[Snyk] Upgrade mongodb from 5.7.0 to 5.9.0

[jonasdamher]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 5.7.0 to 5.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-09-14.

Release notes

Package name: mongodb

• 5.9.0 - 2023-09-14
  

  5.9.0 (2023-09-14)

  The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!

  Release Notes

  Bumped bson version to make use of new Decimal128 behaviour

  In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.

  See the bson v5.5.0 release notes for more information.

  Use region settings for STS AWS credentials request

  When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

  The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

  Important
  The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

  Fix memory leak with ChangeStreams

  In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

  The function is now implemented as a loop, memory leak be gone!

  Features

  • NODE-5564: bump bson version to ^5.5.0 (#3865) (dc110e0)

  Bug Fixes

  • NODE-5550: set AWS region from environment variable for STSClient (#3851) (2fab06b)
  • NODE-5587: recursive calls to next cause memory leak (#3842) (f60f1b5)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.8.1 - 2023-08-23
  

  5.8.1 (2023-08-23)

  The MongoDB Node.js team is pleased to announce version 5.8.1 of the mongodb package!

  Release Notes

  Import of saslprep updated to correct library.

  Fixes the import of saslprep to be the correct @ mongodb-js/saslprep library.

  Bug Fixes

  • NODE-5572: fix saslprep import (#3837) (250dc21)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.8.0 - 2023-08-21
  

  5.8.0 (2023-08-21)

  The MongoDB Node.js team is pleased to announce version 5.8.0 of the mongodb package!

  Release Notes

  The AutoEncrypter interface has been deprecated

  The AutoEncrypter interface was used internally but accidentally made public in the 4.x version of the driver. It is now deprecated and will be made internal in the next major release.

  Kerberos support for 1.x and 2.x

  Moves the kerberos dependency back to ^1.0.0 || ^2.0.0 to indicate support for both 1.x and 2.x. Support for 1.x is removed in 6.0.

  Fixed accidental deprecation warning

  Because of internal options handling, a deprecation was emitted for tlsCertificateFile when using tlsCertificateKeyFile. That has been corrected.

  Remove credential availability on ConnectionPoolCreatedEvent

  In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.

  Features

  • NODE-5399: use mongodb-js/saslprep instead of saslprep (#3818) (c0d3927)
  • NODE-5429: deprecate the AutoEncrypter interface (#3764) (9bb0d95)
  • NODE-5465,NODE-5538: lower @ aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#3821) (39ff81d)

  Bug Fixes

  • NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803) (c3b35b3)
  • NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810) (e81d4a2)
  • NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#3813) (4cf1e96)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.7.0 - 2023-07-06
  Read more

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 6861e19 chore(5.x): release 5.9.0 [skip-ci] (#3852)
• dc110e0 feat(NODE-5564): bump bson version to ^5.5.0 (#3865)
• 3e56c67 test(NODE-5619): use npm 9 on eol node versions (#3861)
• f60f1b5 fix(NODE-5587): recursive calls to next cause memory leak (#3842)
• 2fab06b fix(NODE-5550): set AWS region from environment variable for STSClient (#3851)
• 435f88b chore(5.x): release 5.8.1 [skip-ci] (#3839)
• 250dc21 fix(NODE-5572): fix saslprep import (#3837)
• d6eac31 docs(NODE-5562): update upcoming crl option changes (#3836)
• 43673fa chore(5.x): release 5.8.0 [skip-ci] (#3825)
• 4b2fc79 docs: fix cutoff sentence on CommandStartedEvent (#3828)
• 39ff81d feat(NODE-5465,NODE-5538): lower `@ aws-sdk/credential-providers` version to 3.188.0 and `zstd` to `^1.0.0` (#3821)
• e1af343 chore: update release automation scripts 5.x (#3823)
• c0d3927 feat(NODE-5399): use mongodb-js/saslprep instead of saslprep (#3818)
• 4cf1e96 fix(NODE-5537): remove credentials from ConnectionPoolCreatedEvent options (#3813)
• e81d4a2 fix(NODE-5495): do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810)
• c3b35b3 fix(NODE-5489): set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803)
• cc3069d Revert "feat(NODE-5489): update kerberos dependency"
• 8c25d6d feat(NODE-5489): update kerberos dependency
• 9bb0d95 feat(NODE-5429): deprecate the `AutoEncrypter` interface (#3764)
• cd923c8 chore(NODE-5426): move FLE code into driver (#3761)
• 77a2709 refactor(NODE-5360): refactor CommandOperation to use async (#3749)
• eb99291 ci(NODE-4615): bump flaky operation count tests threshold (#3753)
• 8649221 docs(5.7.0) (#3758)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs