Skip to content
This repository has been archived by the owner on Dec 25, 2024. It is now read-only.

Bump mongodb from 2.2.36 to 6.1.0 #721

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2023

Bumps mongodb from 2.2.36 to 6.1.0.

Release notes

Sourced from mongodb's releases.

v6.1.0

6.1.0 (2023-09-14)

The MongoDB Node.js team is pleased to announce version 6.1.0 of the mongodb package!

Release Notes

Bump bson version to expose new Decimal128.fromStringWithRounding() method

In this release, we have adopted the changes made to Decimal128 in bson version 6.1.0. We have added a new fromStringWithRounding() method which exposes the previously available inexact rounding behaviour.

See the bson v6.1.0 release notes for more information.

Use region settings for STS AWS credentials request

When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @​aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

[!IMPORTANT] The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

Fix memory leak with ChangeStreams

In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

The function is now implemented as a loop, memory leak be gone!

Features

Bug Fixes

  • NODE-5551: set AWS region from environment variable for STSClient (#3831) (e9a5079)
  • NODE-5588: recursive calls to next cause memory leak (#3841) (9a8fdb2)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v6.0.0

6.0.0 (2023-08-22)

The MongoDB Node.js team is pleased to announce version 6.0.0 of the mongodb package!

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.1.0 (2023-09-14)

Features

Bug Fixes

  • NODE-5551: set AWS region from environment variable for STSClient (#3831) (e9a5079)
  • NODE-5588: recursive calls to next cause memory leak (#3841) (9a8fdb2)

6.0.0 (2023-08-28)

⚠ BREAKING CHANGES

  • NODE-5584: adopt bson v6 and mongodb-client-encryption v6 (#3845)
  • NODE-5484: mark MongoError for internal use and remove Node14 cause assignment logic (#3800)
  • NODE-4788: use implementer Writable methods for GridFSBucketWriteStream (#3808)
  • NODE-4986: remove callbacks from ClientEncryption encrypt, decrypt, and createDataKey (#3797)
  • NODE-5490: bump kerberos compatibility to ^2.0.1 (#3798)
  • NODE-3568: ensure includeResultsMetadata is false by default (#3786)
  • NODE-3989: only accept true and false for boolean options (#3791)
  • NODE-5233: prevent session from one client from being used on another (#3790)
  • NODE-5444: emit deprecation warning for useNewUrlParser and useUnifiedTopology (#3792)
  • NODE-5470: convert remaining FLE to TS and drop support for onKMSProvidersRefresh (#3787)
  • NODE-5508: remove EvalOperation and EvalOptions (#3795)
  • NODE-3920: validate options are not repeated in connection string (#3788)
  • NODE-3924: read tls files async (#3776)
  • NODE-5430: make AutoEncrypter and MongoClient.autoEncrypter internal (#3789)
  • NODE-4961: remove command result from commit and abort transaction APIs (#3784)
  • NODE-2014: return executor result from withSession and withTransaction (#3783)
  • NODE-5409: allow socks to be installed optionally (#3782)
  • NODE-4796: remove addUser and collection.stats APIs (#3781)
  • NODE-4936: remove unsupported options from db.command and admin.command (#3775)
  • NODE-5228: remove unneeded fields from ConnectionPoolCreatedEvent.options (#3772)
  • NODE-5190: remove deprecated keep alive options (#3771)
  • NODE-5186: remove duplicate BulkWriteResult accessors (#3766)
  • NODE-5376: remove deprecated ssl options (#3755)
  • NODE-5415: bump minimum Node.js version to v16.20.1 (#3760)

Features

  • NODE-2014: return executor result from withSession and withTransaction (#3783) (65aa288)
  • NODE-3568: ensure includeResultsMetadata is false by default (#3786) (fee8d3e)
  • NODE-3920: validate options are not repeated in connection string (#3788) (11631a2)
  • NODE-3924: read tls files async (#3776) (68adaf1)
  • NODE-3989: only accept true and false for boolean options (#3791) (e2e36cc)

... (truncated)

Commits
  • e02534e chore(main): release 6.1.0 [skip-ci] (#3853)
  • c6edabb feat(NODE-5634): bump bson version to ^6.1.0 (#3866)
  • 5b9fafd deps(NODE-5446): bump dependencies again for v6 (#3860)
  • b1c0eac refactor(NODE-5379): cursor internals to use async-await (#3804)
  • 2a3de19 chore: skip failing aggregate explain tests (#3863)
  • 68e5d67 test(NODE-5606): use npm 9 on eol node versions (#3858)
  • 177a4fc test(NODE-3049): add astrolabe support to the UnifiedTestRunner (#3805)
  • 3c4feae ci(NODE-5424): test driver latest, client-encryption 6.0.0 in CI (#3855)
  • 9a8fdb2 fix(NODE-5588): recursive calls to next cause memory leak (#3841)
  • e9a5079 fix(NODE-5551): set AWS region from environment variable for STSClient (#3831)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for mongodb since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 1, 2023
@socket-security
Copy link

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: [email protected]

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mongodb-6.1.0 branch from 7c01d21 to d134b72 Compare October 1, 2023 13:04
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mongodb-6.1.0 branch from d134b72 to 2680574 Compare October 13, 2023 21:43
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mongodb-6.1.0 branch 3 times, most recently from b2c94d2 to 9214dad Compare October 16, 2023 22:40
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 2.2.36 to 6.1.0.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v2.2.36...v6.1.0)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/mongodb-6.1.0 branch from 9214dad to 3e4f4ea Compare October 16, 2023 22:43
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 20, 2023

Superseded by #732.

@dependabot dependabot bot closed this Oct 20, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/mongodb-6.1.0 branch October 20, 2023 20:27
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file size/XS
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants