Skip to content
This repository has been archived by the owner on May 6, 2021. It is now read-only.

[Snyk] Upgrade mongodb from 3.5.2 to 3.5.7 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mongodb from 3.5.2 to 3.5.7 #21

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Jun 2, 2020

Snyk has created this PR to upgrade mongodb from 3.5.2 to 3.5.7.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-04-29.
Release notes
Package name: mongodb
  • 3.5.7 - 2020-04-29

    The MongoDB Node.js team is pleased to announce version 3.5.7 of the driver

    Release Highlights

    Warning: Accessing non-existent property 'count' of module exports inside circular dependency

    Work earlier this year left some dead code in our operations code, resulting in this warning message reported by multiple users. While we still have a few cycles in our codebase yet, this will quiet Node.js 14's circular dependency warnings.

    Sessions are only acquired when operations are executed

    Drivers use an implicit session for all operations where an explicit session is not provided. A subtle bug was introduced when session support was implemented where implicit sessions were created and assigned to operations even if they were about to sit in a queue waiting for execution. This results in the driver creating many sessions rather than reusing pooled ones. The fix is to ensure a session is only checked out of the pool when the operation is about to be written to a server.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2536] - Circular dependency in Node.js 14 nightly
    • [NODE-2552] - Server session creation grows unbounded with every operation call

    Improvement

    • [NODE-2534] - Document options supported by the unified topology
    • [NODE-2560] - Make 'reIndex' a standalone-only command
  • 3.5.6 - 2020-04-14

    The MongoDB Node.js team is pleased to announce version 3.5.6 of the driver

    Release Highlights

    Regression in map when cursor used as a stream

    @dobesv helped identify a regression where a map function would be applied twice
    if defined on a cursor, and that cursor was used to stream data.

    TypeError: Cannot read property 'code' of undefined

    User @linus-hologram originally reported an issue with a TypeError when the lambda
    passed to the withTransaction helper rejected with a null value. @vkarpov15
    submitted the fix.

    readPreferenceTags interpreted as an array

    A bug was fixed where readPreferenceTags with a single value in the connection
    string was not properly interpreted as an array of tags. This prevented the
    Use Analytics Nodes to Isolate Workload guidance from working
    correctly.

    Cannot set property 'isDirty' of null

    User @sean-daley reported seeing this in an AWS Lambda environment, but has proven to
    be somewhat of a heisenbug. We are rolling out a fix here that ensures sessions
    (implicit or not) are not used after they have been explicitly ended.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2503] - Cursor ReadStream applies map function twice
    • [NODE-2515] - TypeError when transaction is rejected with empty reason
    • [NODE-2541] - readPreferenceTags are not interpreted as an array
    • [NODE-2545] - Cannot set property 'isDirty' of null
    • [NODE-2549] - Unknown topology should return empty array for server selection with read preference
  • 3.5.5 - 2020-03-11

    The MongoDB Node.js team is pleased to announce version 3.5.5 of the driver

    Release Highlights

    Regression in hasNext when using a cursor with a limit

    @peterbroadhurst helped point out a regression introduced in v3.5.4 where using hasNext
    on a cusor with a limit would not return the full set of results.

    Ignored topology updates cause servers to fall out of latency window

    A change introduced across all MongoDB drivers, and in particular v3.5.0 of the Node.js
    driver, attempted to prevent needless duplicate topologyDescriptionChanged topology events
    by introducing a ServerDescription equality operator. Since equality does not take the
    lastUpdateTime and lastWriteDate fields of an ismaster into account, the driver could
    eventually consider servers non-suitable for server selection, since they would fall out
    of the latency window.
    All updates are considered viable for topology updates now, and only event emission is
    gated by ServerDescription equality.

    Memory leaks with Node.js v12+

    The legacy topology types (in particular if you were connected to a replic set) used a
    custom Timeout class to wrap a timer. Unfortunately, the class depended on an undocumented,
    private variable _called, which was removed in Node.js v12. This would lead to the driver
    thinking the timeout never occurred, and therefore never releasing the object for garbage
    collection. We recommend users of the legacy topology types immediately update to this
    version of the driver, or use the Unified Topology which is unaffected by this bug.

    TypeError: Cannot read property 'Symbol(cancelled)' of undefined

    @erfanium and @Paic helped us identify an issue in rare failover events where multiple
    requests to process the server selection queue would result in an attempted property
    access of an undefined variable.

    promiseLibrary not respected by newly introduced maybePromise helper

    @TobyEalden pointed out that an internal refactor to use a helper to optionally
    return a Promise for top level API methods was not, in fact, using a custom
    promise library if one was provided!

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2460] - Memory Leak with ReplSet and NodeJS v12
    • [NODE-2472] - TypeError on server available with useUnifiedTopology: true
    • [NODE-2474] - Server_Description update with lastUpdateTime / lastWriteDate fields is ignored in topology
    • [NODE-2480] - TypeError after reconnecting
    • [NODE-2483] - Regression using hasNext on cursor with limit
    • [NODE-2490] - promiseLibrary option is not honoured
  • 3.5.4 - 2020-02-25

    The MongoDB Node.js team is pleased to announce version 3.5.4 of the driver

    Release Highlights

    Regression in hasNext when piping a cursor

    Pierre Mallet and @Sintendo helped identify a regression with our cursors which did not
    properly rewind a cursor when hasNext was called before the cursor was piped.

    Regression in server selection queue processing

    A change introduced in v3.5.3 converted the server selection loop from a loop with timers
    to a queue of callbacks. A subtle bug was introduced to the code to process the quere where
    the upper bound of a for loop was using a dynamically decreasing length, leading to some
    operations being ignored, and ultimately timing out. Many thanks to Frederic Maillasson,
    @paulrobinson, and @adityapatadia for helping uncover this issue

    Only ensure minimum connection pool size if a size is specified

    User @millerick submitted a PR short circuiting the background task for ensuring a minimum
    pool size if no minimum size was set.

    Release Notes

    Bug

    • [NODE-2454] - Cursor.hasNext() seems to consume first document when the cursor is piped in a writable stream
    • [NODE-2464] - max election ID comparison uses invalid comparison for tracking
    • [NODE-2466] - Driver does not seem to properly recover from a long disconnection with primary server
    • [NODE-2467] - MongoServerSelectionError when using useUnifiedTopology: true

    Improvement

    • [NODE-2459] - Do not run minimum connection size task if there is no minimum pool size
  • 3.5.3 - 2020-02-12

    The MongoDB Node.js team is pleased to announce version 3.5.3 of the driver

    Release Highlights

    This patch release fixes one issue with command error handling during network errors, and one minor issue with multiple incoming wire messages not being properly processed.

    Release Notes

    Bug

    • [NODE-2435] - Unified topology does not transition server to Unknown on non-timeout operation error
    • [NODE-2437] - Multiple incoming message packets are not processed correctly

    Improvement

    • [NODE-2438] - Add exhaust command support to transport layer
    • [NODE-2449] - Simplify server error handling in unified topology
  • 3.5.2 - 2020-01-20

    The MongoDB Node.js team is pleased to announce version 3.5.2 of the driver

    Release Highlights

    This patch release corrects a regression introduced in the 4.2 timeframe which would
    effectively disable retryable operations for connection to MongoDB 4.2+. Additionally,
    the server selection loop has been converted to a queue of callbacks to improve
    readability, as well as performance in certain scenarios.

    Release Notes

    Bug

    • [NODE-2408] - retryWrites seems not to work as expected in failover test

    Improvement

    • [NODE-2398] - Use a queue for server selection
from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • 6eb6d6c chore(release): 3.5.7
  • 7f1cf35 refactor(ChangeStream): use maybePromise for next/hasNext
  • 8851a28 docs: fix event names in gridFS tutorial
  • 8a69ed6 chore: update snappy version to fix issue with node v4
  • 61aaa3d doc: document options supported by the unified topology
  • f778ef5 test: reduce flakiness of socket timeout test
  • 3d05a6d fix: limit growth of server sessions through lazy acquisition
  • 56a1b8a fix: remove circular dependency warnings on node 14
  • 84d2354 test: temporarily skip sharded transactions tests
  • 0b6f813 chore: update package lock to depend on latest bson version
  • 0665a02 test: remove replicaset topology from reIndex tests
  • d8bbb55 test: lint the driver in a single evergreen task
  • 08e89c0 chore(release): 3.5.6
  • e43d39a chore: require bson 1.1.4 or higher
  • a6f6da0 test: wait for mock server creation before using it
  • 611be8d fix: only mark server session dirty if the client session is alive
  • 7403e31 docs: Fix typo in Collection#find param
  • f9e786a fix: always return empty array for selection on unknown topology
  • d6f3001 Revert "fix: createCollection only uses listCollections in strict mode"
  • a50611b fix: single `readPreferenceTags` should be parsed as an array
  • d368f12 fix: createCollection only uses listCollections in strict mode
  • 153646c fix: don't throw if `withTransaction()` callback rejects with a null reason
  • 7778977 chore: remove superfluous build variants
  • a0b1c5a chore: remove exotic build configurations

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot