[Snyk] Upgrade mongodb from 3.5.9 to 3.6.10 #99
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade mongodb from 3.5.9 to 3.6.10.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-BL-608877
Why? CVSS 7.7
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongodb
The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package!
Release Highlights
This patch addresses a few bugs listed below. Notably the
bsonRegExp
option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example:Also there was an issue with
Cursor.forEach
where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example:Bug Fixes
Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver!
Release Highlights
This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention!
Bug Fixes
Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.8 of the mongodb package!
Release Highlights
Thanks to the quick adoption of the previous new patch by the mongoose package (Automattic/mongoose#10265) a small bug was identified when connections to mongodb would timeout causing unnecessary clean up operations to run. Thank you @ vkarpov15!
Bug Fixes
beforeHandshake
flag for timeout errors (#2813) (6e3bab3)Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.7 of the driver
Release Highlights
This patch addresses a number of bug fixes. Notably, there was an interesting javascript related issue with sorting documents. It only impacts users using numerical keys in their documents.
In javascript, numerical keys are always iterated first when looping over the keys of an object followed by the chronological specification of each string key. This effectively changes the ordering of a sort document sent to mongodb. However our driver does accept sort specification in a variety of ways and one way to avoid this problem is passing an array of tuples:
This ensures that mongodb is sent the
'a'
key as the first sort key and'23'
as the second.Bug Fixes
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver
Release Highlights
This patch addresses a number of bugs listed below.
Most notably, for client side encryption users upgrading to this version of the driver along with the new version of [email protected] will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g,
listCollections
) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.Bug
Improvement
Documentation
We invite you to try the driver immediately, and report any issues to the NODE project.
Thanks very much to all the community members who contributed to this release!
Commit messages
Package name: mongodb
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs