[Snyk] Security upgrade mongodb from 4.14.0 to 4.17.0

[ksibisamir]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	496/1000 Why? Recently disclosed, Has a fix available, CVSS 4.2	Information Exposure SNYK-JS-MONGODB-5871303	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongodb

The new version differs by 35 commits.

• c83a801 chore(4.x): release 4.17.0 [skip-ci] (#3763)
• 1b59955 chore: update release automation scripts 4.x (#3824)
• 5244711 feat(NODE-5398): use mongodb-js/saslprep instead of saslprep (#3820)
• 2910dca fix(NODE-5536): remove credentials from ConnectionPoolCreatedEvent options (#3812)
• 0c1b654 chore(NODE-5400): add @ octokit/core as a devDep (#3750)
• 4adff37 chore(NODE-5382): backport release automation scripts (#3747)
• 2d028af fix(NODE-5356): prevent scram auth from throwing TypeError if saslprep is not a function (#3732)
• 0e1afc0 ci(Node 5335): clean up instance profile from instance after CI runs (#3719)
• 7f5b334 ci(NODE-5334): install npm to node_artifacts directory in CI (#3709)
• e13038d fix(NODE-5316): prevent parallel topology creation in MongoClient.connect (#3696)
• 261199f ci(NODE-5313): change windows hosts to vsCurrent (#3690)
• 8fb0611 test(NODE-5315): regenerate config.yml (#3689)
• 8a73735 test(NODE-5300): add 7.0 to CI (#3676)
• 98b7bdf fix(NODE-5311): construct error messages for AggregateErrors in Node16+ (#3683)
• c0c3d99 fix(NODE-5262): AWS Lambda metadata detection logic is too permissive (#3683)
• 1c36949 test(no-story): bump mongodb-client-encryption pinned commits to 2.8.0 release (#3683)
• 89a1066 ci(NODE-5270): add node20 (#3674)
• d26ad61 feat(NODE-5272): do not create or drop ecc collections (#3678)
• 536e6a1 chore(NODE-5247): update dependencies (#3657)
• bf92d10 test(NODE-5218): use primary preferred in socks test (#3654)
• 9bc0a43 test(NODE-5217): disable node 12 tasks on windows (#3653)
• 134d32f chore(release): 4.16.0
• fba16ad feat(NODE-5199): add alternative runtime detection to client metadata (#3647)
• e0b20f1 feat(NODE-5159): add FaaS env information to client metadata (#3639)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.