[Snyk] Upgrade mongodb from 3.3.3 to 3.7.4

[Samax-DevOps]

Snyk has created this PR to upgrade mongodb from 3.3.3 to 3.7.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.

• The recommended version was released on a year ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Internal Property Tampering SNYK-JS-BSON-561052	416	No Known Exploit
	Internal Property Tampering SNYK-JS-BSON-6056525	416	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	416	Proof of Concept

Release notes

Package name: mongodb

• 3.7.4 - 2023-06-21
  

  The MongoDB Node.js team is pleased to announce version 3.7.4 of the mongodb package!

  Release Highlights

  This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.

  3.7.4 (2023-06-21)

  Bug Fixes

  • NODE-3711: retry txn end on retryable write (#3047) (1595140)
  • NODE-5355: prevent error when saslprep is not a function (#3733) (152425a)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 3.7.3 - 2021-10-20
• 3.7.2 - 2021-10-05
• 3.7.1 - 2021-09-14
• 3.7.0 - 2021-08-31
• 3.6.12 - 2021-08-30
• 3.6.11 - 2021-08-05
• 3.6.10 - 2021-07-06
• 3.6.9 - 2021-05-26
• 3.6.8 - 2021-05-21
• 3.6.7 - 2021-05-18
• 3.6.6 - 2021-04-06
• 3.6.5 - 2021-03-16
• 3.6.4 - 2021-02-02
• 3.6.3 - 2020-11-06
• 3.6.2 - 2020-09-10
• 3.6.1 - 2020-09-02
• 3.6.0 - 2020-07-30
• 3.6.0-beta.0 - 2020-04-14
• 3.5.11 - 2020-09-10
• 3.5.10 - 2020-07-30
• 3.5.9 - 2020-06-12
• 3.5.8 - 2020-05-28
• 3.5.7 - 2020-04-29
• 3.5.6 - 2020-04-14
• 3.5.5 - 2020-03-11
• 3.5.4 - 2020-02-25
• 3.5.3 - 2020-02-12
• 3.5.2 - 2020-01-20
• 3.5.1 - 2020-01-17
• 3.5.0 - 2020-01-14
• 3.4.1 - 2019-12-19
• 3.4.0 - 2019-12-10
• 3.3.5 - 2019-11-26
• 3.3.4 - 2019-11-11
• 3.3.4-rc0 - 2019-11-06
• 3.3.3 - 2019-10-16

from mongodb GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[astronuts-ai]

Generating PR Walkthrough...

[astronuts-ai]

Code Suggestions Summary

Latest suggestions for commits between 8bc71c3...b1ed6af

Category	Suggestions
Possible Issue	Ensure the `bson` version aligns with the `mongodb` version for compatibility. Verify that the bson version is compatible with the mongodb version to prevent runtime errors. This suggestion addresses a potential compatibility issue that could lead to runtime errors, making it important. app/package-lock.json(48-50)
	Check for potential breaking changes in the `denque` package version. Confirm that the denque version does not introduce breaking changes with existing code. This suggestion is relevant for maintainability, but it is less critical than compatibility issues. app/package-lock.json(93-96)
	Check compatibility of the `bl` package version with other dependencies. Ensure that the version of bl is compatible with other dependencies to avoid potential conflicts. While the suggestion is valid, it does not address a critical issue, as the version specified is already defined. app/package-lock.json(21-28)
Maintainability	Assess the necessity of the `util-deprecate` package to reduce dependencies. Check if the util-deprecate package is required for the project to avoid unnecessary dependencies. This suggestion is relevant for maintainability, but it does not address a significant issue. app/package-lock.json(469-472)
	Evaluate the necessity of the `string_decoder` package to minimize dependencies. Ensure that the string_decoder package is necessary for the project to avoid unnecessary dependencies. This suggestion is valid for maintainability but does not address a critical issue. app/package-lock.json(442-449)
	Evaluate the necessity of the `optional-require` package to reduce dependencies. Check if the optional-require package is necessary for the project to avoid unnecessary dependencies. This suggestion promotes cleaner dependencies, but it is not critical to the functionality of the project. app/package-lock.json(294-301)
	Assess the usage of the `require-at` package to potentially reduce dependencies. Consider removing the require-at package if it is not used in the project to minimize dependencies. Similar to the previous suggestion, it helps in maintaining a clean dependency tree but is not crucial. app/package-lock.json(361-364)
	Verify that the `mongodb` version is consistently updated across files. Ensure that the mongodb version is updated correctly in both package-lock.json and package.json. This is a basic maintainability check, but it does not address a significant issue since the version is already updated. app/package-lock.json(15)

[astronuts-ai]

Ensure the bson version aligns with the mongodb version for compatibility.

Verify that the bson version is compatible with the mongodb version to prevent runtime errors. This suggestion addresses a potential compatibility issue that could lead to runtime errors, making it important.

Here's how:

"bson": {
      "version": "1.1.6",
      "resolved": "https://registry.npmjs.org/bson/-/bson-1.1.6.tgz",
      "integrity": "sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg=="
    },

---

Suggested Fix

Suggested change

	"version": "1.1.6",
	"resolved": "https://registry.npmjs.org/bson/-/bson-1.1.6.tgz",
	"integrity": "sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg=="
	"bson": {
	"version": "1.1.6",
	"resolved": "https://registry.npmjs.org/bson/-/bson-1.1.6.tgz",
	"integrity": "sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg=="
	},

[astronuts-ai]

Check for potential breaking changes in the denque package version.

Confirm that the denque version does not introduce breaking changes with existing code. This suggestion is relevant for maintainability, but it is less critical than compatibility issues.

Here's how:

"denque": {
      "version": "1.5.1",
      "resolved": "https://registry.npmjs.org/denque/-/denque-1.5.1.tgz",
      "integrity": "sha512-XwE+iZ4D6ZUB7mfYRMb5wByE8L74HCn30FBN7sWnXksWc1LO1bPDl67pBR9o/kC4z/xSNAwkMYcGgqDV3BE3Hw=="
    },

---

Suggested Fix

Suggested change

	"denque": {
	"version": "1.5.1",
	"resolved": "https://registry.npmjs.org/denque/-/denque-1.5.1.tgz",
	"integrity": "sha512-XwE+iZ4D6ZUB7mfYRMb5wByE8L74HCn30FBN7sWnXksWc1LO1bPDl67pBR9o/kC4z/xSNAwkMYcGgqDV3BE3Hw=="
	"denque": {
	"version": "1.5.1",
	"resolved": "https://registry.npmjs.org/denque/-/denque-1.5.1.tgz",
	"integrity": "sha512-XwE+iZ4D6ZUB7mfYRMb5wByE8L74HCn30FBN7sWnXksWc1LO1bPDl67pBR9o/kC4z/xSNAwkMYcGgqDV3BE3Hw=="
	},

[astronuts-ai]

Check compatibility of the bl package version with other dependencies.

Ensure that the version of bl is compatible with other dependencies to avoid potential conflicts. While the suggestion is valid, it does not address a critical issue, as the version specified is already defined.

Here's how:

"bl": {
      "version": "2.2.1",
      "resolved": "https://registry.npmjs.org/bl/-/bl-2.2.1.tgz",
      "integrity": "sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==",
      "requires": {
        "readable-stream": "^2.3.5",
        "safe-buffer": "^5.1.1"
      }
    },

---

Suggested Fix

Suggested change

	"bl": {
	"version": "2.2.1",
	"resolved": "https://registry.npmjs.org/bl/-/bl-2.2.1.tgz",
	"integrity": "sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==",
	"requires": {
	"readable-stream": "^2.3.5",
	"safe-buffer": "^5.1.1"
	}
	"bl": {
	"version": "2.2.1",
	"resolved": "https://registry.npmjs.org/bl/-/bl-2.2.1.tgz",
	"integrity": "sha512-6Pesp1w0DEX1N550i/uGV/TqucVL4AM/pgThFSN/Qq9si1/DF9aIHs1BxD8V/QU0HoeHO6cQRTAuYnLPKq1e4g==",
	"requires": {
	"readable-stream": "^2.3.5",
	"safe-buffer": "^5.1.1"
	}
	},

[astronuts-ai]

Assess the necessity of the util-deprecate package to reduce dependencies.

Check if the util-deprecate package is required for the project to avoid unnecessary dependencies. This suggestion is relevant for maintainability, but it does not address a significant issue.

Here's how:

"util-deprecate": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
    },

---

Suggested Fix

Suggested change

	"util-deprecate": {
	"version": "1.0.2",
	"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
	"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
	"util-deprecate": {
	"version": "1.0.2",
	"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
	"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
	},

[astronuts-ai]

Evaluate the necessity of the string_decoder package to minimize dependencies.

Ensure that the string_decoder package is necessary for the project to avoid unnecessary dependencies. This suggestion is valid for maintainability but does not address a critical issue.

Here's how:

"string_decoder": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
      "requires": {
        "safe-buffer": "~5.1.0"
      }
    },

---

Suggested Fix

Suggested change

	"string_decoder": {
	"version": "1.1.1",
	"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
	"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
	"requires": {
	"safe-buffer": "~5.1.0"
	}
	},
	"string_decoder": {
	"version": "1.1.1",
	"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
	"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
	"requires": {
	"safe-buffer": "~5.1.0"
	}
	},

[astronuts-ai]

Evaluate the necessity of the optional-require package to reduce dependencies.

Check if the optional-require package is necessary for the project to avoid unnecessary dependencies. This suggestion promotes cleaner dependencies, but it is not critical to the functionality of the project.

Here's how:

"optional-require": {
      "version": "1.1.8",
      "resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.1.8.tgz",
      "integrity": "sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA==",
      "requires": {
        "require-at": "^1.0.6"
      }
    },

---

Suggested Fix

Suggested change

	"optional-require": {
	"version": "1.1.8",
	"resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.1.8.tgz",
	"integrity": "sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA==",
	"requires": {
	"require-at": "^1.0.6"
	}
	},
	"optional-require": {
	"version": "1.1.8",
	"resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.1.8.tgz",
	"integrity": "sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA==",
	"requires": {
	"require-at": "^1.0.6"
	}
	},

[astronuts-ai]

Assess the usage of the require-at package to potentially reduce dependencies.

Consider removing the require-at package if it is not used in the project to minimize dependencies. Similar to the previous suggestion, it helps in maintaining a clean dependency tree but is not crucial.

Here's how:

"require-at": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/require-at/-/require-at-1.0.6.tgz",
      "integrity": "sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g=="
    },

---

Suggested Fix

Suggested change

	"require-at": {
	"version": "1.0.6",
	"resolved": "https://registry.npmjs.org/require-at/-/require-at-1.0.6.tgz",
	"integrity": "sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g=="
	"require-at": {
	"version": "1.0.6",
	"resolved": "https://registry.npmjs.org/require-at/-/require-at-1.0.6.tgz",
	"integrity": "sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g=="
	},