Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 36 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.json
package-lock.json
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-6139239
SNYK-JS-HANDLEBARS-1056767
SNYK-JS-HANDLEBARS-534478
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-608086
SNYK-JS-BL-608877
SNYK-JS-LODASH-73638
SNYK-JS-HANDLEBARS-534988
SNYK-JS-Y18N-1021887
SNYK-JS-LODASH-73639
SNYK-JS-AJV-584908
SNYK-JS-QS-3153490
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-SEMVER-3247795
SNYK-JS-SETVALUE-1540541
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-MIXINDEEP-450212
SNYK-JS-SETVALUE-450213
SNYK-JS-HANDLEBARS-1279029
SNYK-JS-MINIMIST-559764
SNYK-JS-HANDLEBARS-567742
SNYK-JS-HANDLEBARS-480388
SNYK-JS-HANDLEBARS-173692
SNYK-JS-HANDLEBARS-174183
SNYK-JS-HANDLEBARS-469063
SNYK-JS-LODASH-1018905
SNYK-JS-HIGHLIGHTJS-1045326
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-PATHPARSE-1077067
SNYK-JS-MINIMIST-2429795
SNYK-JS-KINDOF-537849
SNYK-JS-HIGHLIGHTJS-1048676
SNYK-JS-UGLIFYJS-1727251
Release notes
Package name: hbs
v4.0.5
v4.0.4
Package name: mongodb
The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver
Release Highlights
This patch addresses a number of bugs listed below.
Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g,
listCollections
) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.Bug
Improvement
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!
Notable Fixes
In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause
startSession
to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's
process.emitWarning
API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.Bug
MongoDB Driver v3.6.4
The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver
Release Highlights
Explain Support
The full set of $explain verbosity settings are now supported:
queryPlanner
queryPlannerExtended
executionStats
allPlansExecution
In the following commands:
aggregate()
(MDB 3.0+)find()
(MDB 3.0+)remove()
(MDB 3.0+)update()
(MDB 3.0+)distinct()
(MDB 3.2+)findAndModify()
(MDB 3.2+)mapReduce()
(MDB 4.4+)You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
To learn more about how to use explain read here.
Direct Connection Issue Revert
We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.
Support Azure and GCP keystores in FLE
There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
Release Notes
Bug
Features
Improvement
Db
The MongoDB Node.js team is pleased to announce version 3.6.3 of the driver
Release Highlights
MongoError: not master
when runningcreateIndex
A regression introduced in v3.6.2 meant that
createIndex
operations would not be executed with a fixedprimary read preference. This resulted in the driver selecting any server for the operation, which would
fail if a non-primary was selected.
Performance issues on AWS Lambda
The driver periodically monitors members of the replicaset for changes in the topology, but ensures that
the "monitoring thread" is never woken sooner than 500ms. Measuring this elapsed time depends on a
stable clock, which is not available to us in some virtualized environments like AWS Lambda. The result
was that periodically operations would think there were no available servers, and the driver would force
a wait of
heartbeatFrequencyMS
(10s by default) before reaching out to servers again for a newmonitoring check. The internal async interval timer has been improved to account for these environments
GSSAPI AuthProvider reuses single kerberos client
A regression introduced in v3.6.0 forced the driver to reuse a single kerberos client for all
authentication attempts. This would result in incomplete authentication flows, and occaisionally even
a crash in the
kerberos
module. The driver has been reverted to creating a kerberos client perauthentication attempt.
Performance regression due to use of
setImmediate
A change introduced in v3.6.1 switched all our usage of
process.nextTick
in the connection pool withsetImmediate
per Node.js core recommendation. This was observed to introduce noticeable latency when the event loopwas experiencing pressure, so the change was reverted for this release pending further investigation.
Community Contributions
package.json
for stricter package managers (pnpm, yarn2)Documentation
Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
Release Notes
Bug
Improvement
The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver
Release Highlights
Updated
bl
dependency due to CVE-2020-8244See this link for more details: GHSA-pp7h-53gx-mx7r
Connection pool wait queue processing is too greedy
The logic for processing the wait queue in our connection pool ran the risk of
starving the event loop. Calls to process the wait queue are now wrapped in a
setImmediate
to prevent starvationDocumentation
Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
Release Notes
Bug
Package name: tap
Package name: typeorm
Bug Fixes
FindOptionsWhere
behavior with union types (#9607) (7726f5a)where
parameter is empty array (#9691) (7df2ccf), closes #9690Features
Fixes
init
command (#9422) (0984307)Features
@ JoinTable
(#9442) (93e14a9), closes #3443