[Snyk] Upgrade mongodb from 6.3.0 to 6.5.0

[mkusztal]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 6.3.0 to 6.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 35 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-03-11.

Release notes

Package name: mongodb

• 6.5.0 - 2024-03-11
  

  6.5.0 (2024-03-11)

  The MongoDB Node.js team is pleased to announce version 6.5.0 of the mongodb package!

  Release Notes

  Bulk Write Operations Generate Ids using pkFactory

  When performing inserts, the driver automatically generates _ids for each document if there is no _id present. By default, the driver generates ObjectIds. An option, pkFactory, can be used to configure the driver to generate _ids that are not object ids.

  For a long time, only Collection.insert and Collection.insertMany actually used the pkFactory, if configured. Notably, Collection.bulkWrite(), Collection.initializeOrderedBulkOp() and Collection.initializeOrderedBulkOp() always generated ObjectIds, regardless of what was configured on collection.

  The driver always generates _ids for inserted documents using the pkFactory.

  Caution

  If you are using a pkFactory and performing bulk writes, you may have inserted data into your database that does not have _ids generated by the pkFactory.

  Fixed applying read preference to commands depending on topology

  When connecting to a secondary in a replica set with a direct connection, if a read operation is performed, the driver attaches a read preference of primaryPreferred to the command.

  Fixed memory leak in Connection layer

  The Connection class has recently been refactored to operate on our socket operations using promises. An oversight how we made async network operations interruptible made new promises for every operation. We've simplified the approach and corrected the leak.

  Query SRV and TXT records in parallel

  When connecting using a convenient SRV connection string (mongodb+srv://) hostnames are obtained from an SRV dns lookup and some configuration options are obtained from a TXT dns query. Those DNS operations are now performed in parallel to reduce first-time connection latency.

  Container and Kubernetes Awareness

  The Node.js driver now keeps track of container metadata in the client.env.container field of the handshake document.

  If space allows, the following metadata will be included in client.env.container:

  env?: { 
    container?: {
      orchestrator?: 'kubernetes' // if process.env.KUBERNETES_SERVICE_HOST is set
      runtime?: 'docker' // if the '/.dockerenv' file exists
    } 
  }
  

  Note: If neither Kubernetes nor Docker is present, client.env will not have the container property.

  Add property errorResponse to MongoServerError

  The MongoServer error maps keys from the error document returned by the server on to itself. There are some use cases where the original error document is desirable to obtain in isolation. So now, the mongoServerError.errorResponse property stores a reference to the error document returned by the server.

  Deprecated unused CloseOptions interface

  The CloseOptions interface was unintentionally made public and was only intended for use in the driver's internals. Due to recent refactoring (NODE-5915), this interface is no longer used in the driver. Since it was marked public, out of an abundance of caution we will not be removing it outside of a major version, but we have deprecated it and will be removing it in the next major version.

  Features

  • NODE-5968: container and Kubernetes awareness in client metadata (#4005) (28b7040)
  • NODE-5988: Provide access to raw results doc on MongoServerError (#4016) (c023242)
  • NODE-6008: deprecate CloseOptions interface (#4030) (f6cd8d9)

  Bug Fixes

  • NODE-5636: generate _ids using pkFactory in bulk write operations (#4025) (fbb5059)
  • NODE-5981: read preference not applied to commands properly (#4010) (937c9c8)
  • NODE-5985: throw Nodejs' certificate expired error when TLS fails to connect instead of CERT_HAS_EXPIRED (#4014) (057c223)
  • NODE-5993: memory leak in the Connection class (#4022) (69de253)

  Performance Improvements

  • NODE-5986: parallelize SRV/TXT resolution (#4012) (eab8f23)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 6.5.0-dev.20240503.sha.7f191cf - 2024-05-03
• 6.5.0-dev.20240502.sha.9d73f45 - 2024-05-02
• 6.5.0-dev.20240426.sha.6d8ad33 - 2024-04-26
• 6.5.0-dev.20240424.sha.6abc074 - 2024-04-24
• 6.5.0-dev.20240423.sha.4a62ec6 - 2024-04-23
• 6.5.0-dev.20240420.sha.eece8c1 - 2024-04-20
• 6.5.0-dev.20240419.sha.c213679 - 2024-04-19
• 6.5.0-dev.20240418.sha.af18c53 - 2024-04-18
• 6.5.0-dev.20240417.sha.f1f816f - 2024-04-17
• 6.5.0-dev.20240416.sha.6248174 - 2024-04-16
• 6.5.0-dev.20240413.sha.8845206 - 2024-04-13
• 6.5.0-dev.20240412.sha.232bf3c - 2024-04-12
• 6.5.0-dev.20240411.sha.ddd1e81 - 2024-04-11
• 6.5.0-dev.20240409.sha.30cac05 - 2024-04-09
• 6.5.0-dev.20240406.sha.62ea94b - 2024-04-06
• 6.5.0-dev.20240405.sha.ce55ca9 - 2024-04-05
• 6.5.0-dev.20240404.sha.0e3d6ea - 2024-04-04
• 6.5.0-dev.20240403.sha.cb5903f - 2024-04-03
• 6.5.0-dev.20240328.sha.458cf6d - 2024-03-28
• 6.5.0-dev.20240326.sha.918fe69 - 2024-03-26
• 6.5.0-dev.20240323.sha.d94439f - 2024-03-23
• 6.5.0-dev.20240322.sha.a8670a7 - 2024-03-22
• 6.5.0-dev.20240321.sha.1879a04 - 2024-03-21
• 6.5.0-dev.20240320.sha.8b91c30 - 2024-03-20
• 6.5.0-dev.20240319.sha.0ebc1ac - 2024-03-19
• 6.5.0-dev.20240316.sha.159ea81 - 2024-03-16
• 6.5.0-dev.20240315.sha.77d0b47 - 2024-03-15
• 6.5.0-dev.20240314.sha.8ab2055 - 2024-03-14
• 6.5.0-dev.20240312.sha.55abb4b - 2024-03-12
• 6.4.0 - 2024-02-29
  Read more
• 6.4.0-dev.20240307.sha.28b7040 - 2024-03-07
• 6.4.0-dev.20240306.sha.057c223 - 2024-03-06
• 6.4.0-dev.20240305.sha.eab8f23 - 2024-03-05
• 6.4.0-dev.20240301.sha.f2b3484 - 2024-03-01
• 6.3.0 - 2023-11-16
  

  6.3.0 (2023-11-15)

  The MongoDB Node.js team is pleased to announce version 6.3.0 of the mongodb package!

  Release Notes

  New client option serverMonitoringMode

  For users that want to control the behaviour of the monitoring connection between each node in the topology, a new option, serverMonitoringMode, has been added. This defaults to auto but can be forced into a specific mode by providing a value of poll or stream. When the setting is auto the monitoring mode will be determined by the environment the driver is running in, specifically, FaaS environments prefer "polling" mode and all others prefer "streaming".

  A polling monitor periodically issues a hello command to the node at an interval of heartbeatFrequencyMS. A streaming monitor sends an initial hello and then will automatically get a response from the Node when a change in server configuration occurs or at a maximum time of heartbeatFrequencyMS. The value of that option defaults to 10000 milliseconds.

  This new option can be provided in the connection string or as an option to the MongoClient.

  // In the connection string.
  new MongoClient('mongodb://127.0.0.1:27017/?serverMonitoringMode=stream');

  // In the options
  new MongoClient('mongodb://127.0.0.1:27017/', { serverMonitoringMode: 'stream' });

  Fix connection leak when serverApi is enabled

  When enabling serverApi the driver's RTT measurement logic (used to determine the closest node) still sent the legacy hello command "isMaster" causing the server to return an error. Unfortunately, the error handling logic did not correctly destroy the socket which would cause a leak.

  Both sending the correct hello command and the error handling connection clean-up logic are fixed in this change.

  GridFS fields deprecated

  The GridFS contentType and aliases options are deprecated. According to the GridFS spec, applications wishing to store contentType and aliases should add a corresponding field to the metadata document instead.

  Remove deprecation warning about punycode

  The mongodb-connection-string-url package which parses connection strings relied on Node's punycode module, the package now imports the community package removing the deprecation warning on Node.js 20+.

  Features

  • NODE-3881: require hello command + OP_MSG when 'loadBalanced=True' (#3907) (fd58eec)
  • NODE-5197: add server monitoring mode (#3899) (ae4c94a)
  • NODE-5590: deprecate GridFS fields (#3905) (d2225da)

  Bug Fixes

  • NODE-4863: do not use RetryableWriteError for non-server errors (#3914) (08c9fb4)
  • NODE-5709: bump mongodb-connection-string-url to 3.0.0 (#3909) (1c3dc02)
  • NODE-5749: RTTPinger always sends legacy hello (#3921) (ebbfb8a)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately and report any issues to the NODE project.

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• c9e32ad chore(main): release 6.5.0 [skip-ci] (#4013)
• f6cd8d9 feat(NODE-6008): deprecate CloseOptions interface (#4030)
• 36fa752 refactor(NODE-5915): topology close logic to be synchronous (#4021)
• 937c9c8 fix(NODE-5981): read preference not applied to commands properly (#4010)
• 31f1eed test(NODE-5969): convert CSFLE corpus test [Snyk] Upgrade react-redux from 8.0.2 to 8.0.5 #6 to TS, async/await and add write concerns to all CRUD operations (#4029)
• fbb5059 fix(NODE-5636): generate _ids using pkFactory in bulk write operations (#4025)
• 2348548 test(DRIVERS-2812): sdam load balancer tests in serverless (#4026)
• c023242 feat(NODE-5988): Provide access to raw results doc on MongoServerError (#4016)
• 69de253 fix(NODE-5993): memory leak in the `Connection` class (#4022)
• 28b7040 feat(NODE-5968): container and Kubernetes awareness in client metadata (#4005)
• e30c6d3 chore(NODE-5997): update saslprep to ^1.1.5 (#4023)
• 4ac9675 test(NODE-5962): gossip cluster time in utr (#4019)
• 057c223 fix(NODE-5985): throw Nodejs' certificate expired error when TLS fails to connect instead of `CERT_HAS_EXPIRED` (#4014)
• 7eaf2c8 refactor(NODE-5903): add newline to stdio logging (#4018)
• 443835e test(NODE-5992): fix env var restoration in tests (#4017)
• eab8f23 perf(NODE-5986): parallelize SRV/TXT resolution (#4012)
• f2b3484 docs: generate 6.4.0 documentation (#4008)
• 9ac2e38 chore(main): release 6.4.0 [skip-ci] (#3935)
• 5f62f56 docs: generate docs from latest main [skip-ci] (#3977)
• 90f2f70 feat(NODE-5978): upgrade BSON to ^6.4.0 (#4007)
• 99a0059 test(NODE-5731): add serverless proxy testing (#4003)
• 1ca6269 test(NODE-5929): convert txn legacy spec tests (#3987)
• f26de76 fix(NODE-5944): make AWS session token optional (#4002)
• 09c9b0b chore(NODE-5972): specify TS 5.0 in package.json and package-lock (#4004)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs