[Snyk] Upgrade mongodb from 4.10.0 to 4.11.0

[PCOffline]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 4.10.0 to 4.11.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 21 days ago, on 2022-10-19.

Release notes

Package name: mongodb

• 4.11.0 - 2022-10-19
  

  The MongoDB Node.js team is pleased to announce version 4.11.0 of the mongodb package!

  Release Highlights

  Recursive Schema Support

  Version 4.3.0 of the Node driver added Typescript support for dot notation into our Filter type but
  in the process it broke support for recursive schemas. In 4.11.0, we now support recursive schemas and
  provide type safety on dot notation queries up to a depth of 9. Beyond a depth of 9, code still compiles
  but is no longer type checked (it falls back to a type of any).

  interface CircularSchema {
  name: string;
  nestedSchema: CircularSchema;
  }

  // we have a collection of type Collection<CircularSchema>

  // below a depth of 9, type checking is enforced
  collection.findOne({ 'nestedSchema.nestedSchema.nestedSchema.name': 25 }) // compilation error - name must be a string

  // at a depth greater than 9, code compiles but is not type checked (11 deep)
  collection.findOne({
  'nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.nestedSchema.name': 25
  }) // NO compilation error

  Note that our depth limit is a product of Typescript's recursive type limitations.

  AWS Authentication

  If the optional aws-sdk dependency is installed, the driver will now use the SDK to get credentials
  from the environment. Because of this, if you have a shared AWS credentials or config file, then
  those credentials will be used by default if AWS auth environment variables are not set. To override this
  behavior, set AWS_SHARED_CREDENTIALS_FILE="" in your shell or set the
  equivalent environment variable value in your script or application. Alternatively, you can create
  an AWS profile specifically for your MongoDB credentials and set the AWS_PROFILE environment
  variable to that profile name.

  External Contributions

  Many thanks to those who contributed to this release!

  • @ ermik provided an extremely large schema to test compilation with, which made testing our new recursive schema support possible with large schemas straightforward.
  • @ noahsilas for documentation improvements in change streams and fixing our Typescript types for read preferences.
  • @ zendagin for adding Typescript support for hashed indexes.
  • @ biniona-mongodb for fixing our parsing of TLS options.
  • @ LinusU for removing support for server versions lower than our minimum supported server version and improving error messages for unacknowledged writes with hints.

  Features

  • NODE-3651: add hashed index type (#3432) (f6b56a1)
  • NODE-3875: support recursive schema types (#3433) (26bce4a)
  • NODE-4503: throw original error when server attaches NoWritesPerformed label (#3441) (a7dab96)
  • NODE-4650: handle handshake errors with SDAM (#3426) (cbe7533)
  • NODE-4721: add aws-sdk as optional dependency (#3446) (b879cb5)

  Bug Fixes

  • NODE-3712,NODE-4546: electionId should be ordered before setVersion (#3174) (ca51fec)
  • NODE-3921: error on invalid TLS option combinations (#3405) (1a550df)
  • NODE-4186: accept ReadPreferenceLike in TransactionOptions type (#3425) (dc62bcb)
  • NODE-4475: make interrupted message more specific (#3437) (5f37cb6)
  • NODE-4608: prevent parallel monitor checks (#3404) (78bcfe4)
  • NODE-4647: improve error message (#3409) (0d3c02e)
  • NODE-4649: use SDAM handling for errors from min pool size population (#3424) (ef3b55d)

  ---

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.11
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.10.0 - 2022-09-19
  

  The MongoDB Node.js team is pleased to announce version 4.10.0 of the mongodb package!

  Release Highlights

  Callback Deprecation

  Looking to improve our API's consistency and handling of errors we are planning to remove callback support in the next major release of the driver. Today marks the notice of their removal. Migrating to a promise only API allows us to offer uniform error handling and better native support for automatic promise construction. In this release you will notice deprecation warnings in doc comments for all our callback overloads and if you are working in VSCode you should notice strikethroughs on these APIs. We encourage you to migrate to promises where possible:

  • Using async/await syntax can yield the best experience with promise usage.
  • Using Node.js' callbackify utility is one approach:
    • require('util').callbackify(() => collection.findOne())(callback)
  • Using .then syntax is another:
    • collection.findOne().then(res => callback(null, res), err => callback(err))
  • And lastly, for large codebases still intertwined with callbacks we have an alternative package prepared.

  MongoDB-Legacy Callback Support

  While the 4.10.0 version only deprecates our support of callbacks, there will be a major version that removes the support altogether. In order to keep using callbacks after v5 is released, we recommend migrating your driver version to mongodb-legacy (github link). This package wraps every single async API our driver offers and is designed to provide the exact behavior of the MongoDB 4.10.0 release (both callbacks and promises are supported). Any new features added to MongoDB will be automatically inherited but will only support promises. This package is fully tested against our current suite and adoption should be confined to changing an import require('mongodb') -> require('mongodb-legacy'). If this package is useful to you and your use case we encourage you to adopt it before v5 to ensure it continues to work as expected.

  Read more about it on the package's readme here:

  • https://github.com/mongodb-js/nodejs-mongodb-legacy#readme

  Features

  • NODE-4385: add cmap pool pausing functionality (#3321) (335ee55)
  • NODE-4484: add experimental support for disambiguatedPaths in change stream documents (#3365) (846365a)
  • NODE-4519: deprecate promiseLibrary and PromiseProvider (#3403) (5c322b6)
  • NODE-4547: mark all callback APIs as deprecated (#3388) (a983f14)
  • NODE-4634: add support for bulk FindOperators.hint() (#3408) (8758890)

  Bug Fixes

  • NODE-3144: pool clear event ordering and retryability tests (#3407) (bdc0d67)
  • NODE-4557: randomize servers when there are only 2 eligible servers (#3390) (ddcfa49)
  • NODE-4583: revert nested union type support (#3383) (7f94f0a)
  • NODE-4591: only set loadBalanced on handshake when explicitly set (#3386) (57e9f2d)
  • NODE-4621: ipv6 address handling in HostAddress (#3410) (5eb3978)
  • NODE-4639: allow PromiseProvider to be null (#3412) (d29b3d9)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.10
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 6fb87e4 chore(release): 4.11.0
• 631455d docs(NODE-4724): update fle docs to use "in use encryption" terminology (#3448)
• 7a8b186 docs(NODE-4554): remove experimental tag from disambiguatedPaths (#3450)
• 8f06a55 chore(NODE-4700): update dependencies (#3439)
• b879cb5 feat(NODE-4721): add aws-sdk as optional dependency (#3446)
• 5f37cb6 fix(NODE-4475): make interrupted message more specific (#3437)
• 26bce4a feat(NODE-3875): support recursive schema types (#3433)
• a7dab96 feat(NODE-4503): throw original error when server attaches NoWritesPerformed label (#3441)
• dbfb7d5 docs: Note special case in `AbstractCursor.forEach()` iterator (#3445)
• bf000ae refactor(NODE-4689): track checked out connections (#3440)
• 9654442 ci: bump mongodb-client-encryption version (#3435)
• 69f64e7 test(NODE-4642): fix serverApi strict tests (#3436)
• f1b55db test(NODE-4628, NODE-4640): sync fle and change stream spec tests (#3434)
• ca51fec fix(NODE-3712,NODE-4546): electionId should be ordered before setVersion (#3174)
• f6b56a1 feat(NODE-3651): add hashed index type (#3432)
• fc719da ci(NODE-4651): add Node.js 18 (#3427)
• 78bcfe4 fix(NODE-4608): prevent parallel monitor checks (#3404)
• 1a550df fix(NODE-3921): error on invalid TLS option combinations (#3405)
• dc62bcb fix(NODE-4186): accept ReadPreferenceLike in TransactionOptions type (#3425)
• 82b4a23 refactor(NODE-4632): async await in MongoClient, ClientSession, and AbstractCursor (#3428)
• 9e3ba81 refactor(NODE-4638): prevent parallel calls to `fn` in the async interval (#3413)
• 5f34ad0 feat(NODE-3255): add minPoolSizeCheckIntervalMS option to connection pool (#3429)
• 6aeff81 test(NODE-2988): monitors wait minHeartbeatFrequencyMS between checks (#3430)
• efb47a9 docs: generate docs from latest main (#3414)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs