Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongodb from 4.3.1 to 4.4.0 #16

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade mongodb from 4.3.1 to 4.4.0 #16

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade mongodb from 4.3.1 to 4.4.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2022-02-17.
Release notes
Package name: mongodb
  • 4.4.0 - 2022-02-17

    The MongoDB Node.js team is pleased to announce version 4.4.0 of the mongodb package!

    Release Highlights

    This release includes a few new features described below.

    KMIP

    KMIP can now be configured as a KMS provider for CSFLE by providing the KMIP endpoint in the kmsProviders option.

    Example:

    new MongoClient(uri, { autoEncryption: { kmsProviders: { kmip: { endpoint: 'host:port' }}}})

    CSFLE TLS

    Custom TLS options can now be provided for connection to the KMS servers on a per KMS provider basis.

    Example:

    new MongoClient(uri, { autoEncryption: { tlsOptions: { aws: { tlsCAFile: 'path/to/file' }}}})

    Valid options are tlsCAFile, tlsCertificateKeyFile, tlsCertificateKeyFilePassword and all accept strings as values: a string path to a certificate location on the file system or a string password.

    Kerberos

    Hostname canonicalization when using GSSAPI authentication now accepts 'none', 'forward', and 'forwardAndReverse' as auth mechanism properties. 'none' will perform no canonicalization (default), 'forward' will perform a forward cname lookup, and 'forwardAndReverse' will perform a forward lookup followed by a reverse PTR lookup on the IP address. Previous boolean values are still accepted and map to false -> 'none' and true -> 'forwardAndReverse'.

    Example:

    new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME=forward');

    For cases when the service host name differs from the connection’s host name (most likely when creating new users on localhost), a SERVICE_HOST auth mechanism property may now be provided.

    Example:

    new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=SERVICE_HOST:example.com')

    ⚠️ collection.count() and cursor.count()

    In the 4.0.0 release of the driver, the deprecated collection.count() method was inadvertently changed to behave like collection.countDocuments(). In this release, we have updated the collection.count() behavior to match the legacy behavior:

    • If a query is passed in, collection.count will behave the same as collection.countDocuments and perform a collection scan.
    • If no query is passed in, collection.count will behave the same as collection.estimatedDocumentCount and rely on collection metadata.

    We also deprecated the cursor.count() method and will remove it in the next major version along with collection.count(); please use collection.estimatedDocumentCount() or collection.countDocuments() instead.

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 4.3.1 - 2022-01-18

    The MongoDB Node.js team is pleased to announce version 4.3.1 of the mongodb package!

    Release Highlights

    In this patch release, we address the limitation introduced in 4.3.0 with the dot notation Typescript improvements and recursive types.
    Namely, this fix removes compilation errors for self-referential types.

    Note that this fix still has the following limitations:

    • type checking defaults to any after the first level of recursion for self-referential types
    interface Node {
    next: Node | null;
    }

    declare const collection: Collection<Node>;

    // no error here even though next is of type Node | null
    collection.find({
    next: {
    next: 'asdf'
    }
    });

    • indirectly self-referential types are still not supported
    interface A {
    b: B;
    }

    interface B {
    a: A;
    }

    declare const mutuallyRecursive: Collection<A>;

    // this will throw an error because there is indirect recursion
    // between types (A depends on B which depends on A and so on)
    mutuallyRecursive.find({});

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • b578d89 chore(release): 4.4.0
  • d0390d0 feat(NODE-2939): add new hostname canonicalization opts (#3131)
  • aa069f1 chore(NODE-3719): spec compliance review wrap up (#3145)
  • b192493 fix(NODE-3917): Throw an error when directConnection is set with multiple hosts (#3143)
  • 3e7b894 fix(NODE-3813): unexpected type conversion of read preference tags (#3138)
  • 9242de5 test(NODE-3860): improve skipReason reporting for disabled 'auth' tests (#3137)
  • 46d5821 feat(NODE-2938): add service host mechanism property (#3130)
  • 541e939 fix: fix csfle imports (#3142)
  • 489e05b test(NODE-3733): Make retryable write test error labels behave consistently with server (#3140)
  • 3807d01 test(NODE-3885): update spec tests to remove legacy language (#3139)
  • 44bbd6e feat(NODE-3777): add csfle kmip support (#3070)
  • f5c76f3 feat(NODE-3351): use hostname canonicalization (#3122)
  • a7a3b99 ci(NODE-3860): Enable auth on in CI (#3121)
  • 6218443 test(NODE-3879): legacy count in retryable reads (#3135)
  • 12c6835 fix(NODE-3878): use legacy count operation on collection.count (#3126)
  • e41f5bb test(NODE-3719,NODE-3543): fix unified runner to not pass uri opts in object and unskip lb tests (#3133)
  • c289eef test(NODE-3797): Ensure RSGhost servers are not selectable (#3132)
  • 640ef59 test(NODE-3719): spec review cleanup (#3124)
  • a48d7e2 feat(NODE-3867): deprecate cursor count and update v4 docs (#3127)
  • 323bb8d test(NODE-3817): refactor RunOn filter in legacy spec runner to use mocha hooks (#3119)
  • 6970871 refactor(NODE-3845): update load balancer config (#3089)
  • c63a21b fix(NODE-3621): fixed type of documentKey property on ChangeStreamDocument (#3118)
  • deb8544 chore(NODE-3715): add code coverage generation to Evergreen tasks (#3107)
  • 383bf6b chore: update dependencies (#3120)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot