Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongodb from 4.2.2 to 4.7.0 #44

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade mongodb from 4.2.2 to 4.7.0 #44

wants to merge 1 commit into from

Conversation

donfn
Copy link
Contributor

@donfn donfn commented Jul 1, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongodb from 4.2.2 to 4.7.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 24 days ago, on 2022-06-06.
Release notes
Package name: mongodb
  • 4.7.0 - 2022-06-06

    The MongoDB Node.js team is pleased to announce version 4.7.0 of the mongodb package! Happy MongoDB World Day!

    Release Highlights

    Support for ZSTD Compression

    zstd compression is now supported by the NodeJS driver. To enable zstd compression, add it as a dependency in your project: npm install –save @ mongodb-js/zstd. The add the option to your URI options: mongodb://host:port/db?compressors=zstd.

    Improved Connection Storm Avoidance

    The Node driver has improved connection storm avoidance by limiting the number of connections that the driver will attempt to open to each server at a time. The number of concurrent connection attempts is set to 2 by default, but can be configured with a new MongoClient argument, maxConnecting. The following code example creates a new MongoClient that configures maxConnecting to 5.

    const client = new MongoClient('MONGODB_URL', { maxConnecting: 5 });

    Expanded Change Stream Events

    The collection.watch function now supports a new option, showExpandedEvents. When showExpandedEvents is enabled, change streams will report the following events on servers 6.0 and later:

    • createIndexes
    • dropIndexes
    • modify
    • create
    • shardCollection

    On servers 6.1.0 and later, showExpandedEvents will also show change stream events for the following commands:

    • reshardCollection
    • refineCollectionShardKey

    As an example, the following code creates a change stream that has expanded events enabled on a collection:

    const client = new MongoClient('MONGODB_URL');
    await client.connect();

    const collection = client.db('example-db').collection('example-collection');
    const changeStream = collection.watch([], { showExpandedEvents: true });

    Change Stream Support of Pre/Post Images

    Change streams now support pre and post images for update events. To enable pre and post images, the collection must be created with the changeStreamPreAndPostImages option enabled:

    const collection = await db.createCollection(‘collectionName’, { changeStreamPreAndPostImages: { enabled: true }} )

    Pre and post images can then be enabled on the change stream when the change stream is created:

    const changeStream = collection.watch([], { fullDocumentBeforeChange: ‘required’ })

    See the documentation on pre and post images for more information: https://www.mongodb.com/docs/v6.0/changeStreams/#change-streams-with-document-pre--and-post-images.

    Improved Performance in Serverless Environments

    The driver now only processes the most recent server monitoring event if multiple heartbeat events are recorded in sequence before any can be processed. In serverless environments, this results in increased performance when a function is invoked after a period of inactivity as well as lower resource consumption.

    Estimated Document Count uses the Count command

    The 5.0 server compatible release unintentionally broke the estimatedDocumentCount command on views by changing the implementation from the count command to aggregate and a collStats stage. This release fixes estimatedDocumentCount on views by reverting the implementation to use count.

    Due to an oversight, the count command was omitted from the Stable API in server versions 5.0.0 - 5.0.8 and 5.1.0 - 5.3.1, so users of the Stable API with estimatedDocumentCount are recommended to upgrade their MongoDB clusters to 5.0.9 or 5.3.2 (if on Atlas) or set apiStrict: false when constructing their MongoClients.

    MongoClient.connect is now optional

    If an operation is run before MongoClient.connect is called by the client, the driver will now automatically connect along with that first operation. This makes the repl experience much more streamlined, going right from client construction to your first insert or find. However, MongoClient.connect can still be called manually and remains useful for learning about misconfiguration (auth, server not started, connection string correctness) early in your application's startup.

    Note: It's a known limitation that explicit sessions (client.startSession) and initializeOrderedBulkOp, initializeUnorderedBulkOp cannot be used until MongoClient.connect is first called. Look forward to a future patch release that will correct these inconsistencies.

    Support for Clustered Collections

    Clustered Collections can now be created using the createCollection method in the Node driver:

    const client = new MongoClient('MONGODB_URL');
// No need to connect anymore! (see above)
const collection = await client.db(‘example-db’).createCollection(‘example-collection’, { 
    key: _id,
    unique: true
});

    More information about clustered indexes can be found on the official documentation page. https://www.mongodb.com/docs/upcoming/core/clustered-collections/

    Automatic Encryption Shared Library

    To enable the driver to use the new Automatic Encryption Shared Library instead of using mongocryptd, pass the location of the library in the auto-encryption extra options to the MongoClient. Example:

    const client = new MongoClient(uri, {
    autoEncryption: {
    keyVaultNamespace: 'encryption.__keyVault',
    kmsProviders: {
    local: { key: 'localKey' }
    },
    extraOptions: {
    cryptSharedLibPath: "/path/to/mongo_crypt_v1.dylib",
    },
    encryptedFieldsMap: {
    "default.secretCollection": {
    [
    {
    keyId: '_id',
    path: 'ssn',
    bsonType: 'string',
    queries: { queryType: 'equality' }
    }
    ]
    },
    },
    },
    })

    Queryable Encryption Preview

    Queryable Encryption is a beta feature that enables you to encrypt data in your application before you send it over the network to MongoDB while still maintaining the ability to query the encrypted data. With Queryable Encryption enabled, no MongoDB-managed service has access to your data in an unencrypted form.

    Checkout the documentation: https://www.mongodb.com/docs/upcoming/core/queryable-encryption/queryable-encryption/

    ATTENTION: This feature is included in this release as a beta preview. All related APIs marked with @ expiremental in the documentation. There are no guarantees that the APIs will not undergo breaking changes without prior notice.

    Features:

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 4.6.0 - 2022-05-11
    Read more
  • 4.6.0-alpha.0 - 2022-05-04

    The MongoDB Node.js team is pleased to announce version v4.6.0-alpha.0 of the mongodb package!

    Release Highlights

    This release is for internal testing - NOT intended for use production.

    Features

    Bug Fixes

    Documentation

  • 4.5.0 - 2022-04-04
    Read more
  • 4.4.1 - 2022-03-03
    Read more
  • 4.4.0 - 2022-02-17
    Read more
  • 4.3.1 - 2022-01-18
    Read more
  • 4.3.0 - 2022-01-06
    Read more
  • 4.2.2 - 2021-12-13
    Read more
from mongodb GitHub release notes
Commit messages
Package name: mongodb
  • 1cc2c4b chore(release): 4.7.0
  • c8362eb test: resumability for change stream unified tests (#3282)
  • 9c1782e feat(NODE-4196): add support for showExpandedEvents in change streams (#3254)
  • ed50ef5 test(NODE-4262): simplify leak checker for startSession fixes (#3281)
  • 0936b58 chore: skip failing TS version (#3285)
  • 7a5d2f5 chore: add generated docs files to release commit (#3283)
  • 6cae4b4 test(NODE-4270): convert command monitoring tests to unified format (#3276)
  • f8e7301 chore(NODE-4285): rename csfle shared library references (#3280)
  • 4501a1c fix(NODE-4281): ensure that the driver always uses Node.js timers (#3275)
  • 47adfb3 feat(NODE-4081): fix and deprecate change stream resume options (#3270)
  • cb3e860 test: improve change stream tests (#3272)
  • 52fea4d test(NODE-4274): fix `match` logic in unified spec runner (#3267)
  • ee41447 feat(NODE-3750): make maxConnecting configurable (#3261)
  • f1887bf chore: update typescript version (#3268)
  • d13cec2 feat(NODE-4229): bump maxWireVersion to 17 (#3265)
  • 11e7e00 test(NODE-4255): sync clustered index spec tests (#3266)
  • 6845069 chore(NODE-4246): update FLE2 collection management (#3251)
  • 52eb62b chore(NODE-4265): fle2 -> queryable encryption (#3263)
  • cd6b5a0 fix(NODE-4254): allow csfle to be dynamically required (#3260)
  • 4b9ad77 feat(NODE-4139): streaming protocol message changes (#3256)
  • c496c25 chore(NODE-4266): improve error message for SCRAM-SHA-1 in FIPS mode (#3258)
  • c9d3816 feat(NODE-2993): implement maxConnecting (#3255)
  • b2798d9 fix(NODE-4103): respect BSON options when creating change streams (#3247)
  • 1261432 feat(NODE-1837): add zstd compression option (#3237)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@donfn @snyk-bot