Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Bump go.mongodb.org/mongo-driver from 1.9.1 to 1.10.1 #11676

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 15, 2022

Bumps go.mongodb.org/mongo-driver from 1.9.1 to 1.10.1.

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.10.1

The MongoDB Go Driver Team is pleased to release version 1.10.1 of the official Go driver.

Release Notes

This release, along with the libmongocrypt v1.5.2 release, fixes a potential encryption key corruption bug in ClientEncryption.RewrapManyDataKey that can lead to encrypted data corruption when rotating encryption keys backed by GCP or Azure key services.

This release also removes potentially confusing deprecation warnings added to some existing timeout mechanisms in the v1.10.0 release.

Fix for potential data corruption when rotating encryption keys

Fixes a potential encryption key corruption bug in ClientEncryption.RewrapManyDataKey that can lead to encrypted data corruption when rotating encryption keys backed by GCP or Azure key services. See the libmongocrypt v1.5.2 release notes for more details about the bug. ClientEncryption.RewrapManyDataKey will now return an error if the linked version of libmongocrypt is less than 1.5.2.


For a full list of tickets included in this release, please see the links below:

Documentation for the Go driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go driver is greatly appreciated!

MongoDB Go Driver 1.10.0

⚠️ Retracted

This release has been retracted due to a potential encryption key corruption bug in ClientEncryption.RewrapManyDataKey that can lead to encrypted data corruption when rotating encryption keys backed by GCP or Azure key services.

Please use version 1.10.1 or higher.


The MongoDB Go Driver Team is pleased to release version 1.10.0 of the official Go driver.

Release Notes

This release supports several new features introduced in MongoDB v6.0, including the following notable changes.

Queryable Encryption Support

This release includes new options to AutoEncryptionOpts and EncryptOpts to support Queryable Encryption. Queryable Encryption support requires MongoDB server 6.0 or newer, and libmongocrypt 1.5.0 or newer.

Automatic Encryption Shared Library

Add support for the new encryption helper, crypt_shared, referred to as the Shared Library. The shared library replacesmongocryptd and does not require spawning a new process.

Key Management API Operations

Add ClientEncryption entity operations for Key Management API with the purpose of

  • creating data keys

... (truncated)

Commits
  • 9c62b3f Update version to v1.10.1
  • 06579a7 GODRIVER-2489 createPipelineOptionsDoc: return err (#1036)
  • bdfc953 update for libmongocrypt 1.5.2 (#1037)
  • 51ecabd GODRIVER-2489 Return error if createPipelineOptionsDoc() fails (#1035)
  • e6f6f26 GODRIVER-2494 Skip StaleShardVersion resume test on 6.1+. (#1030)
  • e095f2d GODRIVER-2495 Undeprecate legacy timeouts. (#1026)
  • 18da11c Update version to v1.10.1-prerelease
  • 5d004cc Update version to v1.11.0-prerelease
  • 9bbe96c GODRIVER-2464 Add delay in RTT monitor test so Windows can measure a non-zero...
  • 3b7e3eb Update version to v1.10.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 15, 2022
@telegraf-tiger telegraf-tiger bot added the chore label Aug 15, 2022
@srebhan
Copy link
Member

srebhan commented Aug 15, 2022

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/go_modules/go.mongodb.org/mongo-driver-1.10.1 branch from 8e53ef5 to e2735bd Compare August 15, 2022 19:46
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 15, 2022

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

1 similar comment
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 17, 2022

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@MyaLongmire
Copy link
Contributor

@dependabot recreate

Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.9.1 to 1.10.1.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v1.9.1...v1.10.1)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go.mongodb.org/mongo-driver-1.10.1 branch from e2735bd to 2873f4c Compare August 17, 2022 14:42
@telegraf-tiger
Copy link
Contributor

@MyaLongmire MyaLongmire added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Aug 17, 2022
@sspaink sspaink merged commit 93121f3 into master Aug 17, 2022
@sspaink sspaink deleted the dependabot/go_modules/go.mongodb.org/mongo-driver-1.10.1 branch August 17, 2022 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore dependencies Pull requests that update a dependency file ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants