Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(NODE-4932): remove .0 suffix from double extended json values #553

Merged
merged 9 commits into from
Jan 10, 2023

Conversation

nbbeeken
Copy link
Contributor

@nbbeeken nbbeeken commented Jan 6, 2023

Description

What is changing?

Removes the logic for integer-like doubles

What is the motivation for this change?

Fixes an output incompatibility with other languages

Double check the following

  • Ran npm run lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: <type>(NODE-xxxx)<!>: <description>
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@nbbeeken nbbeeken marked this pull request as ready for review January 6, 2023 17:51
@nbbeeken
Copy link
Contributor Author

nbbeeken commented Jan 6, 2023

The hex strings and stringified doubles are generated by nodejs (using buffer.writeDoubleBE)
We're making sure that:

  • Java's Double.valueOf parses the strings that Javascript creates
  • Java will generate the same bytes that node will for the same stringified double
    • Notable limitation: NaN with payload cannot be encoded into a string

The tests can be run by putting the following into a file and redirecting it into jshell

$ jshell < ./double_test.jsh

Updated: Jan 9th 2pm EST with new tests from double_test.js

JShell tests
import java.nio.ByteBuffer;

void assertEquals(String a, String b) throws Exception {
    if (!a.equals(b)) {
        throw new Exception(a + "does not equal" + b);
    }
}

char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
String bytesToHex(byte[] bytes) {
    char[] hexChars = new char[bytes.length * 2];
    for (int j = 0; j < bytes.length; j++) {
        int v = bytes[j] & 0xFF;
        hexChars[j * 2] = HEX_ARRAY[v >>> 4];
        hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
    }
    return new String(hexChars);
}

assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("0.0"                     ) ).array() )   ,   "0000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-0.0"                    ) ).array() )   ,   "8000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-0.0"                    ) ).array() )   ,   "8000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("3.0"                     ) ).array() )   ,   "4008000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-3.0"                    ) ).array() )   ,   "C008000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("3.4"                     ) ).array() )   ,   "400B333333333333")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.220446049250313e-16"   ) ).array() )   ,   "3CB0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("123450000000.0"          ) ).array() )   ,   "423CBE3182800000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1234.5"                  ) ).array() )   ,   "40934A0000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-1234.5"                 ) ).array() )   ,   "C0934A0000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("Infinity"                ) ).array() )   ,   "7FF0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-Infinity"               ) ).array() )   ,   "FFF0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("NaN"                     ) ).array() )   ,   "7FF8000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1.7976931348623157e+308" ) ).array() )   ,   "7FEFFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("5e-324"                  ) ).array() )   ,   "0000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-1.7976931348623157e+308") ).array() )   ,   "FFEFFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-5e-324"                 ) ).array() )   ,   "8000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.2250738585072014e-308" ) ).array() )   ,   "0010000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.225073858507201e-308"  ) ).array() )   ,   "000FFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("5e-324"                  ) ).array() )   ,   "0000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1000000000000000128.0"   ) ).array() )   ,   "43ABC16D674EC801")
/exit

@nbbeeken
Copy link
Contributor Author

nbbeeken commented Jan 6, 2023

Evergreen patch

@nbbeeken
Copy link
Contributor Author

nbbeeken commented Jan 6, 2023

Evergreen patch

@nbbeeken
Copy link
Contributor Author

nbbeeken commented Jan 9, 2023

Evergreen Patch

{ input: new Double(Infinity), output: { $numberDouble: 'Infinity' } },
{ input: new Double(-Infinity), output: { $numberDouble: '-Infinity' } },
{ input: new Double(NaN), output: { $numberDouble: 'NaN' } }
{ input: 0, output: { $numberDouble: '0.0' } },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's a lot of test cases here now, I think it's worthwhile to add descriptions? The context field could be used in the first it block to provide more meaningful test output.

Suggested change
{ input: 0, output: { $numberDouble: '0.0' } },
{ input: 0, output: { $numberDouble: '0.0' }, context: 'positive zero' },

I'd like this change because it's not clear why each test is necessary.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added titles

// Note: calling toString on this integer returns 1000000000000000100, so toFixed is more precise
input: '1000000000000000128',
output: { $numberDouble: '1000000000000000128.0' }
}
];

for (const test of tests) {
const input = test.input;
const output = test.output;
const title = `returns ${inspect(output)} when Double is ${input}`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a context block around both tests here would make the output of the tests a lot more understandable

Copy link
Contributor Author

@nbbeeken nbbeeken Jan 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, with what differentiating information? (Is this still relevant with the added titles?)

{ input: new Double(NaN), output: { $numberDouble: 'NaN' } }
{ input: 0, output: { $numberDouble: '0.0' } },
{ input: -0, output: { $numberDouble: '-0.0' } },
{ input: '-0.0', output: { $numberDouble: '-0.0' } },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What value does this test provide?

The constructor of Double only supports numbers ( according to Typescript ).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not true according to runtime, we do support string inputs, should we make that fix here or in another ticket?

As for the test I was just ensuring the decimal point (.0) doesn't break things here.

Comment on lines 80 to 85
{
// https://262.ecma-international.org/13.0/#sec-number.prototype.tofixed
// Note: calling toString on this integer returns 1000000000000000100, so toFixed is more precise
input: '1000000000000000128',
output: { $numberDouble: '1000000000000000128.0' }
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while this is interesting, I'm not sure this provides any additional value. We already have tests that show that both positive and negative integer numbers serialize to numbers with a decimal.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an integer that's beyond the precision that an 8 byte float can hold (hence why toString loses the 28), it confirms that we still output a string that preserves it if that was the input. (Basically, asserts that toFixed is being used for ints).

Comment on lines +95 to +99
if (!Number.isNaN(inputAsDouble.value)) {
expect(Number(inputAsDouble.toExtendedJSON({ relaxed: false }).$numberDouble)).to.equal(
inputAsDouble.value
);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused why the if-block and second assertion are necessary. We should already be checking for numeric equality of $numberDouble in the preceding line (expect(..).to.deep.equal(..)).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not exactly, the $numberDouble property is a string. This check converts it back to a number and checks that the string conversion did not loose the original value (within JavaScript).

}
});

it(`input ${typeof input}: ${input} creates the same bytes after stringification`, () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iiuc, the important aspect of this test is that the value of the double is preserved through ejson stringification. we just happen to test this by asserting that the byte representations are equal. Right?

If so, I propose we adjust the title to reflect what we're actually testing, and add a comment explaining that we determine that we're comparing bytes to assert that no loss of precision occurs.

Suggested change
it(`input ${typeof input}: ${input} creates the same bytes after stringification`, () => {
it(`preserves the precision of the number after stringification`, () => {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Precision is related but more so that the string is acting as a correct data transfer format, we want to know that the same bytes can be reconstructed from the generated string, sometimes the string changes "4.9406564584124654e-324" -> "5e-324" but both represent the same ieee754 double bytes.

test/node/bson_corpus.spec.test.js Outdated Show resolved Hide resolved
test/node/bson_corpus.spec.test.js Outdated Show resolved Hide resolved
@@ -165,6 +165,11 @@ describe('BSON Corpus', function () {
describe('valid-extjson', function () {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's unclear to me why the changes in this file are necessary. reverting to what's currently in main doesn't make any tests fail. could you explain why we're modifying the test runner?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With toFixed(1) reintroduced we don't need to skip the multi-type test anymore, I put that back, but it is senitive to changes in string format as opposed to value equivalence.

The changes here are meant to raise issue in the future if there's a change to the output format that would break round tripping the string into a numeric value for all doubles. Since the if stmt on main filtered only for the '1.2345678921232E+18' case we did not need the extra handling for the NaN and -0 cases. The second section which tests round tripping through BSON needs to handle the cases where EJSON automatically converts values to int/long/double based on size and fraction.

@nbbeeken
Copy link
Contributor Author

nbbeeken commented Jan 9, 2023

Evergreen Patch

Copy link
Contributor

@baileympearson baileympearson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from discussion - we'll clean up the tests in a follow up PR but for the purposes of the fix we won't worry about test cleanup

@baileympearson baileympearson merged commit a298d22 into 4.0 Jan 10, 2023
@baileympearson baileympearson deleted the NODE-4932-rm-suffix-point-zero branch January 10, 2023 19:46
cbush pushed a commit to mongodb/docs-realm that referenced this pull request Feb 13, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
      <li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
      <li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(#553)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg&#x3D;bson&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->

---------

Co-authored-by: snyk-bot <[email protected]>
mongodben pushed a commit to mongodben/docs-realm that referenced this pull request Feb 14, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
      <li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">mongodb#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
      <li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">mongodb#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(mongodb#553)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg&#x3D;bson&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->

---------

Co-authored-by: snyk-bot <[email protected]>
mongodben pushed a commit to mongodben/docs-realm that referenced this pull request Feb 14, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
      <li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">mongodb#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
      <li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">mongodb#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>bson</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(mongodb#553)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg&#x3D;bson&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->

---------

Co-authored-by: snyk-bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants