Skip to content

Bump bson and mongodb#14

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/bson-and-mongodb-5.4.0
Open

Bump bson and mongodb#14
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/bson-and-mongodb-5.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2023

Copy link
Copy Markdown
Contributor

Bumps bson to 5.4.0 and updates ancestor dependency mongodb. These dependencies need to be updated together.

Updates bson from 1.0.9 to 5.4.0

Release notes

Sourced from bson's releases.

v5.4.0

5.4.0 (2023-07-03)

The MongoDB Node.js team is pleased to announce version 5.4.0 of the bson package!

Release Notes

Improved React Native experience

The BSON package now ships a bundle made to work on React Native without additional polyfills preconfigured. The necessary APIs (TextEncoder/TextDecoder & atob/btoa) are now vendored into the RN bundle directly. Users should still install react-native-get-random-values themselves to get securely generated UUIDs and ObjectIds. Read more in the React Native section of our readme.

Improved BSON UTF8 Decoding Performance

In the v5 major release of BSON we internally abstracted the different byte manipulation APIs used based on whether the library is running in Node.js or in a browser. This abstraction required us to create a subarray before invoking the environment's UTF8 decoding API. Creating the subarray before invoking Node.js' Buffer.prototype.toString API turns out to cause an unnecessary slow down. We have now updated the UTF8 stringification step on Node.js to invoke Buffer.prototype.toString with the start and end offsets. See #585 for our research.

Features

  • NODE-4938: improve react native bundle experience (#578) (7e16636)

Bug Fixes

  • NODE-5363: defer byte slicing to utf8 decoding API in nodejs (#585) (e087042)

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

v5.3.0

The MongoDB Node.js team is pleased to announce version 5.3.0 of the bson package!

Release Highlights

This release fixes a strictness issue with our UUID class. The UUID class has and will continue to generate UUID v4 bytes. However, now when reading UUIDs from MongoDB the UUID can be whatever format was inserted to the database, instead of throwing an error. This will notably help with data that has empty GUID values.

Deprecation

  • NODE-5224: deprecate UUID hex string cache control (#573) (70aea75)

Bug Fix

  • NODE-4960: UUID validation too strict (#572) (d239cd1)

Documentation

... (truncated)

Changelog

Sourced from bson's changelog.

5.4.0 (2023-07-03)

Features

  • NODE-4938: improve react native bundle experience (#578) (7e16636)

Bug Fixes

  • NODE-5363: defer byte slicing to utf8 decoding API in nodejs (#585) (e087042)

5.3.0 (2023-05-10)

Features

  • NODE-5224: deprecate UUID hex string cache control (#573) (70aea75)

Bug Fixes

  • NODE-4960: UUID validation too strict (#572) (d239cd1)

5.2.0 (2023-04-04)

Features

  • NODE-4855: add hex and base64 ctor methods to Binary and ObjectId (#569) (0d49a63)

5.1.0 (2023-03-16)

Features

  • NODE-4789: support Map stringification in EJSON (#567) (c70c82d)

5.0.1 (2023-02-16)

Bug Fixes

  • NODE-5025: no type definitions for es module (#563) (50e90fc)
  • NODE-5048: webpack unable to bundle import with leading 'node:' (#564) (3aed24a)
  • NODE-5056: EJSON.parse date handling when useBigInt64=true (#562) (d5088af)

5.0.0 (2023-01-31)

5.0.0-alpha.3 (2023-01-20)

... (truncated)

Commits
  • 4c1db9a chore(main): release 5.4.0 (#588)
  • 5483367 chore: fix pr number url regex for pr_list (#589)
  • dcbd43c chore: fix package-name
  • e087042 fix(NODE-5363): defer byte slicing to utf8 decoding API in nodejs (#585)
  • 2ea58cf chore(NODE-5383): add release automation (#586)
  • bc95ab4 chore(NODE-5362): update benchmark tooling (#584)
  • b0898fb ci(NODE-5329): install npm to node_artifacts directory (#581)
  • 7e16636 feat(NODE-4938): improve react native bundle experience (#578)
  • 81227bf chore(NODE-5324): update to typescript 5 (#579)
  • 259547d ci(NODE-5271): add node 20 (#577)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for bson since your current version.


Updates mongodb from 2.2.36 to 5.7.0

Release notes

Sourced from mongodb's releases.

v5.7.0

5.7.0 (2023-07-06)

The MongoDB Node.js team is pleased to announce version 5.7.0 of the mongodb package!

Release Notes

Write Concern legacy options deprecated

wtimeout, j, and fsync options have been deprecated, please use wtimeoutMS and journal instead.

Legacy SSL options deprecated

In an effort to simplify TLS setup and use with the driver we're paring down the number of custom options to the ones that are common to all drivers. This should reduce inadvertent misconfiguration due to conflicting options.

The legacy "ssl-" options have been deprecated, each has a corresponding "tls-" option listed in the table below (except for sslCRL, you may directly use the Node.js crl option instead). tlsCertificateFile has also been deprecated, please use tlsCertificateKeyFile or pass the cert directly to the MongoClient constructor.

In addition to the common driver options, the Node.js driver also passes through Node.js TLS options provided on the MongoClient to Node.js' tls.connect API, which may be convenient to reuse with other Node.js APIs.

Node.js native option MongoDB driver option name legacy option name driver option type
ca tlsCAFile sslCA string
crl N/A sslCRL string
cert tlsCertificateKeyFile sslCert string
key tlsCertificateKeyFile sslKey string
passphrase tlsCertificateKeyFilePassword sslPass string
rejectUnauthorized tlsAllowInvalidCertificates sslValidate boolean

New includeResultMetadata option for findOneAnd... family of methods.

This option defaults to true, which will return a ModifyResult type. When set to false, which will become the default in the next major release, it will return the modified document or null if nothing matched. This applies to findOneAndDelete, findOneAndUpdate, findOneAndReplace.

// With a document { _id: 1, a: 1 } in the collection
await collection.findOneAndDelete({ a: 1 }, { includeResultMetadata: false }); // returns { _id: 1, a: 1 }
await collection.findOneAndDelete({ a: 2 }, { includeResultMetadata: false }); // returns null
await collection.findOneAndDelete({ a: 1 }, { includeResultMetadata: true }); // returns { ok: 1, lastErrorObject: { n: 1 }, value: { _id: 1, a: 1 }}

Support for change stream split events

When change stream documents exceed the max BSON size limit of 16MB, they can be split into multiple fragments in order to not error when sending events over the wire. In order to enable this functionality, the collection must be created with changeStreamPreAndPostImages enabled and the change stream itself must include an $changeStreamSplitLargeEvent aggregation stage. This feature requires a minimum server version of 7.0.0.

Example:

await db.createCollection('test', { changeStreamPreAndPostImages: { enabled: true }});
</tr></table> 

... (truncated)

Changelog

Sourced from mongodb's changelog.

5.7.0 (2023-07-06)

Features

Bug Fixes

  • NODE-4977: load snappy lazily (#3726) (865e658)
  • NODE-5102: listDatabases nameOnly setting is sent as NaN (#3742) (b97132e)
  • NODE-5289: prevent scram auth from throwing TypeError if saslprep is not a function (#3727) (e006347)
  • NODE-5374: do not apply cursor transform in Cursor.hasNext (#3746) (0668cd8)

5.6.0 (2023-06-01)

Features

Bug Fixes

  • NODE-5249: remove strict flag from create collection options (#3677) (be8faaf)
  • NODE-5296: construct error messages for AggregateErrors in Node16+ (#3682) (e03178e)

5.5.0 (2023-05-11)

Features

  • NODE-4720: Add log messages to CMAP spec (#3645) (b27f385)
  • NODE-5004: dont create or drop ecc collections (#3660) (2264fbb)

Bug Fixes

  • NODE-5260: AWS Lambda metadata detection logic is too permissive (#3663) (d74d3f9)

... (truncated)

Commits
  • e16246d chore(main): release 5.7.0 [skip-ci] (#3735)
  • 6a574cf feat(NODE-5407): update bson to 5.4.0 (#3754)
  • 1f880ea feat(NODE-5274): deprecate write concern options (#3752)
  • 0668cd8 fix(NODE-5374): do not apply cursor transform in Cursor.hasNext (#3746)
  • ccc5e30 chore: update release 4x workflow name (#3751)
  • 865e658 fix(NODE-4977): load snappy lazily (#3726)
  • dda4ec0 chore(NODE-5382): add 4.x release workflow (#3748)
  • b97132e fix(NODE-5102): listDatabases nameOnly setting is sent as NaN (#3742)
  • a329748 refactor(NODE-5352): refactor AbstractOperation to use async (#3729)
  • 1d31888 ci(NODE-5361): use task groups for lambda (#3740)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by w-a-james, a new releaser for mongodb since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [bson](https://github.com/mongodb/js-bson) to 5.4.0 and updates ancestor dependency [mongodb](https://github.com/mongodb/node-mongodb-native). These dependencies need to be updated together.


Updates `bson` from 1.0.9 to 5.4.0
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md)
- [Commits](mongodb/js-bson@v1.0.9...v5.4.0)

Updates `mongodb` from 2.2.36 to 5.7.0
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v2.2.36...v5.7.0)

---
updated-dependencies:
- dependency-name: bson
  dependency-type: indirect
- dependency-name: mongodb
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants