refactor: Upgrade mongodb from 5.9.0 to 6.4.0

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 5.9.0 to 6.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 37 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2024-02-29.

Release notes

Package name: mongodb

• 6.4.0 - 2024-02-29
  

  6.4.0 (2024-02-29)

  The MongoDB Node.js team is pleased to announce version 6.4.0 of the mongodb package!

  Release Notes

  Server selection will use a different Mongos on retry

  When retrying reads or writes on a sharded cluster, the driver will attempt to select a different mongos for the retry if multiple are present. This should heuristically avoid encountering the original error that caused the need to retry the operation.

  Caching AWS credentials provider per client

  Instead of creating a new AWS provider for each authentication, we cache the AWS credentials provider per client to prevent overwhelming the auth endpoint and ensure that cached credentials are not shared with other clients.

  BSON upgraded to ^6.4.0

  BSON has had a number of performance increases in the last two releases (6.3.0 and 6.4.0). Small basic latin (ASCII) only strings, small memory allocations (ObjectId and Decimal128) and numeric parsing operations (int32, doubles, and longs) have all had optimizations applied to them.

  For details check out the release notes here: BSON 6.3.0 and BSON 6.4.0 🐎

  ExceededTimeLimit was made a retryable reads error

  Read operations will be retried after receiving an error with the ExceededTimeLimit label.

  Fixed unresolved request issue in KMS requester

  Internal to the field-level encryption machinery is a helper that opens a TLS socket to the KMS provider endpoint and submits a KMS request. The code neglected to add a 'close' event listener to the socket, which had the potential to improperly leave the promise pending indefinitely if no error was encountered.

  The base64 padding is now preserved in the saslContinue command

  The authentication was rejected by the saslContinue command from mongosh due to missing "=" padding from the client. We fixed the way we parse payload to preserve trailing "="s.

  countDocuments now types the filter using the collection Schema

  Previously, countDocuments had a weakly typed Document type for the filter allowing any JS object as input. The filter is now typed as Filter<Schema> to enable autocompletion, and, hopefully, catch minor bugs.

  Thank you to @ pashok88895 for contributing to this improvement.

  The type error with $addToSet in bulkWrite was fixed

  Previously the following code sample would show a type error:

  interface IndexSingatureTestDocument extends Document {
      readonly myId: number;
      readonly mySet: number[];
    }
  const indexSingatureCollection = undefined as unknown as Collection<IndexSingatureTestDocument>;
  indexSingatureCollection.bulkWrite([
    {
      updateOne: {
        filter: { myId: 0 },
        update: {
          $addToSet: { mySet: 0 } // The type error! Type 'number' is not assignable to type 'never'.
        }
      }
    }
  ]);

  It happened because the driver's Document type falls back to any, and internally we could not distinguish whether or not this assignment was intentional and should be allowed.

  After this change, users can extend their types from Document/any, or use properties of any type and we skip the $addToSet validation in those cases.

  Fixed heartbeat duration including socket creation

  The ServerHeartbeatSucceeded and ServerHeartbeatFailed event have a duration property that represents the time it took to perform the hello handshake with MongoDB. The Monitor responsible for issuing heartbeats mistakenly included the time it took to create the socket in this field, which inflates the value with the time it takes to perform a DNS lookup, TCP, and TLS handshakes.

  Errors on cursor transform streams are now properly propagated.

  These were previously swallowed and now will be emitted on the error event:

  const transform = new Transform({
    transform(data, encoding, callback) {
      callback(null, data);
    },
  });
  const stream = db.collection('tests').find().sort({ studentId: -1 }).stream({ transform });
  stream.on('error', err => {
    // The error will properly be emitted here.
  });

  The AWS token is now optional

  Users may provide an AWS_SESSION_TOKEN as a client option or AWS configuration in addition to a username and password. But if the token is not provided, the driver won't throw an exception and let AWS SDK handle the request.

  Features

  • NODE-3449: Add serverConnectionId to Command Monitoring Spec (735f7aa)
  • NODE-3470: retry selects another mongos (#3963) (84959ee)
  • NODE-3689: require hello command for connection handshake to use OP_MSG disallowing OP_QUERY (#3938) (ce7df0f)
  • NODE-5717: make ExceededTimeLimit retryable reads error (#3947) (106ab09)
  • NODE-5939: Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic (#3991) (e0a37e5)
  • NODE-5978: upgrade BSON to ^6.4.0 (#4007) (90f2f70)
    • NODE-5885: upgrade BSON to ^6.3.0 (#3983) (9401d09)

  Bug Fixes

  • NODE-5127: implement reject kmsRequest on server close (#3964) (568e05f)
  • NODE-5609: node driver omits base64 padding in sasl-continue command (#3975) (b7d28d3)
  • NODE-5765: change type for countDocuments (#3932) (22cae0f)
  • NODE-5791: type error with $addToSet in bulkWrite (#3953) (b93d405)
  • NODE-5840: heartbeat duration includes socket creation (#3973) (a42039b)
  • NODE-5901: propagate errors to transformed stream in cursor (#3985) (ecfc615)
  • NODE-5944: make AWS session token optional (#4002) (f26de76)

  Performance Improvements

  • NODE-5771: improve new connection (#3948) (a4776cf)
  • NODE-5928: consolidate signal use and abort promise wrap (#3992) (38742c2)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 6.4.0-dev.20240307.sha.28b7040 - 2024-03-07
• 6.4.0-dev.20240306.sha.057c223 - 2024-03-06
• 6.4.0-dev.20240305.sha.eab8f23 - 2024-03-05
• 6.4.0-dev.20240301.sha.f2b3484 - 2024-03-01
• 6.3.0 - 2023-11-16
  Read more
• 6.3.0-dev.20240229.sha.99a0059 - 2024-02-29
• 6.3.0-dev.20240228.sha.f26de76 - 2024-02-28
• 6.3.0-dev.20240227.sha.09c9b0b - 2024-02-27
• 6.3.0-dev.20240224.sha.233a2e0 - 2024-02-24
• 6.3.0-dev.20240223.sha.17952d2 - 2024-02-23
• 6.3.0-dev.20240222.sha.46b7bbb - 2024-02-22
• 6.3.0-dev.20240221.sha.38742c2 - 2024-02-21
• 6.3.0-dev.20240220.sha.90cb6fa - 2024-02-20
• 6.3.0-dev.20240216.sha.10a5c5a - 2024-02-16
• 6.3.0-dev.20240214.sha.ecfc615 - 2024-02-14
• 6.3.0-dev.20240210.sha.a63fbc2 - 2024-02-10
• 6.3.0-dev.20240209.sha.ca3780a - 2024-02-09
• 6.3.0-dev.20240202.sha.9401d09 - 2024-02-02
• 6.3.0-dev.20240131.sha.a42039b - 2024-01-31
• 6.3.0-dev.20240127.sha.b7d28d3 - 2024-01-27
• 6.3.0-dev.20240126.sha.8f7bb59 - 2024-01-26
• 6.3.0-dev.20240125.sha.38fb2e4 - 2024-01-25
• 6.3.0-dev.20240123.sha.7f97c2a - 2024-01-23
• 6.3.0-dev.20240120.sha.f506b6a - 2024-01-20
• 6.3.0-dev.20240119.sha.9b76a43 - 2024-01-19
• 6.3.0-dev.20240113.sha.86e2659 - 2024-01-13
• 6.3.0-dev.20240110.sha.8504d91 - 2024-01-10
• 6.3.0-dev.20240108.sha.7f3ce0b - 2024-01-08
• 6.2.0 - 2023-10-20
  Read more
• 6.1.0 - 2023-09-14
  

  6.1.0 (2023-09-14)

  The MongoDB Node.js team is pleased to announce version 6.1.0 of the mongodb package!

  Release Notes

  Bump bson version to expose new Decimal128.fromStringWithRounding() method

  In this release, we have adopted the changes made to Decimal128 in bson version 6.1.0. We have added a new fromStringWithRounding() method which exposes the previously available inexact rounding behaviour.

  See the bson v6.1.0 release notes for more information.

  Use region settings for STS AWS credentials request

  When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @ aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

  The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

  Important

  The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

  Fix memory leak with ChangeStreams

  In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

  The function is now implemented as a loop, memory leak be gone!

  Features

  • NODE-5634: bump bson version to ^6.1.0 (#3866) (c6edabb)

  Bug Fixes

  • NODE-5551: set AWS region from environment variable for STSClient (#3831) (e9a5079)
  • NODE-5588: recursive calls to next cause memory leak (#3841) (9a8fdb2)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 6.0.0 - 2023-08-28
  Read more
• 6.0.0-alpha.2 - 2023-08-24
• 6.0.0-alpha.1 - 2023-08-24
• 6.0.0-alpha.0 - 2023-08-08
• 5.9.2 - 2023-12-05
  Read more
• 5.9.1 - 2023-10-20
  Read more
• 5.9.0 - 2023-09-14
  Read more

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• 9ac2e38 chore(main): release 6.4.0 [skip-ci] (Parse.FacebookUtils.unlink timeout #3935)
• 5f62f56 docs: generate docs from latest main [skip-ci] (ParseServer memory increases with multiple cascaded queries #3977)
• 90f2f70 feat(NODE-5978): upgrade BSON to ^6.4.0 (Cloud Code check for "admin rights" #4007)
• 99a0059 test(NODE-5731): add serverless proxy testing (Update mongodb to the latest version 🚀 #4003)
• 1ca6269 test(NODE-5929): convert txn legacy spec tests (APNS bundleId is deprecated #3987)
• f26de76 fix(NODE-5944): make AWS session token optional (Fix broken resend email validation link #4002)
• 09c9b0b chore(NODE-5972): specify TS 5.0 in package.json and package-lock (Adds test for #3999 #4004)
• eb5e2ab chore(NODE-5829): update driver dependencies (Add password confirmation to choose_password #3994)
• 233a2e0 refactor(NODE-5964): clean up prepareHandshakeDocument (Should Cloud Code parameter be undefined if passed without value? #4001)
• ff8b5f5 refactor(NODE-5912): make server.command an async function (Smaller build matrix #3986)
• 17952d2 refactor(NODE-5953): move promisifying of randomBytes to utils (Using Query.select() will break ParseObject.has() on undefined field from 2.5.1 #3999)
• 46b7bbb test(NODE-5807): sync cmap format spec tests (unauthorized error in request_password_reset link! #3998)
• b6de209 test(NODE-5643): sync connection string spec tests (Login successfully but once the user closes the app and open it again the ParseUser.getCurrentUser() is null #3997)
• e0a37e5 feat(NODE-5939): Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic (Push Notification not received when post from Postman #3991)
• 38742c2 perf(NODE-5928): consolidate signal use and abort promise wrap (Update pg-promise to the latest version 🚀 #3992)
• 90cb6fa docs(NODE-5933): remove find-and-modify warning about defaults (Exception in afterSave reports the error to user #3995)
• 10a5c5a test(NODE-5938): sync retryable writes spec tests (signUp via Parse.Cloud can't bypass correct installationId to _Session #3996)
• 55203ef fix(NODE-5818): Add feature flagging to server selection logging (Role cache #3974)
• ecfc615 fix(NODE-5901): propagate errors to transformed stream in cursor (⚡ Release 2.5.2 #3985)
• a63fbc2 perf(NODE-5854): Conditional logger instantiation and precompute willLog perf fix (⚡ Release 2.5.1 #3984)
• ca3780a chore: update recommended editor extensions (Update commander to the latest version 🚀 #3988)
• 9401d09 feat(NODE-5885): upgrade BSON to `^6.3.0` (Update parse-server-push-adapter to the latest version 🚀 #3983)
• c6ac32c test(NODE-5852): skip transaction unpin spec tests on latest ([PROPOSAL] Get calculated distance when making GeoSpatial queries #3980)
• a42039b fix(NODE-5840): heartbeat duration includes socket creation (Case Insensitive Query #3973)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.60%. Comparing base (c277739) to head (ec1b779).
Report is 1 commits behind head on alpha.

Additional details and impacted files

@@            Coverage Diff             @@
##            alpha    #9047      +/-   ##
==========================================
- Coverage   94.14%   87.60%   -6.54%     
==========================================
  Files         186      186              
  Lines       14687    14687              
==========================================
- Hits        13827    12867     -960     
- Misses        860     1820     +960     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.