Update dependency mongodb to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
mongodb	3.5.11 -> 5.9.2

---

Release Notes

mongodb/node-mongodb-native (mongodb)

v5.9.2

Compare Source

The MongoDB Node.js team is pleased to announce version 5.9.2 of the mongodb package!

Release Notes

Fix connection leak when serverApi is enabled

When enabling serverApi the driver's RTT mesurment logic (used to determine the closest node) still sent the legacy hello command "isMaster" causing the server to return an error. Unfortunately, the error handling logic did not correctly destroy the socket which would cause a leak.

Both sending the correct hello command and the error handling connection clean up logic are fixed in this change.

Bug Fixes

• NODE-5750: RTTPinger always sends legacy hello (#​3922) (8e56872)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.9.1

Compare Source

The MongoDB Node.js team is pleased to announce version 5.9.1 of the mongodb package!

Release Notes

insertedIds in bulk write now contain only successful insertions

Prior to this fix, the bulk write error's result.insertedIds property contained the _id of each attempted insert in a bulk operation.

Now, when a bulkwrite() or an insertMany() operation rejects one or more inserts, throwing an error, the error's result.insertedIds property will only contain the _id fields of successfully inserted documents.

Fixed edge case leak in findOne()

When running a findOne against a time series collection, the driver left the implicit session for the cursor un-ended due to the way the server returns the resulting cursor information. Now the cursor will always be cleaned up regardless of the outcome of the find operation.

Bug Fixes

• NODE-5627: BulkWriteResult.insertedIds includes ids that were not inserted (#​3870) (d766ae2)
• NODE-5691: make findOne() close implicit session to avoid memory leak (#​3889) (0d6c9cd)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.9.0

Compare Source

The MongoDB Node.js team is pleased to announce version 5.9.0 of the mongodb package!

Release Notes

Bumped bson version to make use of new Decimal128 behaviour

In this release, we have adopted the changes made to Decimal128 in bson version 5.5. The Decimal128 constructor and fromString() methods now throw when detecting a loss of precision (more than 34 significant digits). We also expose a new fromStringWithRounding() method which restores the previous rounding behaviour.

See the bson v5.5.0 release notes for more information.

Use region settings for STS AWS credentials request

When using IAM AssumeRoleWithWebIdentity AWS authentication the driver uses the @​aws-sdk/credential-providers package to contact the Security Token Service API for temporary credentials. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build-in redundancy, and increase session token validity. Unfortunately, environment variables AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION do not directly control the region the SDK's STS client contacts for credentials.

The driver now has added support for detecting these variables and setting the appropriate options when calling the SDK's API: fromNodeProviderChain().

[!IMPORTANT]
The driver will only set region options if BOTH environment variables are present. AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', and AWS_REGION must be set.

Fix memory leak with ChangeStreams

In a previous release, 5.7.0, we refactored cursor internals from callbacks to async/await. In particular, the next function that powers cursors was written with callbacks and would recursively call itself depending on the cursor type. For ChangeStreams, this function would call itself if there were no new changes to return to the user. After converting that code to async/await each recursive call created a new promise that saved the current async context. This would slowly build up memory usage if no new changes came in to unwind the recursive calls.

The function is now implemented as a loop, memory leak be gone!

Features

• NODE-5564: bump bson version to ^5.5.0 (#​3865) (dc110e0)

Bug Fixes

• NODE-5550: set AWS region from environment variable for STSClient (#​3851) (2fab06b)
• NODE-5587: recursive calls to next cause memory leak (#​3842) (f60f1b5)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.8.1

Compare Source

The MongoDB Node.js team is pleased to announce version 5.8.1 of the mongodb package!

Release Notes

Import of saslprep updated to correct library.

Fixes the import of saslprep to be the correct @mongodb-js/saslprep library.

Bug Fixes

• NODE-5572: fix saslprep import (#​3837) (250dc21)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.8.0

Compare Source

The MongoDB Node.js team is pleased to announce version 5.8.0 of the mongodb package!

Release Notes

The AutoEncrypter interface has been deprecated

The AutoEncrypter interface was used internally but accidentally made public in the 4.x version of the driver. It is now deprecated and will be made internal in the next major release.

Kerberos support for 1.x and 2.x

Moves the kerberos dependency back to ^1.0.0 || ^2.0.0 to indicate support for both 1.x and 2.x. Support for 1.x is removed in 6.0.

Fixed accidental deprecation warning

Because of internal options handling, a deprecation was emitted for tlsCertificateFile when using tlsCertificateKeyFile. That has been corrected.

Remove credential availability on ConnectionPoolCreatedEvent

In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.

Features

• NODE-5399: use mongodb-js/saslprep instead of saslprep (#​3818) (c0d3927)
• NODE-5429: deprecate the AutoEncrypter interface (#​3764) (9bb0d95)
• NODE-5465,NODE-5538: lower @aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#​3821) (39ff81d)

Bug Fixes

• NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#​3803) (c3b35b3)
• NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#​3810) (e81d4a2)
• NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#​3813) (4cf1e96)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v5.7.0

Compare Source

Features

• NODE-4929: Add OIDC Azure workflow (#​3670) (b3482f3)
• NODE-5008: add zstd and kerberos to peer deps (#​3691) (9561f32)
• NODE-5241: add option to return modified document (#​3710) (d9c2600)
• NODE-5243: add change stream split event (#​3745) (1c84f82)
• NODE-5274: deprecate write concern options (#​3752) (1f880ea)
• NODE-5287: deprecate ssl options (#​3743) (f9b5677)
• NODE-5319: mark search index api public (#​3741) (c015e54)
• NODE-5407: update bson to 5.4.0 (#​3754) (6a574cf)

Bug Fixes

• NODE-4977: load snappy lazily (#​3726) (865e658)
• NODE-5102: listDatabases nameOnly setting is sent as NaN (#​3742) (b97132e)
• NODE-5289: prevent scram auth from throwing TypeError if saslprep is not a function (#​3727) (e006347)
• NODE-5374: do not apply cursor transform in Cursor.hasNext (#​3746) (0668cd8)

v5.6.0

Compare Source

Features

• NODE-5019: add runCursorCommand API (#​3655) (4da926e)
• NODE-5071: support additional time series options (#​3667) (ccf555d)
• NODE-5314: add search index helpers (#​3672) (f647542)

Bug Fixes

• NODE-5249: remove strict flag from create collection options (#​3677) (be8faaf)
• NODE-5296: construct error messages for AggregateErrors in Node16+ (#​3682) (e03178e)

v5.5.0

Compare Source

Features

• NODE-4720: Add log messages to CMAP spec (#​3645) (b27f385)
• NODE-5004: dont create or drop ecc collections (#​3660) (2264fbb)

Bug Fixes

• NODE-5260: AWS Lambda metadata detection logic is too permissive (#​3663) (d74d3f9)

v5.4.0

Compare Source

Features

• NODE-4814: implement remaining severity logging methods (#​3629) (d7a8079)
• NODE-4815: stringify and truncate BSON documents in log messages (#​3635) (d6bd1d1)
• NODE-4970: deprecate collStats collection helper (#​3638) (325c4bc)
• NODE-5166: bump max wire version for 7.0 (#​3659) (561229b)
• NODE-5191: OIDC Auth Updates (#​3637) (c52a4ed)
• NODE-5207: deprecate unsupported runCommand options and add spec tests (#​3643) (d6d76b4)

Bug Fixes

• NODE-5213: ChangeStream.tryNext() should return TChange type (#​3649) (3b58ca1)

v5.3.0

Compare Source

Features

• NODE-4696: add FaaS env information to client metadata (#​3626) (0424080)
• NODE-4774: deprecate cursor forEach (#​3622) (8d76a71)
• NODE-4791: deprecate duplicate bulk methods (#​3623) (2839e95)
• NODE-4795: deprecate addUser helper (#​3624) (53a0aae)
• NODE-5169: Implement emergency logger (#​3610) (d502eb0)
• NODE-5188: add alternative runtime detection to client metadata (#​3636) (2a26de3)
• NODE-5189: deprecate tcp keepalive options (#​3621) (cc7c75a)

Bug Fixes

• NODE-5042: relax SRV record validation to account for a dot suffix (#​3633) (ad15881)
• NODE-5171: allow upsertedId to be null in UpdateResult (#​3631) (4b5be21)
• NODE-5201: prevent warning when default value for deprecation option is used (#​3646) (e7f6e4e)

v5.2.0

Compare Source

Features

• NODE-5035: enable OIDC authentication (#​3577) (35879f6)
• NODE-5036: reauthenticate OIDC and retry (#​3589) (a41846d)
• NODE-5077: automatic Azure kms credential refresh (#​3599) (8e87e5c)

Bug Fixes

• NODE-3998: metadata duplication in handshake (#​3615) (6d894d6)
• NODE-4518: error message with invalid authMechanism is provided (#undefined) (1a16b7e)
• NODE-4854: set timeout on write and reset on message (#​3582) (4a7b5ec)
• NODE-5106: prevent multiple mongo client connect()s from leaking topology (#​3596) (eb836bb)
• NODE-5126: find operations fail when passed an ObjectId as filter (#​3604) (2647b61)

v5.1.0

Compare Source

Features

• NODE-3445: add support for AssumeRoleWithWebIdentity in aws authentication (#​3556) (e8a30b1)
• NODE-4877: Add support for useBigInt64 (#​3519) (917668c)
• NODE-5034: support OIDC auth options (#​3557) (20a4fec)
• NODE-5050: support GCP automatic credential fetch for CSFLE (#​3574) (722a4a6)

Bug Fixes

• NODE-5044: Write Concern 0 Must Not Affect Read Operations (#​3541) (#​3575) (10146a4)
• NODE-5052: prevent cursor and changestream close logic from running more than once (#​3562) (71d0d79)
• NODE-5064: consolidate connection cleanup logic and ensure socket is always closed (#​3572) (e544d88)

5.0.1 (2023-02-07)

Bug Fixes

• NODE-5027: revert "ensure that MessageStream is destroyed when connections are destroyed" (#​3552) (2d178d0)

v5.0.1

Compare Source

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• NODE-5016: compile ts with target es2020 (#​3545)

Features

• NODE-5016: compile ts with target es2020 (#​3545) (def266a)

Bug Fixes

• NODE-4998: use ipv4 in socks5 tests for node 18 (#​3538) (425dbe0)

v4.17.2

Compare Source

The MongoDB Node.js team is pleased to announce version 4.17.2 of the mongodb package!

Release Notes

Fix connection leak when serverApi is enabled

When enabling serverApi the driver's RTT mesurment logic (used to determine the closest node) still sent the legacy hello command "isMaster" causing the server to return an error. Unfortunately, the error handling logic did not correctly destroy the socket which would cause a leak.

Both sending the correct hello command and the error handling connection clean up logic are fixed in this change.

Bug Fixes

• NODE-5751: RTTPinger always sends legacy hello (#​3923) (bc3d020)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.17.1

Compare Source

The MongoDB Node.js team is pleased to announce version 4.17.1 of the mongodb package!

Release Notes

Import of saslprep updated to correct library.

Fixes the import of saslprep to be the correct @mongodb-js/saslprep library.

Bug Fixes

• NODE-5573: fix saslprep import (#​3838) (ff6c293)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.17.0

Compare Source

The MongoDB Node.js team is pleased to announce version 4.17.0 of the mongodb package!

Release Notes

mongodb-js/saslprep is now installed by default

Until v6, the driver included the saslprep package as an optional dependency for SCRAM-SHA-256 authentication. saslprep breaks when bundled with webpack because it attempted to read a file relative to the package location and consequently the driver would throw errors when using SCRAM-SHA-256 if it were bundled.

The driver now depends on mongodb-js/saslprep, a fork of saslprep that can be bundled with webpack because it includes the necessary saslprep data in memory upon loading. This will be installed by default but will only be used if SCRAM-SHA-256 authentication is used.

Remove credential availability on ConnectionPoolCreatedEvent

In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.

Features

• NODE-5272: do not create or drop ecc collections (#​3678) (d26ad61)
• NODE-5398: use mongodb-js/saslprep instead of saslprep (#​3820) (5244711)

Bug Fixes

• NODE-5262: AWS Lambda metadata detection logic is too permissive (#​3683) (c0c3d99)
• NODE-5311: construct error messages for AggregateErrors in Node16+ (#​3683) (98b7bdf)
• NODE-5316: prevent parallel topology creation in MongoClient.connect (#​3696) (e13038d)
  • Thank you @​clemclx for contributing this fix! 🎉
• NODE-5356: prevent scram auth from throwing TypeError if saslprep is not a function (#​3732) (2d028af)
• NODE-5536: remove credentials from ConnectionPoolCreatedEvent options (#​3812) (2910dca)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.16.0

Compare Source

The MongoDB Node.js team is pleased to announce version 4.16.0 of the mongodb package!

Features

• NODE-5159: add FaaS env information to client metadata (#​3639) (e0b20f1)
• NODE-5199: add alternative runtime detection to client metadata (#​3647) (fba16ad)

Bug Fixes

• NODE-5161: metadata duplication in handshake (#​3628) (b790142)
• NODE-5200: relax SRV record validation to account for a dot suffix (#​3640) (4272c43)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.15.0

Compare Source

The MongoDB Node.js team is pleased to announce version 4.15.0 of the mongodb package!

Features

• NODE-5054: add AssumeRoleWithWebIdentity support to 4x driver (#​3566) (8a8c386)

Bug Fixes

• NODE-5097: set timeout on write and reset on message (#​3590) (2d3576b)

Documentation

• Reference: https://docs.mongodb.com/drivers/node/current/
• API: https://mongodb.github.io/node-mongodb-native/4.15/
• Changelog: HISTORY.md

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.14.0

Compare Source

The MongoDB Node.js team is pleased to announce version 4.14.0 of the mongodb package!

Deprecations

• NODE-4992: Deprecate methods and options that reference legacy logger (#​3532) (6c94b4a)

Bug Fixes

• NODE-4999: Write Concern 0 Must Not Affect Read Operations (#​3541) (ddfc2b9)
• NODE-5026: revert "ensure that MessageStream is destroyed when connections are destroyed" (#​3551) (c4da623)

Documentation

• Reference: https://docs.mongodb.com/drivers/node/current/
• API: https://mongodb.github.io/node-mongodb-native/4.14/
• Changelog: HISTORY.md

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v4.13.0

Compare Source

Features

• NODE-4691: interrupt in-flight operations on heartbeat failure (#​3457) (e641bd4)
• NODE-4810: define the new Logger (#​3475) (6ef11d7)

Bug Fixes

• NODE-4447: disable causal consistency in implicit sessions (#​3479) (6566fb5)
• NODE-4834: ensure that MessageStream is destroyed when connections are destroyed (#​3482) (8338bae)

4.12.1 (2022-11-23)

Bug Fixes

• NODE-4830: lazily import aws module (#​3476) (ff375e9)
• NODE-4831: check map value is not undefined (#​3477) (9795cdb)

v4.12.1

Compare Source

v4.12.0

Compare Source

Features

• NODE-4681: deprecate modify result (#​3459) (6a8776c)
• NODE-4683: make ChangeStream an async iterable (#​3454) (df8d9a4)
• NODE-4733: deprecate result and getLastOp (#​3458) (a143d3b)
• NODE-4757: deprecate unused PipeOptions (#​3466) (1a5e619)
• NODE-4809: deprecate the existing logger (#​3464) (1eea4f0)

Bug Fixes

• NODE-4609: allow mapping to falsey non-null values in cursors (#​3452) (1bf6ef1)
• NODE-4735: fix change stream consecutive resumabilty (#​3453) (89b27e9)
• NODE-4753: remove erroneous deprecation of geoNear (#​3465) (199dcaf)
• NODE-4783: handle orphaned operation descriptions (#​3463) (4c9b4d8)

v4.11.0

Compare Source

Features

• NODE-3255: add minPoolSizeCheckIntervalMS option to connection pool (#​3429) (5f34ad0)
• NODE-3651: add hashed index type (#​3432) (f6b56a1)
• NODE-3875: support recursive schema types (#​3433) (26bce4a)
• NODE-4503: throw original error when server attaches NoWritesPerformed label (#​3441) (a7dab96)
• NODE-4650: handle handshake errors with SDAM (#​3426) (cbe7533)
• NODE-4721: add aws-sdk as optional dependency (#​3446) (b879cb5)

Bug Fixes

• NODE-3712,NODE-4546: electionId should be ordered before setVersion (#​3174) (ca51fec)
• NODE-3921: error on invalid TLS option combinations (#​3405) (1a550df)
• NODE-4186: accept ReadPreferenceLike in TransactionOptions type (#​3425) (dc62bcb)
• NODE-4475: make interrupted message more specific (#​3437) (5f37cb6)
• NODE-4608: prevent parallel monitor checks (#​3404) (78bcfe4)
• NODE-4647: improve error message (#​3409) (0d3c02e)
• NODE-4649: use SDAM handling for errors from min pool size population (#​3424) (ef3b55d)

v4.10.0

Compare Source

Features

• NODE-4385: add cmap pool pausing functionality (#​3321) (335ee55)
• NODE-4484: add experimental support for disambiguatedPaths in change stream documents (#​3365) (846365a)
• NODE-4519: deprecate promiseLibrary and PromiseProvider (#​3403) (5c322b6)
• NODE-4547: mark all callback APIs as deprecated (#​3388) (a983f14)
• NODE-4607: add exports needed by legacy client (#​3396) (972f760)
• NODE-4634: add support for bulk FindOperators.hint() (#​3408) (8758890)

Bug Fixes

• NODE-3144: pool clear event ordering and retryability tests (#​3407) (bdc0d67)
• NODE-3986: unskip MONGODB-AWS test (#​3397) (5676f81)
• NODE-4557: randomize servers when there are only 2 eligible servers (#​3390) (ddcfa49)
• NODE-4583: revert nested union type support (#​3383) (7f94f0a)
• NODE-4591: only set loadBalanced on handshake when explicitly set (#​3386) (57e9f2d)
• NODE-4621: ipv6 address handling in HostAddress (#​3410) (5eb3978)
• NODE-4639: allow PromiseProvider to be null (#​3412) (d29b3d9)

v4.9.1

Compare Source

The MongoDB Node.js team is pleased to announce version 4.9.1 of the mongodb package!

Release Highlights

This is a bug fix release as noted below.

Bug Fixes

• NODE-4583: revert nested union type support (#​3383) (014d0b3)
• NODE-4591: only set loadBalanced on handshake when explicitly set (#​3386) (861d465)

v4.9.0

Compare Source

Features

• NODE-3517: improve index spec handling and type definitions (#​3315) (0754bf9)
• NODE-4336: deprecate old write concern options and add missing writeConcern to MongoClientOptions (#​3340) (d2b6ad8)
• NODE-4548: export ChangeStream class from top-level (#​3357) (48f295a)

Bug Fixes

• NODE-4159,NODE-4512: remove servers with incorrect setName from topology and fix unix socket parsing (#​3348) (00dcf2d)
• NODE-4273: pass 'comment' option through to distinct command (#​3339) (753ecfe)
• NODE-4413: set maxTimeMS on getMores when maxAwaitTimeMS is specified (#​3319) (dcbfd6e)
• NODE-4429: select server sync for endSessions during close (#​3363) (5086ead)
• NODE-4467: Add back support for oplogReplay option as deprecated (#​3337) (6c69b7d)
• NODE-4496: counter values incorrecly compared when instance of Long (#​3342) (d29eb8c)
• NODE-4513: type for nested objects in query & update (#​3349) (ec1a68f)
• NODE-4533: session support error message and unified test runner (#​3355) (6a0e502)
• NODE-4555: export BSON internally (#​3367) (4ce6e4c)

4.8.1 (2022-07-26)

Bug Fixes

• NODE-4423: better type support for nested objects in query & update (#​3328) (05e007b)
• NODE-4425: webpack optional import of FLE issue (#​3324) (5ab2b05)
• NODE-4444: use Node.js clear timers (#​3327) (c5cfe21)

v4.8.1

Compare Source

v4.8.0

Compare Source

Features

• NODE-4078: allow comment with estimated doc count (#​3301) (bed1fe3)
• NODE-4267: support nested fields in type completion for UpdateFilter (#​3259) (1a9a44c)
• NODE-4294: mark queryable encryption options beta (#​3300) (4c07bbb)
• NODE-4301: remove shared lib experimental tags (#​3298) (3976783)

Bug Fixes

• NODE-4125: change stream resumability (#​3289) (aa5f97e)
• NODE-4262: make startSession work without a connection (#​3286) (89ad7c3)
• sync showExpandedEvents spec tests (#​3288) (cfe18f9)

v4.7.0

Compare Source

Features

• NODE-1837: add zstd compression option (#​3237) (1261432)
• NODE-2993: implement maxConnecting (#​3255) (c9d3816)
• NODE-3750: make maxConnecting configurable (#​3261) (ee41447)
• NODE-3938: Add support for pre/post images in change streams (#​3250) (981465c)
• NODE-4079: estimated document count uses count (#​3244) (a752e75)
• NODE-4081: fix and deprecate change stream resume options (#​3270) (47adfb3)
• NODE-4139: streaming protocol message changes (#​3256) (4b9ad77)
• NODE-4192: make MongoClient.connect optional (#​3232) (a2359e4)
• NODE-4196: add support for showExpandedEvents in change streams ([