chore(deps): Upgrade bson from 5.4.0 to 5.5.1 #7152
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade bson from 5.4.0 to 5.5.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: bson
5.5.1 (2023-09-28)
The MongoDB Node.js team is pleased to announce version 5.5.1 of the
bson
package!Release Notes
Clarify BSONVersionError message
Previously, our thrown
BSONVersionError
stated that the "bson type must be from 6.0 or later". Our intention is to prevent cross-major BSON types from reaching the serialization logic as breaking changes to the types could lead to silent incompatibilities in the serialization process. We've updated the message to make that intention clear: "bson types must be from bson 6.x.x".Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.5.5.0 (2023-09-12)
The MongoDB Node.js team is pleased to announce version 5.5.0 of the
bson
package!Release Notes
This release is focused on a bug fix and a new feature for our
Decimal128
class.Decimal128
constructor andDecimal128.fromString
now throw when detecting loss of precisionPrior to this release,
Decimal128
would round numbers with more than 34 significant digits and lose precision. Now, on detecting loss of precision,Decimal128
's constructor andDecimal128.fromString
will throw aBSONError
. This behaviour should have been the default as theDecimal128
class was always intended to be high-precision floating point value. As such, silently performing inexact rounding is undesirable behaviour.New
Decimal128.fromStringWithRounding
static methodWe understand that some of our users may have depended on the rounding behaviour of
Decimal128.fromString
for their applications. To support these users, we have exposed this behaviour via theDecimal128.fromStringWithRounding
method. Anywhere thatDecimal128.fromString
was used with the expectation that rounding would occur can be replaced with a call to this new method.We also want to express our gratitude to @ hconn-riparian for reporting a related rounding bug and fix in #560 which has been included in our implementation of this feature.
> let d = Decimal128.fromString('127341286781293491234791234667890123')
new Decimal128("1.273412867812934912347912346678901E+35")
// >= v5.5
> let d = Decimal128.fromString('127341286781293491234791234667890123')
Uncaught:
BSONError: "127341286781293491234791234667890123" is not a valid Decimal128 string - inexact rounding
at invalidErr (./js-bson/lib/bson.cjs:1402:11)
at Decimal128.fromStringInternal (./js-bson/lib/bson.cjs:1633:25)
at Decimal128.fromString (./js-bson/lib/bson.cjs:1424:27)
> d = Decimal128.fromStringWithRounding('127341286781293491234791234667890123')
new Decimal128("1.273412867812934912347912346678901E+35")
Read more about inexact rounding and the rationale for this change in our
Decimal128
specification.Features
Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.5.4.0 (2023-07-03)
The MongoDB Node.js team is pleased to announce version 5.4.0 of the
bson
package!Release Notes
Improved React Native experience
The BSON package now ships a bundle made to work on React Native without additional polyfills preconfigured. The necessary APIs (
TextEncoder
/TextDecoder
&atob
/btoa
) are now vendored into the RN bundle directly. Users should still installreact-native-get-random-values
themselves to get securely generated UUIDs and ObjectIds. Read more in the React Native section of our readme.Improved BSON UTF8 Decoding Performance
In the v5 major release of BSON we internally abstracted the different byte manipulation APIs used based on whether the library is running in Node.js or in a browser. This abstraction required us to create a
subarray
before invoking the environment's UTF8 decoding API. Creating the subarray before invoking Node.js'Buffer.prototype.toString
API turns out to cause an unnecessary slow down. We have now updated the UTF8 stringification step on Node.js to invokeBuffer.prototype.toString
with thestart
andend
offsets. See #585 for our research.Features
Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.Commit messages
Package name: bson
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs