refactor: Upgrade mongodb from 4.10.0 to 5.4.0

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongodb from 4.10.0 to 5.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2023-05-04.

Release notes

Package name: mongodb

• 5.4.0 - 2023-05-04
  

  The MongoDB Node.js team is pleased to announce version 5.4.0 of the mongodb package!

  Release Highlights

  ChangeStream.tryNext Typescript fix

  We have corrected the tryNext method on ChangeStream to use the TChange schema generic instead of the untyped Document interface. This may increase strictness for existing usages but aligns with the rest of the methods on the change stream class to accurately reflect the type returned from the driver.

  Deprecations

  The db.command() API has a number of options deprecated that were incorrectly included in the typescript interface the method reportedly accepts. A majority of the options relate to fields that must be attached to the command directly: readConcern, writeConcern, and comment.

  Additionally, the collStats helper has been deprecated in favor of using database aggregations to get the same result: https://www.mongodb.com/docs/manual/reference/operator/aggregation/collStats/

  ​​NOTE: This release includes some experimental features that are not yet ready for production use. As a reminder, anything marked experimental is not a part of the stable driver API and is subject to change without notice.

  Features and Deprecations

  • NODE-5166: bump max wire version for 7.0 (#3659) (561229b)
  • NODE-4970: deprecate collStats collection helper (#3638) (325c4bc)
  • NODE-5207: deprecate unsupported runCommand options and add spec tests (#3643) (d6d76b4)

  Bug Fixes

  • NODE-5213: ChangeStream.tryNext() should return TChange type (#3649) (3b58ca1)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.3.0 - 2023-04-18
  

  The MongoDB Node.js team is pleased to announce version 5.3.0 of the mongodb package!

  Features

  • NODE-4696: add FaaS env information to client metadata (#3626) (0424080)
  • NODE-4774: deprecate cursor forEach (#3622) (8d76a71)
  • NODE-4791: deprecate duplicate bulk methods (#3623) (2839e95)
  • NODE-4795: deprecate addUser helper (#3624) (53a0aae)
  • NODE-5188: add alternative runtime detection to client metadata (#3636) (2a26de3)
  • NODE-5189: deprecate tcp keepalive options (#3621) (cc7c75a)

  Bug Fixes

  • NODE-5042: relax SRV record validation to account for a dot suffix (#3633) (ad15881)
  • NODE-5171: allow upsertedId to be null in UpdateResult (#3631) (4b5be21)
  • NODE-5201: prevent warning when default value for deprecation option is used (#3646) (e7f6e4e)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.2.0 - 2023-04-04
  

  The MongoDB Node.js team is pleased to announce version 5.2.0 of the mongodb package!

  Release Highlights

  This release includes driver support for automatically obtaining Azure credentials when using automatic client side encryption. You can find a tutorial for using Azure and automatic encryption here: Use Automatic Queryable Encryption with Azure

  Additionally, we have a number of minor bug fixes listed below.

  NOTE: This release includes some experimental features that are not yet ready for use. As a reminder, anything marked experimental is not a part of the stable driver API and is subject to change without notice.

  Features

  • NODE-5077: automatic Azure kms credential refresh (#3599) (8e87e5c)

  Bug Fixes

  • NODE-3998: metadata duplication in handshake (#3615) (6d894d6)
  • NODE-4518: error message with invalid authMechanism is provided (#3597) (1a16b7e)
  • NODE-4854: set timeout on write and reset on message (#3582) (4a7b5ec)
  • NODE-5106: prevent multiple mongo client connect()s from leaking topology (#3596) (eb836bb)
  • NODE-5126: find operations fail when passed an ObjectId as filter (#3604) (2647b61)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/5.2/
  • Changelog: HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.1.0 - 2023-02-23
  

  The MongoDB Node.js team is pleased to announce version 5.1.0 of the mongodb package!

  Release Highlights

  Support for JavaScript bigints in the driver

  The driver now supports automatic serialization of JavaScript bigints to BSON.Longs. It also supports deserializing of BSON.Long values returned from the server to bigint values when the useBigInt64 flag is passed as true.

  import { MongoClient } from 'mongodb';

  (async () => {
  const client = new MongoClient('<YOUR CONNECTION STRING>');
  const db = client.db('test');
  const coll = db.collection('bigints');

  await coll.insertOne({ a: 10n }); // The driver automatically serializes bigints to BSON.Long before being sent to the server

  const docBigInt = await coll.findOne({ a: 10n }, { useBigInt64: true }); // Must provide the useBigInt64 flag to specify that bigints get returned
  console.log(docBigInt);
  // { _id: ObjectId(...), a: 10n }
  const doc = await coll.findOne({ a: 10n }); // Must provide the useBigInt64 flag to specify that bigints get returned
  console.log(doc);
  // { _id: ObjectId(...), a: 10 }
  await client.close();
  })()

  Features

  • NODE-3445: add support for AssumeRoleWithWebIdentity in aws authentication (#3556) (e8a30b1)
  • NODE-4877: Add support for useBigInt64 (#3519) (917668c)
  • NODE-5050: support GCP automatic credential fetch for CSFLE (#3574) (722a4a6)

  Bug Fixes

  • NODE-5044: Write Concern 0 Must Not Affect Read Operations (#3541) (#3575) (10146a4)
  • NODE-5052: prevent cursor and changestream close logic from running more than once (#3562) (71d0d79)
  • NODE-5064: consolidate connection cleanup logic and ensure socket is always closed (#3572) (e544d88)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/5.1/
  • Changelog: HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.0.1 - 2023-02-07
  

  The MongoDB Node.js team is pleased to announce version 5.0.1 of the mongodb package!

  This release reverts a fix that unintentionally caused a leak of internal driver resources.

  Bug Fixes

  • NODE-5027: revert "ensure that MessageStream is destroyed when connections are destroyed" (#3552) (2d178d0)

  Documentation

  • Reference: https://docs.mongodb.com/drivers/node/current/
  • API: https://mongodb.github.io/node-mongodb-native/5.0/
  • Changelog: HISTORY.md

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 5.0.0 - 2023-01-31
  Read more
• 5.0.0-alpha.0 - 2023-01-24
  Read more
• 4.16.0 - 2023-04-18
  Read more
• 4.15.0 - 2023-04-04
  Read more
• 4.14.0 - 2023-02-07
  Read more
• 4.13.0 - 2022-12-19
• 4.12.1 - 2022-11-23
• 4.12.0 - 2022-11-16
• 4.11.0 - 2022-10-19
• 4.10.0 - 2022-09-19

from mongodb GitHub release notes

Commit messages

Package name: mongodb

• c69b0b1 chore(release): 5.4.0
• 561229b feat(NODE-5166): bump max wire version for 7.0 (Another GeoPoint issue on PostgreSQL #3659)
• c52a4ed feat(NODE-5191): OIDC Auth Updates (Parse-Server Crash on APNs Timeout #3637)
• ce8e69b test(NODE-4693): test lambda function (Object with attribute named "url" is not save if the value has not a string #3569)
• d6d76b4 feat(NODE-5207): deprecate unsupported runCommand options and add spec tests ('Settings' on dashboard not showing #3643)
• a16bdfa chore: use correct mongosh syntax in test setup readme (Update ws to version 2.2.2 🚀 #3656)
• 325c4bc feat(NODE-4970): deprecate collStats collection helper (Update parse-server-push-adapter to version 1.3.0 🚀 #3638)
• fcff6fe test(NODE-3733): sync remaining unified tests (Mailgun send multiple emails instead of 1 #3651)
• d7a8079 feat(NODE-4814): implement remaining severity logging methods (Update babel-register to version 6.24.0 🚀 #3629)
• 3b58ca1 fix(NODE-5213): `ChangeStream.tryNext()` should return TChange type (Update mongodb to version 2.2.25 🚀 #3649)
• b12922a refactor(NODE-5170): update UnifiedMongoClient to make use of MongoDBLogWritable interface (Do not exit(0) so each module can close its connections #3634)
• d6bd1d1 feat(NODE-4815): stringify and truncate BSON documents in log messages (Parse Server livequery on AWS (Websocket error 403) #3635)
• 9e02c42 docs: 4.16 API (Update request-promise to version 4.2.0 🚀 #3648)
• 6506aed chore(release): 5.3.0
• e7f6e4e fix(NODE-5201): prevent warning when default value for deprecation option is used (Multiple cloud functions in main.js #3646)
• aa4f5c0 chore(NODE-5133): remove broken filter as binary from find operation (Update push adapter to 1.3.0 #3641)
• d502eb0 feat(NODE-5169): Implement emergency logger (Provide a reverse proxy with Apache to parse-server, to serve the Parse API securely over TLS/SSL #3610)
• 2a26de3 feat(NODE-5188): add alternative runtime detection to client metadata (Security issue - Public URL contains server url and app id. HTTP request payload contains app id #3636)
• cc7c75a feat(NODE-5189): deprecate tcp keepalive options (Cloud code 141 unauthorized even after setting useMasterKey:true #3621)
• 4b5be21 fix(NODE-5171): allow `upsertedId` to be null in `UpdateResult` (Update ws to version 2.2.1 🚀 #3631)
• b439893 test(NODE-5183): Clean up Azure resources on task failure (let user custom their session expire time #3632)
• 0424080 feat(NODE-4696): add FaaS env information to client metadata (Can not start live query server from cli #3626)
• ad15881 fix(NODE-5042): relax SRV record validation to account for a dot suffix (user cant custom their session expire time #3633)
• 8a7ce1f test(NODE-5074): update fle2 v2 spec tests (Update babel-cli to version 6.24.0 🚀 #3627)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -6.93 ⚠️

Comparison is base (505dd6b) 94.33% compared to head (990d61b) 87.41%.

❗ Current head 990d61b differs from pull request most recent head a0efd09. Consider uploading reports for the commit a0efd09 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##            alpha    #8590      +/-   ##
==========================================
- Coverage   94.33%   87.41%   -6.93%     
==========================================
  Files         183      183              
  Lines       14576    14576              
==========================================
- Hits        13750    12741    -1009     
- Misses        826     1835    +1009     

see 28 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.