[Snyk] Upgrade mongodb from 4.2.2 to 4.7.0

[donfn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 4.2.2 to 4.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2022-06-06.

Release notes

Package name: mongodb

• 4.7.0 - 2022-06-06
  

  The MongoDB Node.js team is pleased to announce version 4.7.0 of the mongodb package! Happy MongoDB World Day!

  Release Highlights

  Support for ZSTD Compression

  zstd compression is now supported by the NodeJS driver. To enable zstd compression, add it as a dependency in your project: npm install –save @ mongodb-js/zstd. The add the option to your URI options: mongodb://host:port/db?compressors=zstd.

  Improved Connection Storm Avoidance

  The Node driver has improved connection storm avoidance by limiting the number of connections that the driver will attempt to open to each server at a time. The number of concurrent connection attempts is set to 2 by default, but can be configured with a new MongoClient argument, maxConnecting. The following code example creates a new MongoClient that configures maxConnecting to 5.

  const client = new MongoClient('MONGODB_URL', { maxConnecting: 5 });

  Expanded Change Stream Events

  The collection.watch function now supports a new option, showExpandedEvents. When showExpandedEvents is enabled, change streams will report the following events on servers 6.0 and later:

  • createIndexes
  • dropIndexes
  • modify
  • create
  • shardCollection

  On servers 6.1.0 and later, showExpandedEvents will also show change stream events for the following commands:

  • reshardCollection
  • refineCollectionShardKey

  As an example, the following code creates a change stream that has expanded events enabled on a collection:

  const client = new MongoClient('MONGODB_URL');
  await client.connect();

  const collection = client.db('example-db').collection('example-collection');
  const changeStream = collection.watch([], { showExpandedEvents: true });

  Change Stream Support of Pre/Post Images

  Change streams now support pre and post images for update events. To enable pre and post images, the collection must be created with the changeStreamPreAndPostImages option enabled:

  const collection = await db.createCollection(‘collectionName’, { changeStreamPreAndPostImages: { enabled: true }} )

  Pre and post images can then be enabled on the change stream when the change stream is created:

  const changeStream = collection.watch([], { fullDocumentBeforeChange: ‘required’ })

  See the documentation on pre and post images for more information: https://www.mongodb.com/docs/v6.0/changeStreams/#change-streams-with-document-pre--and-post-images.

  Improved Performance in Serverless Environments

  The driver now only processes the most recent server monitoring event if multiple heartbeat events are recorded in sequence before any can be processed. In serverless environments, this results in increased performance when a function is invoked after a period of inactivity as well as lower resource consumption.

  Estimated Document Count uses the Count command

  The 5.0 server compatible release unintentionally broke the estimatedDocumentCount command on views by changing the implementation from the count command to aggregate and a collStats stage. This release fixes estimatedDocumentCount on views by reverting the implementation to use count.

  Due to an oversight, the count command was omitted from the Stable API in server versions 5.0.0 - 5.0.8 and 5.1.0 - 5.3.1, so users of the Stable API with estimatedDocumentCount are recommended to upgrade their MongoDB clusters to 5.0.9 or 5.3.2 (if on Atlas) or set apiStrict: false when constructing their MongoClients.

  MongoClient.connect is now optional

  If an operation is run before MongoClient.connect is called by the client, the driver will now automatically connect along with that first operation. This makes the repl experience much more streamlined, going right from client construction to your first insert or find. However, MongoClient.connect can still be called manually and remains useful for learning about misconfiguration (auth, server not started, connection string correctness) early in your application's startup.

  Note: It's a known limitation that explicit sessions (client.startSession) and initializeOrderedBulkOp, initializeUnorderedBulkOp cannot be used until MongoClient.connect is first called. Look forward to a future patch release that will correct these inconsistencies.

  Support for Clustered Collections

  Clustered Collections can now be created using the createCollection method in the Node driver:

  const client = new MongoClient('MONGODB_URL');
  // No need to connect anymore! (see above)
  const collection = await client.db(‘example-db’).createCollection(‘example-collection’, { 
      key: _id,
      unique: true
  });

  More information about clustered indexes can be found on the official documentation page. https://www.mongodb.com/docs/upcoming/core/clustered-collections/

  Automatic Encryption Shared Library

  To enable the driver to use the new Automatic Encryption Shared Library instead of using mongocryptd, pass the location of the library in the auto-encryption extra options to the MongoClient. Example:

  const client = new MongoClient(uri, {
  autoEncryption: {
  keyVaultNamespace: 'encryption.__keyVault',
  kmsProviders: {
  local: { key: 'localKey' }
  },
  extraOptions: {
  cryptSharedLibPath: "/path/to/mongo_crypt_v1.dylib",
  },
  encryptedFieldsMap: {
  "default.secretCollection": {
  [
  {
  keyId: '_id',
  path: 'ssn',
  bsonType: 'string',
  queries: { queryType: 'equality' }
  }
  ]
  },
  },
  },
  })

  Queryable Encryption Preview

  Queryable Encryption is a beta feature that enables you to encrypt data in your application before you send it over the network to MongoDB while still maintaining the ability to query the encrypted data. With Queryable Encryption enabled, no MongoDB-managed service has access to your data in an unencrypted form.

  Checkout the documentation: https://www.mongodb.com/docs/upcoming/core/queryable-encryption/queryable-encryption/

  ATTENTION: This feature is included in this release as a beta preview. All related APIs marked with @ expiremental in the documentation. There are no guarantees that the APIs will not undergo breaking changes without prior notice.

  Features:

  • NODE-1837: add zstd compression option (#3237) (1261432)
  • NODE-2993: implement maxConnecting (#3255) (c9d3816)
  • NODE-3750: make maxConnecting configurable (#3261) (ee41447)
  • NODE-3938: Add support for pre/post images in change streams (#3250) (981465c)
  • NODE-4079: estimated document count uses count (#3244) (a752e75)
  • NODE-4081: fix and deprecate change stream resume options (#3270) (47adfb3)
  • NODE-4139: streaming protocol message changes (#3256) (4b9ad77)
  • NODE-4192: make MongoClient.connect optional (#3232) (a2359e4)
  • NODE-4196: add support for showExpandedEvents in change streams (#3254) (9c1782e)
  • NODE-4229: bump maxWireVersion to 17 (#3265) (d13cec2)

  Bug Fixes

  • NODE-4103: respect BSON options when creating change streams (#3247) (b2798d9)
  • NODE-4108: improve return type for withTransaction() (#3236) (48e0e6e)
  • NODE-4254: allow csfle to be dynamically required (#3260) (cd6b5a0)
  • NODE-4281: ensure that the driver always uses Node.js timers (#3275) (4501a1c)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.7
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.6.0 - 2022-05-11
  Read more
• 4.6.0-alpha.0 - 2022-05-04
  

  The MongoDB Node.js team is pleased to announce version v4.6.0-alpha.0 of the mongodb package!

  Release Highlights

  This release is for internal testing - NOT intended for use production.

  Features

  Bug Fixes

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/4.5
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md
• 4.5.0 - 2022-04-04
  Read more
• 4.4.1 - 2022-03-03
  Read more
• 4.4.0 - 2022-02-17
  Read more
• 4.3.1 - 2022-01-18
  Read more
• 4.3.0 - 2022-01-06
  Read more
• 4.2.2 - 2021-12-13
  Read more

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 1cc2c4b chore(release): 4.7.0
• c8362eb test: resumability for change stream unified tests (#3282)
• 9c1782e feat(NODE-4196): add support for showExpandedEvents in change streams (#3254)
• ed50ef5 test(NODE-4262): simplify leak checker for startSession fixes (#3281)
• 0936b58 chore: skip failing TS version (#3285)
• 7a5d2f5 chore: add generated docs files to release commit (#3283)
• 6cae4b4 test(NODE-4270): convert command monitoring tests to unified format (#3276)
• f8e7301 chore(NODE-4285): rename csfle shared library references (#3280)
• 4501a1c fix(NODE-4281): ensure that the driver always uses Node.js timers (#3275)
• 47adfb3 feat(NODE-4081): fix and deprecate change stream resume options (#3270)
• cb3e860 test: improve change stream tests (#3272)
• 52fea4d test(NODE-4274): fix `match` logic in unified spec runner (#3267)
• ee41447 feat(NODE-3750): make maxConnecting configurable (#3261)
• f1887bf chore: update typescript version (#3268)
• d13cec2 feat(NODE-4229): bump maxWireVersion to 17 (#3265)
• 11e7e00 test(NODE-4255): sync clustered index spec tests (#3266)
• 6845069 chore(NODE-4246): update FLE2 collection management (#3251)
• 52eb62b chore(NODE-4265): fle2 -> queryable encryption (#3263)
• cd6b5a0 fix(NODE-4254): allow csfle to be dynamically required (#3260)
• 4b9ad77 feat(NODE-4139): streaming protocol message changes (#3256)
• c496c25 chore(NODE-4266): improve error message for SCRAM-SHA-1 in FIPS mode (#3258)
• c9d3816 feat(NODE-2993): implement maxConnecting (#3255)
• b2798d9 fix(NODE-4103): respect BSON options when creating change streams (#3247)
• 1261432 feat(NODE-1837): add zstd compression option (#3237)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs