Skip to content

[Snyk] Upgrade mongodb from 3.6.1 to 3.6.2 #6925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2020
Merged

[Snyk] Upgrade mongodb from 3.6.1 to 3.6.2 #6925

merged 1 commit into from
Oct 2, 2020

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Oct 2, 2020

Snyk has created this PR to upgrade mongodb from 3.6.1 to 3.6.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2020-09-10.
Release notes
Package name: mongodb
  • 3.6.2 - 2020-09-10

    The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver

    Release Highlights

    Updated bl dependency due to CVE-2020-8244

    See this link for more details: https://github.com/advisories/GHSA-pp7h-53gx-mx7r

    Connection pool wait queue processing is too greedy

    The logic for processing the wait queue in our connection pool ran the risk of
    starving the event loop. Calls to process the wait queue are now wrapped in a
    setImmediate to prevent starvation

    Documentation

    Reference: http://mongodb.github.io/node-mongodb-native/3.6/
    API: http://mongodb.github.io/node-mongodb-native/3.6/api/
    Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2798] - Update version of dependency "bl" due to vulnerability
    • [NODE-2803] - Connection pool wait queue processing is too greedy
  • 3.6.1 - 2020-09-02

    The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver

    Release Highlights

    Kerberos

    A bug in introducing the new CMAP Connection prevented some users from properly authenticating with the kerberos module.

    Index options are not respected with createIndex

    The logic for building the createIndex command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist.

    Remove strict mode for createCollection

    Since v3.6.0 createCollection will no longer returned a cached Collection instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the strict option for createCollection, so that option has been removed from documentation.

    Documentation

    Reference: http://mongodb.github.io/node-mongodb-native/3.6/
    API: http://mongodb.github.io/node-mongodb-native/3.6/api/
    Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2731] - CMAP Connection type does not provide host/port properties
    • [NODE-2755] - "language_override" option support for text index is broken

    Improvement

    • [NODE-2730] - Move MongoAuthProcess into the driver source tree
    • [NODE-2746] - Strict mode for `createCollection` should be removed
from mongodb GitHub release notes
Commit messages
Package name: mongodb

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@codecov
Copy link

codecov bot commented Oct 2, 2020
edited
Loading

Codecov Report

Merging #6925 into master will increase coverage by 0.00%.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #6925   +/-   ##
=======================================
  Coverage   93.77%   93.78%           
=======================================
  Files         169      169           
  Lines       12216    12216           
=======================================
+ Hits        11456    11457    +1     
+ Misses        760      759    -1
Impacted Files Coverage Δ
src/RestWrite.js 93.98% <0.00%> (+0.16%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6204826...70f5c47. Read the comment docs.

@davimacedo davimacedo merged commit 6b2ca69 into master Oct 2, 2020
@TomWFox TomWFox deleted the snyk-upgrade-b3b7d0e98457286846546e12090a1cfe branch October 31, 2020 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davimacedo davimacedo davimacedo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @davimacedo