Update mongoose 8.4.4 → 8.5.1 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ mongoose (8.4.4 → 8.5.1) · Repo · Changelog

Release Notes

8.5.1

8.5.1 / 2024-07-12

• perf(model): performance improvements for insertMany() #14724
• fix(model): avoid leaving subdoc defaults on top-level doc when setting subdocument to same value #14728 #14722
• fix(model): handle transactionAsyncLocalStorage option with insertMany() #14743
• types: make _id required on Document type #14735 #14660
• types: fix ChangeStream.close to return a Promise like the driver #14740 orgads

8.5.0

8.5.0 / 2024-07-08

• perf: memoize toJSON / toObject default options #14672
• feat(document): add $createModifiedPathsSnapshot(), $restoreModifiedPathsSnapshot(), $clearModifiedPaths() #14699 #14268
• feat(query): make sanitizeProjection prevent projecting in paths deselected in the schema #14691
• feat: allow setting array default value to null #14717 #6691
• feat(mongoose): allow drivers to set global plugins #14682
• feat(connection): bubble up monitorCommands events to Mongoose connection if monitorCommands option set #14681 #14611
• fix(document): ensure post('deleteOne') hooks are called when calling save() after subdoc.deleteOne() #14732 #9885
• fix(query): remove count() and findOneAndRemove() from query chaining #14692 #14689
• fix: remove default connection if setting createInitialConnection to false after Mongoose instance created #14679 #8302
• types(models+query): infer return type from schema for 1-level deep nested paths #14632
• types(connection): make transaction() return type match the executor function #14661 #14656
• docs: fix docs links in index.md mirasayon

8.4.5

8.4.5 / 2024-07-05

• types: correct this for validate.validator schematype option #14720 #14696
• docs(model): note that insertMany() with lean skips applying defaults #14723 #14698

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @​mongodb-js/saslprep (indirect, 1.1.7 → 1.1.8) · Repo · Changelog

↗️ bson (indirect, 6.7.0 → 6.8.0) · Repo · Changelog

Release Notes

6.8.0

6.8.0 (2024-06-27)

The MongoDB Node.js team is pleased to announce version 6.8.0 of the bson package!

Release Notes

Add Signature to Github Releases

The Github release for js-bson now contains a detached signature file for the NPM package (named
bson-X.Y.Z.tgz.sig), on every major and patch release to 6.x and 5.x. To verify the signature, follow the instructions in the 'Release Integrity' section of the README.md file.

Optimize performance of Long.fromBigInt

Internally fromBigInt was originally implemented using toString of the bigint value. Now, Long.fromBigInt has been refactored to use bitwise operations greatly improving performance.

Features

• NODE-6156: add signature to github releases (#692) (f0fbe91)

Performance Improvements

• NODE-6126: improve Long.fromBigInt performance (#681) (63eafcb)

Documentation

• API
• Changelog

We invite you to try the bson library immediately, and report any issues to the NODE project.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 15 commits:

• chore(main): release 6.8.0 [skip-ci] (#689)
• docs(NODE-6235): update release integrity section (#702)
• chore: full ssdlc report (#701)
• chore(NODE-6212): upload sbom to s3 during releases and use actions v2 (#700)
• chore: upgrade release signing to drivers-github-tools v2 (#696)
• chore(NODE-6170): update release please owner (#690)
• chore: use sarif report action from main (#699)
• chore(NODE-6195): generate sarif reports during releases (#695)
• chore: incorrectly attempting access to sign release artifacts variables (#694)
• feat(NODE-6156): add signature to github releases (#692)
• chore(NODE-6178): enable codeql scans (#691)
• perf(NODE-6126): improve Long.fromBigInt performance (#681)
• chore: fix version number in manifest (#688)
• chore(NODE-6034): update github actions (#682)
• chore(NODE-6142): add sbom lite file to BSON (#679)

↗️ mongodb (indirect, 6.6.2 → 6.7.0) · Repo · Changelog

Release Notes

6.7.0

6.7.0 (2024-05-29)

The MongoDB Node.js team is pleased to announce version 6.7.0 of the mongodb package!

Release Notes

Support for MONGODB-OIDC Authentication

MONGODB-OIDC is now supported as an authentication mechanism for MongoDB server versions 7.0+. The currently supported facets to authenticate with are callback authentication, human interaction callback authentication, Azure machine authentication, and GCP machine authentication.

Azure Machine Authentication

The MongoClient must be instantiated with authMechanism=MONGODB-OIDC in the URI or in the client options. Additional required auth mechanism properties of TOKEN_RESOURCE and ENVIRONMENT are required and another optional username can be provided. Example:

const client = new MongoClient('mongodb+srv://<username>@<host>:<port>/?authMechanism=MONGODB-OIDC&authMechanismProperties=TOKEN_RESOURCE:<azure_token>,ENVIRONMENT=azure');
await client.connect();

GCP Machine Authentication

The MongoClient must be instantiated with authMechanism=MONGODB-OIDC in the URI or in the client options. Additional required auth mechanism properties of TOKEN_RESOURCE and ENVIRONMENT are required. Example:

const client = new MongoClient('mongodb+srv://<host>:<port>/?authMechanism=MONGODB-OIDC&authMechanismProperties=TOKEN_RESOURCE:<gcp_token>,ENVIRONMENT=gcp');
await client.connect();

Callback Authentication

The user can provide a custom callback to the MongoClient that returns a valid response with an access token. The callback is provided as an auth mechanism property an has the signature of:

const oidcCallBack = (params: OIDCCallbackParams): Promise<OIDCResponse> => {
  // params.timeoutContext is an AbortSignal that will abort after 30 seconds for non-human and 5 minutes for human.
  // params.version is the current OIDC API version.
  // params.idpInfo is the IdP info returned from the server.
  // params.username is the optional username.
// Make a call to get a token.

const token = ...;

return {

accessToken: token,

expiresInSeconds: 300,

refreshToken: token

};

}
const client = new MongoClient('mongodb+srv://<host>:<port>/?authMechanism=MONGODB-OIDC', {

authMechanismProperties: {

OIDC_CALLBACK: oidcCallback

}

});

await client.connect();

For callbacks that require human interaction, set the callback to the OIDC_HUMAN_CALLBACK property:

const client = new MongoClient('mongodb+srv://<host>:<port>/?authMechanism=MONGODB-OIDC', {
  authMechanismProperties: {
    OIDC_HUMAAN_CALLBACK: oidcCallback
  }
});
await client.connect();

Fixed error when useBigInt64=true was set on Db or MongoClient

Fixed an issue where when setting useBigInt64=true on MongoClients or Dbs an internal function compareTopologyVersion would throw an error when encountering a bigint value.

Features

• NODE-5464: OIDC machine and callback workflow (#3912) (2ba8434)

Bug Fixes

• NODE-6165: useBigInt64 causes compareTopologyVersion to throw (#4109) (21b729b)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

• chore(main): release 6.7.0 [skip-ci] (#4118)
• feat(NODE-5464): OIDC machine and callback workflow (#3912)
• docs(NODE-6191): clarify that operations should not be parallelized in transactions (#4122)
• docs: fix typos, punctuation, caps, formatting (#4103)
• chore(NODE-6170): update release please owner (#4115)
• fix(NODE-6165): useBigInt64 causes compareTopologyVersion to throw (#4109)
• chore(NODE-6178): enable codeql scans (#4116)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)