[Snyk] Upgrade mongodb from 3.5.9 to 3.7.3 #11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade mongodb from 3.5.9 to 3.7.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-BL-608877
Why? Proof of Concept exploit, CVSS 7.7
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongodb
The MongoDB Node.js team is pleased to announce version 3.7.3 of the mongodb package!
What's Changed
Full Changelog: v3.7.2...v3.7.3
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.7.2 of the mongodb package!
Release Highlights
This release contains a fix for optional require of dependencies on yarn berry.
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.7.1 of the mongodb package!
Release Highlights
This release contains an internal improvement that makes our monitor utilize the new hello handshake for monitoring when available.
Features
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.7.0 of the mongodb package!
Release Highlights
Versioned API
Versioned API is a new feature in MongoDB 5.0 that allows user-selectable API versions, subsets of MongoDB server semantics, to be declared on a client. During communication with a server, clients with a declared API version will force the server to behave in a manner compatible with the API version. Declaring an API version on a client can be used to ensure consistent responses from a server, providing long term API stability for an application. The declared API version is applied to all commands run through the client, including those sent through the generic RunCommand helper. Specifying versioned API options in the command document AND declaring an API version on the client is not supported and will lead to undefined behavior.
Declare an API version on a client
client = new MongoClient(uri, { serverApi: { version: '1' } });
cursor = client.db('database').collection('coll').find(...);
Strict mode
Declaring a
strict
API version will cause the MongoDB server to reject all commands that are not part of the declared API version. This includes command options and aggregation pipeline stages. For example, the followingfind
call would fail because thetailable
option is not part of version 1:client = new MongoClient(uri, { serverApi: { version: '1', strict: true } });
// Fails with an error
cursor = client.db('database').collection('coll').find({ ... }, { tailable: true });
Deprecation Errors
The
deprecationErrors
option can be used to enable command failures when using functionality that is deprecated from version 1. Note that at the time of this writing, no deprecations in version 1 exist.client = new MongoClient(uri, { serverApi: { version: '1', deprecationErrors: true } });
// Note: since API version "1" is the initial version, there are no deprecated commands to provide as an example yet.
Features
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.12 of the mongodb package!
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
The MongoDB Node.js team is pleased to announce version 3.6.11 of the mongodb package!
Release Highlights
This patch addresses a few bugs listed below.
Notably, we fixed an issue with the way we imported one of our optional dependencies that blocked webpack bundling.
If you are a webpack user you will still get warnings for our optional dependencies (if you don't use them).
You can hush the warnings by adding this option to your webpack config:
It is important to note that this will leave the imports in place and not pull in the code to your bundle. If you later do adopt using these dependencies you'll want to revert the relevant setting.
Bug Fixes
Documentation
We invite you to try the mongodb package immediately, and report any issues to the NODE project.
Commit messages
Package name: mongodb
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs