Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Upgrade bson from 5.4.0 to 5.5.1 #7152

Merged
merged 1 commit into from
Mar 21, 2024
Merged

chore(deps): Upgrade bson from 5.4.0 to 5.5.1 #7152

merged 1 commit into from
Mar 21, 2024

Conversation

sebastianwzq
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade bson from 5.4.0 to 5.5.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2023-10-18.
Release notes
Package name: bson
  • 5.5.1 - 2023-10-18

    5.5.1 (2023-09-28)

    The MongoDB Node.js team is pleased to announce version 5.5.1 of the bson package!

    Release Notes

    Clarify BSONVersionError message

    Previously, our thrown BSONVersionError stated that the "bson type must be from 6.0 or later". Our intention is to prevent cross-major BSON types from reaching the serialization logic as breaking changes to the types could lead to silent incompatibilities in the serialization process. We've updated the message to make that intention clear: "bson types must be from bson 6.x.x".

    Bug Fixes

    Documentation

    We invite you to try the bson library immediately, and report any issues to the NODE project.

  • 5.5.0 - 2023-09-13

    5.5.0 (2023-09-12)

    The MongoDB Node.js team is pleased to announce version 5.5.0 of the bson package!

    Release Notes

    This release is focused on a bug fix and a new feature for our Decimal128 class.

    Decimal128 constructor and Decimal128.fromString now throw when detecting loss of precision

    Prior to this release, Decimal128 would round numbers with more than 34 significant digits and lose precision. Now, on detecting loss of precision, Decimal128's constructor and Decimal128.fromString will throw a BSONError. This behaviour should have been the default as the Decimal128 class was always intended to be high-precision floating point value. As such, silently performing inexact rounding is undesirable behaviour.

    New Decimal128.fromStringWithRounding static method

    We understand that some of our users may have depended on the rounding behaviour of Decimal128.fromString for their applications. To support these users, we have exposed this behaviour via the Decimal128.fromStringWithRounding method. Anywhere that Decimal128.fromString was used with the expectation that rounding would occur can be replaced with a call to this new method.

    We also want to express our gratitude to @ hconn-riparian for reporting a related rounding bug and fix in #560 which has been included in our implementation of this feature.

    // pre v5.5
    > let d = Decimal128.fromString('127341286781293491234791234667890123')
    new Decimal128("1.273412867812934912347912346678901E+35")

    // >= v5.5
    > let d = Decimal128.fromString('127341286781293491234791234667890123')
    Uncaught:
    BSONError: "127341286781293491234791234667890123" is not a valid Decimal128 string - inexact rounding
    at invalidErr (./js-bson/lib/bson.cjs:1402:11)
    at Decimal128.fromStringInternal (./js-bson/lib/bson.cjs:1633:25)
    at Decimal128.fromString (./js-bson/lib/bson.cjs:1424:27)

    > d = Decimal128.fromStringWithRounding('127341286781293491234791234667890123')
    new Decimal128("1.273412867812934912347912346678901E+35")

    Read more about inexact rounding and the rationale for this change in our Decimal128 specification.

    Features

    Bug Fixes

    Documentation

    We invite you to try the bson library immediately, and report any issues to the NODE project.

  • 5.4.0 - 2023-07-05

    5.4.0 (2023-07-03)

    The MongoDB Node.js team is pleased to announce version 5.4.0 of the bson package!

    Release Notes

    Improved React Native experience

    The BSON package now ships a bundle made to work on React Native without additional polyfills preconfigured. The necessary APIs (TextEncoder/TextDecoder & atob/btoa) are now vendored into the RN bundle directly. Users should still install react-native-get-random-values themselves to get securely generated UUIDs and ObjectIds. Read more in the React Native section of our readme.

    Improved BSON UTF8 Decoding Performance

    In the v5 major release of BSON we internally abstracted the different byte manipulation APIs used based on whether the library is running in Node.js or in a browser. This abstraction required us to create a subarray before invoking the environment's UTF8 decoding API. Creating the subarray before invoking Node.js' Buffer.prototype.toString API turns out to cause an unnecessary slow down. We have now updated the UTF8 stringification step on Node.js to invoke Buffer.prototype.toString with the start and end offsets. See #585 for our research.

    Features

    Bug Fixes

    Documentation

    We invite you to try the bson library immediately, and report any issues to the NODE project.

from bson GitHub release notes
Commit messages
Package name: bson

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@KenLSM KenLSM changed the title [Snyk] Upgrade bson from 5.4.0 to 5.5.1 chore(deps): Upgrade bson from 5.4.0 to 5.5.1 Mar 20, 2024
@KenLSM KenLSM enabled auto-merge (squash) March 20, 2024 05:14
@KenLSM KenLSM requested review from tshuli and KenLSM and removed request for tshuli March 20, 2024 05:15
@KenLSM KenLSM merged commit 74c48b5 into develop Mar 21, 2024
26 of 27 checks passed
@KenLSM KenLSM deleted the snyk-upgrade-94fcb820856a23664a0f53f2eeb3d039 branch March 21, 2024 03:53
@KenLSM KenLSM mentioned this pull request Apr 2, 2024
Merged
40 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KenLSM KenLSM KenLSM approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sebastianwzq @KenLSM @snyk-bot