[Snyk] Upgrade mongodb from 3.1.12 to 4.9.0

[aravindbuilt]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 3.1.12 to 4.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 79 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-08-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-MONGODB-473855	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongodb

• 4.9.0 - 2022-08-18
  

  The MongoDB Node.js team is pleased to announce version 4.9.0 of the mongodb package!

  Release Highlights

  We have corrected an inconsistency with our writeConcern options in the type definitions where the MongoClient alleged to not support "writeConcern" as an option. In fact, it did support it at run time and now the types correctly reflect that, along with the corresponding deprecations we made to the nested writeConcern config settings.

  Our index specification handling had a few peculiar edge cases that we have detailed below, we believe these are unlikely to affect a vast majority of users as the type definitions would have likely reported an error with the impacted usage. As a feature, the typescript definitions now support a javascript Map as a valid input for an index specification.

  Index Specification Detailed Fixes

  
  

  • Map as a valid input type in TS definition
  • Uses Map under the hood to ensure key order is preserved, fixed numeric index key order issue in combination with FLE usage
  • Tuples passed at the top level to createIndex were incorrectly parsed as string input
    • createIndex(['myKey', 1]) would create { 'myKey': 1, '1': 1 }.
    • Now it's correctly detected if the second arg is one of the known index directions.
    • For complex programmatic generation of indexes we recommend using a Map to avoid all the edge cases here.
  • Type strictness on this nesting of array (one or more)
  • Type strictness for createIndexes aligned with createIndex
    • No longer accepts just Document, checks that the values are a known IndexDirection

  As per usual this release brings in the latest BSON release (v4.7.0) which added automatic UUID support. You can read more about that in the BSON release notes here!

  Special thanks to the folks who contributed to this release!

  • @ sampaiodiego for the oplogReplay flag support fix
  • @ jer-sen for typescript Filter definition improvements
  • @ aditi-khare-mongoDB for index specification fixes / type improvements

  Features

  • NODE-3517: improve index spec handling and type definitions (#3315) (0754bf9)
  • NODE-4336: deprecate old write concern options and add missing writeConcern to MongoClientOptions (#3340) (d2b6ad8)

  Bug Fixes

  • NODE-4159,NODE-4512: remove servers with incorrect setName from topology and fix unix socket parsing (#3348) (00dcf2d)
  • NODE-4273: pass 'comment' option through to distinct command (#3339) (753ecfe)
  • NODE-4413: set maxTimeMS on getMores when maxAwaitTimeMS is specified (#3319) (dcbfd6e)
  • NODE-4429: select server sync for endSessions during close (#3363) (5086ead)
  • NODE-4467: Add back support for oplogReplay option as deprecated (#3337) (6c69b7d)
  • NODE-4496: counter values incorrectly compared when instance of Long (#3342) (d29eb8c)
  • NODE-4513: type for nested objects in query & update (#3349) (ec1a68f)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.8
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.8.1 - 2022-07-26
  

  The MongoDB Node.js team is pleased to announce version 4.8.1 of the mongodb package!

  Release Highlights

  This patch comes with some bug fixes that are listed below as well as a quality of life improvement for nested keys in the UpdateFilter and Filter types. Thanks to @ coyotte508 (#3328) for contributing this improvement!

  Bug Fixes

  • NODE-4423: better type support for nested objects in query & update (#3328) (05e007b)
  • NODE-4425: webpack optional import of FLE issue (#3324) (5ab2b05)
  • NODE-4444: use Node.js clear timers (#3327) (c5cfe21)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.8
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.8.0 - 2022-07-13
  

  The MongoDB Node.js team is pleased to announce version 4.8.0 of the mongodb package!

  Release Highlights

  UpdateFilter nested fields

  Thanks to a contribution from @ coyotte508, in this release you will now get auto-complete and type safety for nested keys in an update filter. See the example below:
  

  Optional client.connect() fixup

  In our last release we made explicitly calling client.connect() before performing operations optional with some caveats. In this release client.startSession() can now be called before connecting to MongoDB.

  NOTES:

  • The only APIs that need the client to be connected before using are the legacy collection.initializeUnorderedBulkOp() / collection.initializeOrderedBulkOp() builder methods. However, the preferred collection.bulkWrite() API can be used without calling connect explicitly.
  • While executing operations without explicitly connecting may be streamlined and convenient, depending on your use case client.connect() could still be useful to find out early if there is some easily detectable issue (ex. networking) that prevents you from accessing your database.

  Features

  • NODE-4078: allow comment with estimated doc count (#3301) (bed1fe3)
  • NODE-4267: support nested fields in type completion for UpdateFilter (#3259) (1a9a44c)

  Bug Fixes

  • NODE-4125: change stream resumability (#3289) (aa5f97e)
  • NODE-4262: make startSession work without a connection (#3286) (89ad7c3)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.8
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.7.0 - 2022-06-06
  Read more
• 4.6.0 - 2022-05-11
  Read more
• 4.6.0-alpha.0 - 2022-05-04
  

  The MongoDB Node.js team is pleased to announce version v4.6.0-alpha.0 of the mongodb package!

  Release Highlights

  This release is for internal testing - NOT intended for use production.

  Features

  Bug Fixes

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.5
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md
• 4.5.0 - 2022-04-04
  Read more
• 4.4.1 - 2022-03-03
  

  The MongoDB Node.js team is pleased to announce version 4.4.1 of the mongodb package!

  Bug Fixes

  • NODE-3521: update session support checks (#3151) (aaa453d)
  • NODE-3948: Add error code to MongoSystemError (#3149) (446da95)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node
  • API: https://mongodb.github.io/node-mongodb-native/4.4
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.4.0 - 2022-02-17
  Read more
• 4.3.1 - 2022-01-18
• 4.3.0 - 2022-01-06
• 4.2.2 - 2021-12-13
• 4.2.1 - 2021-11-30
• 4.2.0 - 2021-11-17
• 4.1.4 - 2021-11-03
• 4.1.3 - 2021-10-05
• 4.1.2 - 2021-09-14
• 4.1.1 - 2021-08-24
• 4.1.0 - 2021-08-03
• 4.0.1 - 2021-07-20
• 4.0.0 - 2021-07-13
• 4.0.0-beta.6 - 2021-07-01
• 4.0.0-beta.5 - 2021-05-26
• 4.0.0-beta.4 - 2021-05-18
• 4.0.0-beta.3 - 2021-04-06
• 4.0.0-beta.2 - 2021-03-16
• 4.0.0-beta.1 - 2021-02-02
• 4.0.0-beta.0 - 2021-01-19
• 3.7.3 - 2021-10-20
• 3.7.2 - 2021-10-05
• 3.7.1 - 2021-09-14
• 3.7.0 - 2021-08-31
• 3.6.12 - 2021-08-30
• 3.6.11 - 2021-08-05
• 3.6.10 - 2021-07-06
• 3.6.9 - 2021-05-26
• 3.6.8 - 2021-05-21
• 3.6.7 - 2021-05-18
• 3.6.6 - 2021-04-06
• 3.6.5 - 2021-03-16
• 3.6.4 - 2021-02-02
• 3.6.3 - 2020-11-06
• 3.6.2 - 2020-09-10
• 3.6.1 - 2020-09-02
• 3.6.0 - 2020-07-30
• 3.6.0-beta.0 - 2020-04-14
• 3.5.11 - 2020-09-10
• 3.5.10 - 2020-07-30
• 3.5.9 - 2020-06-12
• 3.5.8 - 2020-05-28
• 3.5.7 - 2020-04-29
• 3.5.6 - 2020-04-14
• 3.5.5 - 2020-03-11
• 3.5.4 - 2020-02-25
• 3.5.3 - 2020-02-12
• 3.5.2 - 2020-01-20
• 3.5.1 - 2020-01-17
• 3.5.0 - 2020-01-14
• 3.4.1 - 2019-12-19
• 3.4.0 - 2019-12-10
• 3.3.5 - 2019-11-26
• 3.3.4 - 2019-11-11
• 3.3.4-rc0 - 2019-11-06
• 3.3.3 - 2019-10-16
• 3.3.2 - 2019-08-28
• 3.3.1 - 2019-08-23
• 3.3.0 - 2019-08-13
• 3.3.0-beta2 - 2019-07-18
• 3.3.0-beta1 - 2019-06-18
• 3.2.7 - 2019-06-04
• 3.2.6 - 2019-05-24
• 3.2.5 - 2019-05-17
• 3.2.4 - 2019-05-08
• 3.2.3 - 2019-04-05
• 3.2.2 - 2019-03-22
• 3.2.1 - 2019-03-21
• 3.2.0-beta2 - 2019-03-10
• 3.2.0-beta1 - 2019-02-27
• 3.1.13 - 2019-01-23
• 3.1.12 - 2019-01-16

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 428bdeb chore(release): 4.9.0
• b03dfa1 test: fix incorrect uuid construction (#3372)
• ad8fb25 chore: update bson dependency to 4.7.0 (#3370)
• 7f66afd docs: generate docs from latest main (#3368)
• 48f295a feat(NODE-4548): export ChangeStream class from top-level (#3357)
• 40d485c test(NODE-4553): move check test to action folder (#3366)
• 4ce6e4c fix(NODE-4555): export BSON internally (#3367)
• 5086ead fix(NODE-4429): select server sync for endSessions during close (#3363)
• f28ba0d docs: generate docs from latest main (#3306)
• 5644d3c docs(NODE-4230): update clustered collection reference link (#3364)
• ec1a68f fix(NODE-4513): type for nested objects in query & update (#3349)
• 6a0e502 fix(NODE-4533): session support error message and unified test runner (#3355)
• 6425c7a test(NODE-4333): add unit test to check dependencies (#3361)
• a0c7f5c test(NODE-3735): update to use serverless uri (#3359)
• cf88463 [Snyk] Upgrade mongodb-connection-string-url from 2.5.2 to 2.5.3 (#3356)
• c52b40c test(NODE-4422): use shared lib in prose tests (#3354)
• 8f16019 test: fix failing unit test (#3358)
• 0f79386 test(NODE-4525): bump mongodb-client-encryption to 2.2.0 in CI (#3353)
• 4ef2c3c test(NODE-4483): set crypt shared lib path (#3338)
• dcbfd6e fix(NODE-4413): set maxTimeMS on getMores when maxAwaitTimeMS is specified (#3319)
• bc70022 test(NODE-4323): add a unit test task with bson-ext installed (#3347)
• 6f5241f test(NODE-4489): add CSFLE prose test 16 (#3345)
• 00dcf2d fix(NODE-4159,NODE-4512): remove servers with incorrect setName from topology and fix unix socket parsing (#3348)
• 38403d0 test(NODE-4472): fix session spec prose test numbering (#3352)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[harshithad0703]

#13 latest snyk PR