[Snyk] Upgrade mongodb from 4.3.1 to 4.4.0

[snyk-bot]

Snyk has created this PR to upgrade mongodb from 4.3.1 to 4.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 21 days ago, on 2022-02-17.

Release notes

Package name: mongodb

• 4.4.0 - 2022-02-17
  

  The MongoDB Node.js team is pleased to announce version 4.4.0 of the mongodb package!

  Release Highlights

  This release includes a few new features described below.

  KMIP

  KMIP can now be configured as a KMS provider for CSFLE by providing the KMIP endpoint in the kmsProviders option.

  Example:

  new MongoClient(uri, { autoEncryption: { kmsProviders: { kmip: { endpoint: 'host:port' }}}})

  CSFLE TLS

  Custom TLS options can now be provided for connection to the KMS servers on a per KMS provider basis.

  Example:

  new MongoClient(uri, { autoEncryption: { tlsOptions: { aws: { tlsCAFile: 'path/to/file' }}}})

  Valid options are tlsCAFile, tlsCertificateKeyFile, tlsCertificateKeyFilePassword and all accept strings as values: a string path to a certificate location on the file system or a string password.

  Kerberos

  Hostname canonicalization when using GSSAPI authentication now accepts 'none', 'forward', and 'forwardAndReverse' as auth mechanism properties. 'none' will perform no canonicalization (default), 'forward' will perform a forward cname lookup, and 'forwardAndReverse' will perform a forward lookup followed by a reverse PTR lookup on the IP address. Previous boolean values are still accepted and map to false -> 'none' and true -> 'forwardAndReverse'.

  Example:

  new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME=forward');

  For cases when the service host name differs from the connection’s host name (most likely when creating new users on localhost), a SERVICE_HOST auth mechanism property may now be provided.

  Example:

  new MongoClient('mongodb://user:pass@host:port/db?authMechanism=GSSAPI&authMechanismProperties=SERVICE_HOST:example.com')

  ⚠️ collection.count() and cursor.count()

  In the 4.0.0 release of the driver, the deprecated collection.count() method was inadvertently changed to behave like collection.countDocuments(). In this release, we have updated the collection.count() behavior to match the legacy behavior:

  • If a query is passed in, collection.count will behave the same as collection.countDocuments and perform a collection scan.
  • If no query is passed in, collection.count will behave the same as collection.estimatedDocumentCount and rely on collection metadata.

  We also deprecated the cursor.count() method and will remove it in the next major version along with collection.count(); please use collection.estimatedDocumentCount() or collection.countDocuments() instead.

  Features

  • NODE-2938: add service host mechanism property (#3130) (46d5821)
  • NODE-2939: add new hostname canonicalization opts (#3131) (d0390d0)
  • NODE-3351: use hostname canonicalization (#3122) (f5c76f3)
  • NODE-3777: add csfle kmip support (#3070) (44bbd6e)
  • NODE-3867: deprecate cursor count and update v4 docs (#3127) (a48d7e2)

  Bug Fixes

  • NODE-3621: fixed type of documentKey property on ChangeStreamDocument (#3118) (c63a21b)
  • NODE-3795: unexpected No auth provider for DEFAULT defined error (#3092) (fb38a56)
  • NODE-3813: unexpected type conversion of read preference tags (#3138) (3e7b894)
  • NODE-3878: use legacy count operation on collection.count (#3126) (12c6835)
  • NODE-3917: Throw an error when directConnection is set with multiple hosts (#3143) (b192493)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node
  • API: https://mongodb.github.io/node-mongodb-native/4.4
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 4.3.1 - 2022-01-18
  

  The MongoDB Node.js team is pleased to announce version 4.3.1 of the mongodb package!

  Release Highlights

  In this patch release, we address the limitation introduced in 4.3.0 with the dot notation Typescript improvements and recursive types.
  Namely, this fix removes compilation errors for self-referential types.

  Note that this fix still has the following limitations:

  • type checking defaults to any after the first level of recursion for self-referential types
  interface Node {
  next: Node | null;
  }

  declare const collection: Collection<Node>;

  // no error here even though next is of type Node | null
  collection.find({
  next: {
  next: 'asdf'
  }
  });

  • indirectly self-referential types are still not supported
  interface A {
  b: B;
  }

  interface B {
  a: A;
  }

  declare const mutuallyRecursive: Collection<A>;

  // this will throw an error because there is indirect recursion
  // between types (A depends on B which depends on A and so on)
  mutuallyRecursive.find({});

  Bug Fixes

  • NODE-3792: remove offensive language throughout the codebase (#3091) (8e2b0cc)
  • NODE-3852,NODE-3854,NODE-3856: Misc typescript fixes for 4.3.1 (#3102) (dd5195a)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node
  • API: https://mongodb.github.io/node-mongodb-native/4.3
  • Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• b578d89 chore(release): 4.4.0
• d0390d0 feat(NODE-2939): add new hostname canonicalization opts (#3131)
• aa069f1 chore(NODE-3719): spec compliance review wrap up (#3145)
• b192493 fix(NODE-3917): Throw an error when directConnection is set with multiple hosts (#3143)
• 3e7b894 fix(NODE-3813): unexpected type conversion of read preference tags (#3138)
• 9242de5 test(NODE-3860): improve skipReason reporting for disabled 'auth' tests (#3137)
• 46d5821 feat(NODE-2938): add service host mechanism property (#3130)
• 541e939 fix: fix csfle imports (#3142)
• 489e05b test(NODE-3733): Make retryable write test error labels behave consistently with server (#3140)
• 3807d01 test(NODE-3885): update spec tests to remove legacy language (#3139)
• 44bbd6e feat(NODE-3777): add csfle kmip support (#3070)
• f5c76f3 feat(NODE-3351): use hostname canonicalization (#3122)
• a7a3b99 ci(NODE-3860): Enable auth on in CI (#3121)
• 6218443 test(NODE-3879): legacy count in retryable reads (#3135)
• 12c6835 fix(NODE-3878): use legacy count operation on collection.count (#3126)
• e41f5bb test(NODE-3719,NODE-3543): fix unified runner to not pass uri opts in object and unskip lb tests (#3133)
• c289eef test(NODE-3797): Ensure RSGhost servers are not selectable (#3132)
• 640ef59 test(NODE-3719): spec review cleanup (#3124)
• a48d7e2 feat(NODE-3867): deprecate cursor count and update v4 docs (#3127)
• 323bb8d test(NODE-3817): refactor RunOn filter in legacy spec runner to use mocha hooks (#3119)
• 6970871 refactor(NODE-3845): update load balancer config (#3089)
• c63a21b fix(NODE-3621): fixed type of documentKey property on ChangeStreamDocument (#3118)
• deb8544 chore(NODE-3715): add code coverage generation to Evergreen tasks (#3107)
• 383bf6b chore: update dependencies (#3120)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs