaring a strict API version will cause the MongoDB server to reject all commands that are not part of the declared API version. This includes command options and aggregation pipeline stages. For example, the following find call would fail because the tailable option is not part of version 1:

    // Declare API version "1" for the client, with strict on
    client = new MongoClient(uri, { serverApi: { version: '1', strict: true } });

    // Fails with an error
    cursor = client.db('database').collection('coll').find({ ... }, { tailable: true });

    Deprecation Errors

    The deprecationErrors option can be used to enable command failures when using functionality that is deprecated from version 1. Note that at the time of this writing, no deprecations in version 1 exist.

    // Declare API version "1" for the client, with deprecationErrors on
    client = new MongoClient(uri, { serverApi: { version: '1', deprecationErrors: true } });

    // Note: since API version "1" is the initial version, there are no deprecated commands to provide as an example yet.

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.6.12 - 2021-08-30

    The MongoDB Node.js team is pleased to announce version 3.6.12 of the mongodb package!

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.6.11 - 2021-08-05

    The MongoDB Node.js team is pleased to announce version 3.6.11 of the mongodb package!

    Release Highlights

    This patch addresses a few bugs listed below.
    Notably, we fixed an issue with the way we imported one of our optional dependencies that blocked webpack bundling.

    If you are a webpack user you will still get warnings for our optional dependencies (if you don't use them).
    You can hush the warnings by adding this option to your webpack config:

    {
    // ...
    externals: [
        'mongodb-client-encryption',
        'aws4',
        'saslprep',
        'kerberos',
        'snappy',
        'bson-ext',
    ],
    // ...
}

    It is important to note that this will leave the imports in place and not pull in the code to your bundle. If you later do adopt using these dependencies you'll want to revert the relevant setting.

    Bug Fixes

    Documentation

    We invite you to try the mongodb package immediately, and report any issues to the NODE project.

  • 3.6.10 - 2021-07-06
  • 3.6.9 - 2021-05-26
  • 3.6.8 - 2021-05-21
  • 3.6.7 - 2021-05-18
  • 3.6.6 - 2021-04-06
  • 3.6.5 - 2021-03-16
  • 3.6.4 - 2021-02-02
  • 3.6.3 - 2020-11-06
  • 3.6.2 - 2020-09-10
  • 3.6.1 - 2020-09-02
  • 3.6.0 - 2020-07-30
  • 3.6.0-beta.0 - 2020-04-14
  • 3.5.11 - 2020-09-10
  • 3.5.10 - 2020-07-30
  • 3.5.9 - 2020-06-12
  • 3.5.8 - 2020-05-28
  • 3.5.7 - 2020-04-29
  • 3.5.6 - 2020-04-14
  • 3.5.5 - 2020-03-11
  • 3.5.4 - 2020-02-25
  • 3.5.3 - 2020-02-12
  • 3.5.2 - 2020-01-20
  • 3.5.1 - 2020-01-17
  • 3.5.0 - 2020-01-14
  • 3.4.1 - 2019-12-19
  • 3.4.0 - 2019-12-10
  • 3.3.5 - 2019-11-26
  • 3.3.4 - 2019-11-11
  • 3.3.4-rc0 - 2019-11-06
  • 3.3.3 - 2019-10-16
  • 3.3.2 - 2019-08-28
  • 3.3.1 - 2019-08-23
  • 3.3.0 - 2019-08-13
  • 3.3.0-beta2 - 2019-07-18
  • 3.3.0-beta1 - 2019-06-18
  • 3.2.7 - 2019-06-04
  • 3.2.6 - 2019-05-24
  • 3.2.5 - 2019-05-17
  • 3.2.4 - 2019-05-08
  • 3.2.3 - 2019-04-05
  • 3.2.2 - 2019-03-22
  • 3.2.1 - 2019-03-21
  • 3.2.0-beta2 - 2019-03-10
  • 3.2.0-beta1 - 2019-02-27
  • 3.1.13 - 2019-01-23
from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • b42e8b3 chore(release): 3.7.3
  • 428e6d3 fix(NODE-3515): do proper opTime merging in bulk results (#3011)
  • 564b0d7 test(NODE-3606): legacy and new versions of the CSFLE library (#3002)
  • 7c5a7bb chore(release): 3.7.2
  • ec23d63 chore(NODE-3622): bump optional-require for additional yarn berry pnp support (#2989)
  • 28f721d chore(release): 3.7.1
  • 910c564 feat(NODE-3424): use hello for monitoring commands (#2964)
  • 44df7d7 chore(release): 3.7.0
  • 1a76618 fix: versioned api low node compat fix (#2970)
  • 7602f68 docs(NODE-3406): add versioned api examples (#2969)
  • a07aa56 test(NODE-3409): support AWS temp credentials in CSFLE tests (#2968)
  • eae0e05 chore(NODE-3303): deprecate md5 hash and isConnected (#2960)
  • 77ab63e test(NODE-3387): correctly extract findOneX values in unified operations (#2966)
  • 96c8ab4 fix(NODE-3377): driver should allow arbitrary explain levels (#2961)
  • 4c25984 chore: sync 3.6 changes to 3.7 (#2963)
  • e5975af fix(NODE-3463): pass explain error through to callback (#2949)
  • 238a4b0 fix(NODE-3290): versioned api validation and tests (#2869)
  • 91a2fc9 Merge remote-tracking branch 'origin/3.6' into 3.7
  • 6ee945e chore(NODE-3316): add author info and update bug url in package.json (#2887)
  • ecc930b test(NODE-3381): command monitoring redaction tests (#2873)
  • 1297cd1 chore(release): 3.6.10
  • e9196ab refactor(NODE-3324): bump max wire version to 13 (#2875)
  • 3ce148d fix(NODE-3397): report more helpful error with unsupported authMechanism in initial handshake (#2876)
  • 558182f test(NODE-3307): unified runner does not assert identical keys (#2867)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot