[Snyk] Upgrade mongodb from 3.5.8 to 3.5.9

[snyk-bot]

Snyk has created this PR to upgrade mongodb from 3.5.8 to 3.5.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 22 days ago, on 2020-06-12.

Release notes

Package name: mongodb

• 3.5.9 - 2020-06-12
  

  The MongoDB Node.js team is pleased to announce version 3.5.9 of the driver

  Release Highlights

  Use duration of handshake if no previous roundTripTime exists

  The default roundTripTime of a ServerDescription is -1, which means if that value is used we can potentially calculate a negative roundTripTime. Instead, if no previous roundTripTime exists, we use the duration of the initial handshake.

  the options [maxIdleTimeMS] is not supported

  A number of new options were added when the CMAP compliant connection pool was introduced in 3.5.x. Unfortunately, these options were not documented properly. Now they are mentioned in the MongoClient documentation, with a notice that they are only supported with the unified topology.

  TypeError: Reduce of empty array with no initial value

  A fix in 3.5.8 which ensured proper filtering of servers during server selection exposed an issue in max staleness calculations when the topology type is ReplicaSetNoPrimary and no servers are currently known. In order to estimate an upper bound of max staleness when there is no primary, the most stale known server is known to compare the others to - if there are no known servers, you can't reduce the array!

  Server monitoring is prevented under heavy request load

  In certain very high load fail-over scenarios the driver is unable to reschedule a monitoring check in order to update its view of the topology for retryability. This would result in a high number of failed operations, as they were unable to determine a new viable server.

  Documentation

  Reference: http://mongodb.github.io/node-mongodb-native/3.5/
  API: http://mongodb.github.io/node-mongodb-native/3.5/api/
  Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

  We invite you to try the driver immediately, and report any issues to the NODE project.

  Thanks very much to all the community members who contributed to this release!

  Release Notes

  Bug

  • [NODE-2637] - connection pool options support for MongoClient
  • [NODE-2641] - maxStalenessReducer fails on empty set of servers
  • [NODE-2643] - Server monitoring is prevented under heavy request load
  • [NODE-2652] - Use duration of initial handshake if no roundTripTime value exists for server

  Improvement

  • [NODE-2651] - Use consistent means of measuring time
• 3.5.8 - 2020-05-28
  

  The MongoDB Node.js team is pleased to announce version 3.5.8 of the driver

  Release Highlights

  Fixes for NEAREST latency window calculation

  @adityapatadia helped uncover an issue with our server selection logic which
  filtered out servers after evaluating whether they were in the latency window.
  This meant that non-viable servers were considered during the window calculation
  and would render certain viable servers unviable.

  BulkWriteError writeErrors property

  @vkarpov15 submitted a patch to always include writeErrors on a BulkWriteError.
  We have logic to set the message of BulkWriteError to the message of the first
  error encountered if there is only one error. Unfortunately, this logic removed
  the writeErrors field when doing that, so users could be faced with an error
  which conditionally changed shape.

  Memory leak in timed out wait queue members

  @dead-horse identified a memory leak in the new connection pool where wait queue
  members which timed out might be left in the queue indefinitely under sufficient
  load. The fix here was to ensure that all wait queue members are flushed during
  wait queue processing before evaluating whether there were available sockets to
  process new requests.

  Implicit sessions cleanup improvements

  Once @dead-horse was able to patch the connection pool memory leak, they also
  identified a edge case where implicit sessions could be leaked in a very specific
  error condition. The logic to release implicit sessions was simplified, preventing
  this from happening in the future

  Unordered bulk writes continue-on-error

  A bug introduced last summer prevented unordered bulk write operations from
  continuing after the first write error - one of the most important features of
  being an unordered operation. We now properly support this feature again.

  journal in connection string is ignored

  @nknighter filed a report that the journal option was ignored when provided
  via the connection string. The paramater j was supported both through the
  connection string and explicit added to MongoClient options, but the official
  documentation for connection strings support a journal option.

  Documentation

  Reference: http://mongodb.github.io/node-mongodb-native/3.5/
  API: http://mongodb.github.io/node-mongodb-native/3.5/api/
  Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

  We invite you to try the driver immediately, and report any issues to the NODE project.

  Thanks very much to all the community members who contributed to this release!

  Release Notes

  Bug

  • [NODE-2407] - UnifiedTopology + near read makes application crash with timeout error when one of replica server is down
  • [NODE-2413] - The node process enters an infinite loop at the pool and causes OOM
  • [NODE-2442] - journal=true is ignored in connection string
  • [NODE-2548] - Change streams do not resume from errors
  • [NODE-2565] - Change stream should not check for NonResumableChangeStreamError label
  • [NODE-2619] - Unordered bulk write aborts on first encountered error
  • [NODE-2625] - BulkWriteError should always have a writeErrors field

  Task

  • [NODE-2478] - Use white list for change stream resumability
  • [NODE-2598] - Change stream close refactor
  • [NODE-2605] - Refactor shared test helpers to improve usability

  Improvement

  • [NODE-2522] - Remove ElectionInProgress (216) from ResumableChangeStreamError
  • [NODE-2571] - Don't use admin database for FLE tests
  • [NODE-2630] - Simplify code path for ending implicit sessions in cursors

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 99681e1 chore(release): 3.5.9
• c743217 test: two uncaught change stream test methods which leak sessions
• ddfa41b fix: use duration of handshake if no previous roundTripTime exists
• 76249cb refactor: use common methods for duration calculations
• 6f3048c doc: document options supported by the new CMAP connection pool
• 1f855a4 fix: use async interruptable interval for server monitoring
• 9e12cd5 feat: introduce an interruptable async interval timer
• 7baa85e test: fix a number of our most notorious flakey tests
• 62d80e4 test: move wtfnode invocation to signal handlers on main test runner
• be51347 fix: don't try to calculate sMax if there are no viable servers

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[codecov]

Codecov Report

Merging #6775 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #6775      +/-   ##
==========================================
- Coverage   93.91%   93.90%   -0.02%     
==========================================
  Files         169      169              
  Lines       12048    12069      +21     
==========================================
+ Hits        11315    11333      +18     
- Misses        733      736       +3     

Impacted Files	Coverage Δ
src/Adapters/Storage/Mongo/MongoStorageAdapter.js	92.85% <0.00%> (-0.67%)	⬇️
src/RestWrite.js	93.84% <0.00%> (ø)
src/Options/Definitions.js	100.00% <0.00%> (ø)
src/middlewares.js	97.54% <0.00%> (+0.23%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f095dff...799d1cc. Read the comment docs.