[Snyk] Upgrade mongodb from 3.6.1 to 3.6.2

[snyk-bot]

Snyk has created this PR to upgrade mongodb from 3.6.1 to 3.6.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 2 months ago, on 2020-09-10.

Release notes

Package name: mongodb

• 3.6.2 - 2020-09-10
  

  The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver

  Release Highlights

  Updated bl dependency due to CVE-2020-8244

  See this link for more details: https://github.com/advisories/GHSA-pp7h-53gx-mx7r

  Connection pool wait queue processing is too greedy

  The logic for processing the wait queue in our connection pool ran the risk of
  starving the event loop. Calls to process the wait queue are now wrapped in a
  setImmediate to prevent starvation

  Documentation

  Reference: http://mongodb.github.io/node-mongodb-native/3.6/
  API: http://mongodb.github.io/node-mongodb-native/3.6/api/
  Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

  We invite you to try the driver immediately, and report any issues to the NODE project.

  Thanks very much to all the community members who contributed to this release!

  Release Notes

  Bug

  • [NODE-2798] - Update version of dependency "bl" due to vulnerability
  • [NODE-2803] - Connection pool wait queue processing is too greedy
• 3.6.1 - 2020-09-02
  

  The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver

  Release Highlights

  Kerberos

  A bug in introducing the new CMAP Connection prevented some users from properly authenticating with the kerberos module.

  Index options are not respected with createIndex

  The logic for building the createIndex command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist.

  Remove strict mode for createCollection

  Since v3.6.0 createCollection will no longer returned a cached Collection instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the strict option for createCollection, so that option has been removed from documentation.

  Documentation

  Reference: http://mongodb.github.io/node-mongodb-native/3.6/
  API: http://mongodb.github.io/node-mongodb-native/3.6/api/
  Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

  We invite you to try the driver immediately, and report any issues to the NODE project.

  Thanks very much to all the community members who contributed to this release!

  Release Notes

  Bug

  • [NODE-2731] - CMAP Connection type does not provide host/port properties
  • [NODE-2755] - "language_override" option support for text index is broken

  Improvement

  • [NODE-2730] - Move MongoAuthProcess into the driver source tree
  • [NODE-2746] - Strict mode for `createCollection` should be removed

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 9ee7bb8 chore(release): 3.6.2
• 4e03dfa fix: allow event loop to process during wait queue processing (#2537)
• 2a6faa6 chore: update bl due to CVE

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs