fix(NODE-4932): remove .0 suffix from double extended json values #553
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The hex strings and stringified doubles are generated by nodejs (using buffer.writeDoubleBE)
The tests can be run by putting the following into a file and redirecting it into jshell $ jshell < ./double_test.jshUpdated: Jan 9th 2pm EST with new tests from double_test.js JShell testsimport java.nio.ByteBuffer;
void assertEquals(String a, String b) throws Exception {
if (!a.equals(b)) {
throw new Exception(a + "does not equal" + b);
}
}
char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
String bytesToHex(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
}
return new String(hexChars);
}
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("0.0" ) ).array() ) , "0000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-0.0" ) ).array() ) , "8000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-0.0" ) ).array() ) , "8000000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("3.0" ) ).array() ) , "4008000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-3.0" ) ).array() ) , "C008000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("3.4" ) ).array() ) , "400B333333333333")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.220446049250313e-16" ) ).array() ) , "3CB0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("123450000000.0" ) ).array() ) , "423CBE3182800000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1234.5" ) ).array() ) , "40934A0000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-1234.5" ) ).array() ) , "C0934A0000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("Infinity" ) ).array() ) , "7FF0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-Infinity" ) ).array() ) , "FFF0000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("NaN" ) ).array() ) , "7FF8000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1.7976931348623157e+308" ) ).array() ) , "7FEFFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("5e-324" ) ).array() ) , "0000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-1.7976931348623157e+308") ).array() ) , "FFEFFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("-5e-324" ) ).array() ) , "8000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.2250738585072014e-308" ) ).array() ) , "0010000000000000")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("2.225073858507201e-308" ) ).array() ) , "000FFFFFFFFFFFFF")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("5e-324" ) ).array() ) , "0000000000000001")
assertEquals( bytesToHex( ByteBuffer.allocate(8).putDouble( Double.valueOf("1000000000000000128.0" ) ).array() ) , "43ABC16D674EC801")
/exit |
baileympearson
requested changes
Jan 9, 2023
test/node/double_tests.js
Outdated
| { input: new Double(Infinity), output: { $numberDouble: 'Infinity' } }, | ||
| { input: new Double(-Infinity), output: { $numberDouble: '-Infinity' } }, | ||
| { input: new Double(NaN), output: { $numberDouble: 'NaN' } } | ||
| { input: 0, output: { $numberDouble: '0.0' } }, |
There was a problem hiding this comment.
there's a lot of test cases here now, I think it's worthwhile to add descriptions? The context field could be used in the first it block to provide more meaningful test output.
Suggested change
| { input: 0, output: { $numberDouble: '0.0' } }, | |
| { input: 0, output: { $numberDouble: '0.0' }, context: 'positive zero' }, |
I'd like this change because it's not clear why each test is necessary.
test/node/double_tests.js
Outdated
| // Note: calling toString on this integer returns 1000000000000000100, so toFixed is more precise | ||
| input: '1000000000000000128', | ||
| output: { $numberDouble: '1000000000000000128.0' } | ||
| } | ||
| ]; | ||
|
|
||
| for (const test of tests) { | ||
| const input = test.input; | ||
| const output = test.output; | ||
| const title = `returns ${inspect(output)} when Double is ${input}`; |
There was a problem hiding this comment.
a context block around both tests here would make the output of the tests a lot more understandable
There was a problem hiding this comment.
Sure, with what differentiating information? (Is this still relevant with the added titles?)
test/node/double_tests.js
Outdated
| { input: new Double(NaN), output: { $numberDouble: 'NaN' } } | ||
| { input: 0, output: { $numberDouble: '0.0' } }, | ||
| { input: -0, output: { $numberDouble: '-0.0' } }, | ||
| { input: '-0.0', output: { $numberDouble: '-0.0' } }, |
There was a problem hiding this comment.
What value does this test provide?
The constructor of Double only supports numbers ( according to Typescript ).
There was a problem hiding this comment.
Not true according to runtime, we do support string inputs, should we make that fix here or in another ticket?
As for the test I was just ensuring the decimal point (.0) doesn't break things here.
test/node/double_tests.js
Outdated
Comment on lines
80
to
85
| { | ||
| // https://262.ecma-international.org/13.0/#sec-number.prototype.tofixed | ||
| // Note: calling toString on this integer returns 1000000000000000100, so toFixed is more precise | ||
| input: '1000000000000000128', | ||
| output: { $numberDouble: '1000000000000000128.0' } | ||
| } |
There was a problem hiding this comment.
while this is interesting, I'm not sure this provides any additional value. We already have tests that show that both positive and negative integer numbers serialize to numbers with a decimal.
There was a problem hiding this comment.
This is an integer that's beyond the precision that an 8 byte float can hold (hence why toString loses the 28), it confirms that we still output a string that preserves it if that was the input. (Basically, asserts that toFixed is being used for ints).
Comment on lines
+95
to
+99
| if (!Number.isNaN(inputAsDouble.value)) { | ||
| expect(Number(inputAsDouble.toExtendedJSON({ relaxed: false }).$numberDouble)).to.equal( | ||
| inputAsDouble.value | ||
| ); | ||
| } |
There was a problem hiding this comment.
I'm confused why the if-block and second assertion are necessary. We should already be checking for numeric equality of $numberDouble in the preceding line (expect(..).to.deep.equal(..)).
There was a problem hiding this comment.
Not exactly, the $numberDouble property is a string. This check converts it back to a number and checks that the string conversion did not loose the original value (within JavaScript).
test/node/double_tests.js
Outdated
| } | ||
| }); | ||
|
|
||
| it(`input ${typeof input}: ${input} creates the same bytes after stringification`, () => { |
There was a problem hiding this comment.
iiuc, the important aspect of this test is that the value of the double is preserved through ejson stringification. we just happen to test this by asserting that the byte representations are equal. Right?
If so, I propose we adjust the title to reflect what we're actually testing, and add a comment explaining that we determine that we're comparing bytes to assert that no loss of precision occurs.
Suggested change
| it(`input ${typeof input}: ${input} creates the same bytes after stringification`, () => { | |
| it(`preserves the precision of the number after stringification`, () => { |
There was a problem hiding this comment.
Precision is related but more so that the string is acting as a correct data transfer format, we want to know that the same bytes can be reconstructed from the generated string, sometimes the string changes "4.9406564584124654e-324" -> "5e-324" but both represent the same ieee754 double bytes.
test/node/bson_corpus.spec.test.js
Outdated
| @@ -165,6 +165,11 @@ describe('BSON Corpus', function () { | |||
| describe('valid-extjson', function () { | |||
There was a problem hiding this comment.
it's unclear to me why the changes in this file are necessary. reverting to what's currently in main doesn't make any tests fail. could you explain why we're modifying the test runner?
There was a problem hiding this comment.
With toFixed(1) reintroduced we don't need to skip the multi-type test anymore, I put that back, but it is senitive to changes in string format as opposed to value equivalence.
The changes here are meant to raise issue in the future if there's a change to the output format that would break round tripping the string into a numeric value for all doubles. Since the if stmt on main filtered only for the '1.2345678921232E+18' case we did not need the extra handling for the NaN and -0 cases. The second section which tests round tripping through BSON needs to handle the cases where EJSON automatically converts values to int/long/double based on size and fraction.
baileympearson
approved these changes
Jan 10, 2023
cbush
pushed a commit
to mongodb/docs-realm
that referenced
this pull request
Feb 13, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
<li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(#553)</li>
</ul>
<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg=bson&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
---------
Co-authored-by: snyk-bot <[email protected]>
mongodben
pushed a commit
to mongodben/docs-realm
that referenced
this pull request
Feb 14, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">mongodb#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
<li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">mongodb#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(mongodb#553)</li>
</ul>
<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg=bson&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
---------
Co-authored-by: snyk-bot <[email protected]>
mongodben
pushed a commit
to mongodben/docs-realm
that referenced
this pull request
Feb 14, 2023
<h3>Snyk has created this PR to upgrade bson from 4.7.1 to 4.7.2.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-10.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li>
<b>4.7.2</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.2">2023-01-10</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.2 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4932">NODE-4932</a>:</strong>
remove .0 suffix from double extended json values (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/553"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/553/hovercard">mongodb#553</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
<li>
<b>4.7.1</b> - <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases/tag/v4.7.1">2023-01-05</a></br><p>The
MongoDB Node.js team is pleased to announce version v4.7.1 of the bson
package!</p>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4905">NODE-4905</a>:</strong>
double precision accuracy in canonical EJSON (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/issues/549"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/js-bson/pull/549/hovercard">mongodb#549</a>) (<a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/d86bd52661e7f5d26479f6b63acac7950f505d69">d86bd52</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>API: <a
href="https://snyk.io/redirect/github/mongodb/js-bson#readme">https://github.com/mongodb/js-bson#readme</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/js-bson/blob/4.0/HISTORY.md#change-log">https://github.com/mongodb/js-bson/blob/4.0/HISTORY.md#change-log</a></li>
</ul>
<p>We invite you to try the bson library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/mongodb/js-bson/releases">bson
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>bson</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/c3fc5dfa2ebc399a4bf7e80210405f86a360f642">c3fc5df</a>
chore(release): 4.7.2</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/js-bson/commit/a298d22173e7e07789d86051f95f76153f29e10a">a298d22</a>
fix(NODE-4932): remove .0 suffix from double extended json values
(mongodb#553)</li>
</ul>
<a
href="https://snyk.io/redirect/github/mongodb/js-bson/compare/5465c33b356ceaed05c1759007acdf3ab077ee33...c3fc5dfa2ebc399a4bf7e80210405f86a360f642">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NzRhMWMwYS0wY2ZjLTQ0YzYtYmJkZS0xNTgwYjM4MzM4ZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY3NGExYzBhLTBjZmMtNDRjNi1iYmRlLTE1ODBiMzgzMzhkNiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg=bson&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","prPublicId":"674a1c0a-0cfc-44c6-bbde-1580b38338d6","dependencies":[{"name":"bson","from":"4.7.1","to":"4.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-10T20:47:50.442Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
---------
Co-authored-by: snyk-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
What is changing?
Removes the logic for integer-like doubles
What is the motivation for this change?
Fixes an output incompatibility with other languages
Double check the following
npm run lintscript<type>(NODE-xxxx)<!>: <description>