Update dependency mongodb to v3.6.6 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
mongodb	dependencies	minor	3.1.13 -> 3.6.6

By merging this PR, the issue #26 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Medium	5.3	CVE-2022-25883

---

Release Notes

mongodb/node-mongodb-native (mongodb)

v3.6.6

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver

Release Highlights

This patch addresses a number of bugs listed below.
Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, listCollections) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.

Bug

• [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
• [NODE-3050] - Infinite loop on Windows due to a bug in require_optional package
• [NODE-3120] - TypeError: Cannot read property 'roundTripTime' of undefined
• [NODE-3122] - Pipelining an upload stream of GridFSBucket never finishes on Node v14
• [NODE-3129] - Collection () .. .setReadPreference() not routing query to secondaries
• [NODE-3133] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch

Improvement

• [NODE-3070] - Define error handling behavior of writeErrors and writeConcernError on Mongos

Documentation

• Reference: http://mongodb.github.io/node-mongodb-native/3.6
• API: http://mongodb.github.io/node-mongodb-native/3.6/api
• Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

v3.6.5

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!

Notable Fixes

In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause startSession to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.

In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's process.emitWarning API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.

Bug

• session support detection spec compliance (#​2732) (9baec71)
• [NODE-3100] - startSession fails intermittently on servers that support sessions
• [NODE-3066] - Accessing non-existent property 'MongoError' of module exports inside circular dependency
• [NODE-3114] - Incorrect warning: Top-level use of w, wtimeout, j, and fsync is deprecated
• [NODE-3119] - Node 14.5.4, mongo 3.6.4 Circular warnings

v3.6.4

Compare Source

MongoDB Driver v3.6.4

The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver

Release Highlights

Explain Support

The full set of $explain verbosity settings are now supported:

• queryPlanner
• queryPlannerExtended
• executionStats
• allPlansExecution

In the following commands:

• aggregate() (MDB 3.0+)
• find() (MDB 3.0+)
• remove() (MDB 3.0+)
• update() (MDB 3.0+)
• distinct() (MDB 3.2+)
• findAndModify() (MDB 3.2+)
• mapReduce() (MDB 4.4+)

You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
To learn more about how to use explain read here.

Direct Connection Issue Revert

We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.

NOTE: In the next major version the unifiedTopology is the only Topology and it is required to either specify a replicaSet name or enable directConnection in order to connect to single nodes in a replica set.

Support Azure and GCP keystores in FLE

There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.

Documentation

• Reference: http://mongodb.github.io/node-mongodb-native/3.6
• API: http://mongodb.github.io/node-mongodb-native/3.6/api
• Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2355] - GridFSBucketWriteStream doesn't implement stream.Writable properly
• [NODE-2828] - noCursorTimeout does not seem to for find()
• [NODE-2874] - Setting connectionTimeoutMS to 0 will result in a disconnection every heartbeatFrequencyMS
• [NODE-2876] - Race condition when resetting server monitor
• [NODE-2916] - Legacy topology hangs with unlimited socket timeout
• [NODE-2945] - ignoreUndefined not works on findOneAndUpdate when { upsert: true }
• [NODE-2965] - MongoClient.readPreference returns "primary" ignoring readPref from connection string
• [NODE-2966] - Unified topology: server selection fails when trying to connect to a remote replica set with a member whose 'host' attribute resolves to 'localhost'
• [NODE-2977] - Query parameters with path in connection string not working on windows
• [NODE-2986] - MongoError: pool destroyed

Features

• [NODE-2762] - Comprehensive Support for Explain
• [NODE-2852] - Add explain support to non-cursor commands
• [NODE-2853] - Add explain support to cursor-based commands

Improvement

• [NODE-1726] - Deprecate Topology events in Db
• [NODE-2825] - Support Azure and GCP keystores in FLE
• [NODE-2880] - Improve stack traces in the session leak checker
• [NODE-2895] - Update AggregateCursor "unwind" method to match the native driver
• [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption

v3.6.3

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.3 of the driver

Release Highlights

MongoError: not master when running createIndex

A regression introduced in v3.6.2 meant that createIndex operations would not be executed with a fixed
primary read preference. This resulted in the driver selecting any server for the operation, which would
fail if a non-primary was selected.

Performance issues on AWS Lambda

The driver periodically monitors members of the replicaset for changes in the topology, but ensures that
the "monitoring thread" is never woken sooner than 500ms. Measuring this elapsed time depends on a
stable clock, which is not available to us in some virtualized environments like AWS Lambda. The result
was that periodically operations would think there were no available servers, and the driver would force
a wait of heartbeatFrequencyMS (10s by default) before reaching out to servers again for a new
monitoring check. The internal async interval timer has been improved to account for these environments

GSSAPI AuthProvider reuses single kerberos client

A regression introduced in v3.6.0 forced the driver to reuse a single kerberos client for all
authentication attempts. This would result in incomplete authentication flows, and occaisionally even
a crash in the kerberos module. The driver has been reverted to creating a kerberos client per
authentication attempt.

Performance regression due to use of setImmediate

A change introduced in v3.6.1 switched all our usage of process.nextTick in the connection pool with
setImmediate per Node.js core recommendation. This was observed to introduce noticeable latency when the event loop
was experiencing pressure, so the change was reverted for this release pending further investigation.

Community Contributions

• @​jswangjunsheng submitted a fix for a rare scenario when wait queue members time out before connection establishment
• @​through-a-haze submitted a fix for incorrect construction of an X509 authentication message
• @​andreialecu helped us indicate peer optional dependencies in our package.json for stricter package managers (pnpm, yarn2)

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2172] - Change stream breaks on disconnection when there&#​39;s something piped into it.
• [NODE-2784] - MongoError: Not Master when running createIndex in 3.6.0
• [NODE-2807] - MongoClient.readPreference always returns primary
• [NODE-2827] - Connecting to single mongos makes driver think it is connected to a standalone
• [NODE-2829] - MongoDB Driver 3.6+ Performance issues on AWS Lambda
• [NODE-2835] - Remove default timeout for read operations
• [NODE-2859] - GSSAPI AuthProvider causing crashes in Compass
• [NODE-2861] - Performance Regression for usage of mongodb connections (queries, inserts, ...)
• [NODE-2865] - Connections can be leaked if wait queue members are cancelled
• [NODE-2869] - Invalid assignment of X509 username makes authentication impossible

Improvement

• [NODE-2834] - Remove deprecation of AggregationCursor#geoNear
• [NODE-2867] - Use peerDependenciesMeta field to mark peer optional dependencies

v3.6.2

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver

Release Highlights

Updated bl dependency due to CVE-2020-8244

See this link for more details: GHSA-pp7h-53gx-mx7r

Connection pool wait queue processing is too greedy

The logic for processing the wait queue in our connection pool ran the risk of
starving the event loop. Calls to process the wait queue are now wrapped in a
setImmediate to prevent starvation

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2798] - Update version of dependency "bl" due to vulnerability
• [NODE-2803] - Connection pool wait queue processing is too greedy

v3.6.1

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver

Release Highlights

Kerberos

A bug in introducing the new CMAP Connection prevented some users from properly authenticating with the kerberos module.

Index options are not respected with createIndex

The logic for building the createIndex command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist.

Remove strict mode for createCollection

Since v3.6.0 createCollection will no longer returned a cached Collection instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the strict option for createCollection, so that option has been removed from documentation.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2755] - "language_override" option support for text index is broken

Improvement

• [NODE-2730] - Move MongoAuthProcess into the driver source tree
• [NODE-2746] - Strict mode for `createCollection` should be removed

v3.6.0

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver

NOTE: This version begins our official support for MongoDB 4.4

Release Highlights

Streaming topology changes

MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome.

This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code.

Authentication

MONGODB-AWS authentication mechanism

The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our documentation.

Performance improvements

There were two projects to transparently improve performance of authentication in MongoDB 4.4:

• A driver can now include the first saslStart command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms.

• The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication.

Changes in behavior of Db.prototype.createCollection

The createCollection helper used to internally run a listCollections command in order to see if a collection already existed before running the command. If it determined a collection with the same name existed, it would skip running the command and return an instance of Collection. This behavior was changed in v3.6.0 to avoid potentially serious bugs, specifically that the driver was not considering options passed into createCollection as part of the collection equality check. Imagine the following scenario:

const client = new MongoClient('...');
await client.connect();
 
await client.db('foo').collection('bar').insert({ importantField: 'llamas' });
await client.db('foo').createCollection('bar', {
  validator: { $jsonSchema: {
    bsonType: 'object',
    required: ['importantField'],
    properties: { name: { bsonType: 'boolean' } }
  }
});

The createCollection call which defines a JSON schema validator would be completely bypassed because of the existence of bar, which was implicitly created in the first command. Our policy is strictly adhere to semver, but in rare cases like this where we feel there is potential for a data corrupting bug, we make breaking behavioral changes to protect the user.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Epic

• [NODE-2450] - Node MongoDB 4.4 Support

New Feature

• [NODE-2434] - Reduce Client Time To Recovery On Topology Changes
• [NODE-2288] - MONGODB-AWS Support
• [NODE-2289] - Support for allowDiskUse on find operations
• [NODE-2290] - Allow passing hint to findAndModify update and replace operations
• [NODE-2291] - Improve testing around default writeConcern
• [NODE-2295] - Collection and index creation in multi-doc txns
• [NODE-2427] - OCSP Support
• [NODE-2487] - Support speculative authentication attempts in isMaster
• [NODE-2301] - Support shorter SCRAM conversation
• [NODE-2269] - Add support for validate command "background" option

Improvement

• [NODE-2175] - Avoid using readConcern snapshot in sharded transaction tests
• [NODE-2176] - Resync bson-corpus array.json to fix duplicate test names
• [NODE-2393] - Change uri_options/auth-options spec test to enable conditional tests
• [NODE-2394] - Verify max set version and max election id on topologies in SDAM spec tests
• [NODE-2422] - Validate that mongocryptd is not spawned if bypassAutoEncryption=true
• [NODE-2430] - Raise error if hint specified for unacknowledged update using OP_MSG or OP_UPDATE
• [NODE-2431] - Reduce floating point precision required of extended json implementations
• [NODE-2432] - Clarify behavior when "me" field doesn&#​39;t match any values in "hosts" array
• [NODE-2477] - Allow hinting the delete command
• [NODE-2504] - Add SDAM test for incompatible server becoming compatible
• [NODE-2506] - Ensure that the WriteConcernError "errInfo" object is propagated
• [NODE-2538] - Add RetryableWriteError error labels to retryable transaction tests
• [NODE-2546] - Deprecate geoHaystack and geoSearch
• [NODE-2559] - Reduce race conditions in SDAM error handling
• [NODE-2560] - Make &#​39;reIndex&#​39; a standalone-only command
• [NODE-2564] - Clarify how a driver must handle wrong set name in single topology
• [NODE-2569] - &#​39;CommitQuorum&#​39; option support for &#​39;createIndexes’ command on MongoDB 4.4
• [NODE-2576] - Raise error when hint option is provided on unacknowledged writes against any server version
• [NODE-2592] - Update documentation for Text Search
• [NODE-2594] - Do not add the RetryableWriteError label to errors that occur during a write within a transaction (excepting commitTransaction and abortTransaction)
• [NODE-2622] - allowDiskUse option for find should be documented as only being supported in 4.4+
• [NODE-2627] - Reduce default keepalive time to align with Azure defaults
• [NODE-2659] - Drivers should retry replSetStepDown after "Unable to acquire X lock" error
• [NODE-2661] - Define behavior of connectTimeoutMS=0 with streaming protocol
• [NODE-2675] - Test that ElectionInProgress is not resumed
• [NODE-2682] - Treat CursorNotFound as a resumable change stream error
• [NODE-2150] - Bump wire protocol version for 4.4
• [NODE-2379] - Expand use of error labels for RetryableWrites
• [NODE-2423] - Deprecate oplogReplay find command option from CRUD spec
• [NODE-2426] - Make ExceededTimeLimit retryable writes error
• [NODE-2429] - GridFS index checking should support indexes created in the shell
• [NODE-2433] - Lift restriction on authSource without credentials
• [NODE-2452] - Unify behavior around configuration for replica set discovery
• [NODE-2510] - Driver support for server Hedged Reads
• [NODE-2516] - Update comment in Transactions withTxn examples for the manual.
• [NODE-2557] - Remove replicaset from tests that perform reIndex command

Bug

• [NODE-2416] - Confusing documentation for collection.aggregate collation option
• [NODE-2502] - replaceOne example in test/examples/update_documents.js incorrect
• [NODE-2537] - createCollection helper should not run listIndexes outside of strict mode
• [NODE-2567] - Fix qs dependency for older node
• [NODE-2616] - SDAM test typo "compatible"
• [NODE-2623] - Gridfs doesn&#​39;t allow to catch exception with length that exceeds file size
• [NODE-2660] - Throw an error if bulk update documents don&#​39;t contain update operator expressions
• [NODE-2711] - Monitoring should not be immediately scheduled on streaming failure

v3.5.11

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.11 of the driver

Release Highlights

Kerberos

A bug in introducing the new CMAP Connection prevented some users from properly
authenticating with the kerberos module.

Updated bl dependency due to CVE-2020-8244

See this link for more details: GHSA-pp7h-53gx-mx7r

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2798] - Update version of dependency "bl" due to vulnerability

v3.5.10

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver

NOTE: This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0

Release Highlights

TypeError: Cannot read property 'documents' of null

@​adrian-gierakowski helped us identify a bug with our ChangeStreamCursor, specifically when the cursor
was complete it would not return a valid document but instead a null value.

Command helper not respecting server selection specification rules

The server selection specification indicates that the "runCommand" helper should act
as a read operation for the purposes of server selection, and that it should use a default read
preference of "primary" which can only be overridden by the helper itself. The driver had a bug
where it would inherit the read preference from its "parent" type (Collection, Db, MongoClient)
which is at odds with the specified behavior.

mongodb+srv invalid IPv6 support

Due to a bug in how we referred to ipv6 addresses internal to the driver, if a mongodb+srv
connection string was provided with an ipv6 address the driver would never be able to connect
and would result in a the following error RangeError: Maximum call stack size exceeded.

maxStalenessSeconds not accepted when provided via options

There was a bug in our connection string and MongoClient options parsing where a value provided
for maxStalenessSeconds would not end up being reflected in the ReadPreference used internal
to the driver.

Sessions are prohibited with unacknowledged writes

MongoDB can provide no guarantees around unacknowledged writes when used within a session. The
driver will now silently remove the lsid field from all writes issued with { w: 0 }, and
will return an error in these situations in the upcoming 4.0 major release.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2626] - initialising change stream results in: TypeError: Cannot read property &#​39;documents&#​39; of null
• [NODE-2649] - Driver 3.5.x with useUnifiedTopology sends admin commands to secondary
• [NODE-2671] - ipv6 is not supported when using dns service discovering
• [NODE-2678] - ReadPreference.fromOptions doesn&#​39;t pull "maxStalenessSeconds" from options

Improvement

• [NODE-1341] - Prohibit using unacknowledged writes with explicit sessions

v3.5.9

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.9 of the driver

Release Highlights

Use duration of handshake if no previous roundTripTime exists

The default roundTripTime of a ServerDescription is -1, which means if that value is used we can potentially calculate a negative roundTripTime. Instead, if no previous roundTripTime exists, we use the duration of the initial handshake.

the options [maxIdleTimeMS] is not supported

A number of new options were added when the CMAP compliant connection pool was introduced in 3.5.x. Unfortunately, these options were not documented properly. Now they are mentioned in the MongoClient documentation, with a notice that they are only supported with the unified topology.

TypeError: Reduce of empty array with no initial value

A fix in 3.5.8 which ensured proper filtering of servers during server selection exposed an issue in max staleness calculations when the topology type is ReplicaSetNoPrimary and no servers are currently known. In order to estimate an upper bound of max staleness when there is no primary, the most stale known server is known to compare the others to - if there are no known servers, you can't reduce the array!

Server monitoring is prevented under heavy request load

In certain very high load fail-over scenarios the driver is unable to reschedule a monitoring check in order to update its view of the topology for retryability. This would result in a high number of failed operations, as they were unable to determine a new viable server.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2637] - connection pool options support for MongoClient
• [NODE-2641] - maxStalenessReducer fails on empty set of servers
• [NODE-2643] - Server monitoring is prevented under heavy request load
• [NODE-2652] - Use duration of initial handshake if no roundTripTime value exists for server

Improvement

• [NODE-2651] - Use consistent means of measuring time

v3.5.8

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.8 of the driver

Release Highlights

Fixes for NEAREST latency window calculation

@​adityapatadia helped uncover an issue with our server selection logic which
filtered out servers after evaluating whether they were in the latency window.
This meant that non-viable servers were considered during the window calculation
and would render certain viable servers unviable.

BulkWriteError writeErrors property

@​vkarpov15 submitted a patch to always include writeErrors on a BulkWriteError.
We have logic to set the message of BulkWriteError to the message of the first
error encountered if there is only one error. Unfortunately, this logic removed
the writeErrors field when doing that, so users could be faced with an error
which conditionally changed shape.

Memory leak in timed out wait queue members

@​dead-horse identified a memory leak in the new connection pool where wait queue
members which timed out might be left in the queue indefinitely under sufficient
load. The fix here was to ensure that all wait queue members are flushed during
wait queue processing before evaluating whether there were available sockets to
process new requests.

Implicit sessions cleanup improvements

Once @​dead-horse was able to patch the connection pool memory leak, they also
identified a edge case where implicit sessions could be leaked in a very specific
error condition. The logic to release implicit sessions was simplified, preventing
this from happening in the future

Unordered bulk writes continue-on-error

A bug introduced last summer prevented unordered bulk write operations from
continuing after the first write error - one of the most important features of
being an unordered operation. We now properly support this feature again.

journal in connection string is ignored

@​nknighter filed a report that the journal option was ignored when provided
via the connection string. The paramater j was supported both through the
connection string and explicit added to MongoClient options, but the official
documentation for connection strings support a journal option.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2407] - UnifiedTopology + near read makes application crash with timeout error when one of replica server is down
• [NODE-2413] - The node process enters an infinite loop at the pool and causes OOM
• [NODE-2442] - journal=true is ignored in connection string
• [NODE-2548] - Change streams do not resume from errors
• [NODE-2565] - Change stream should not check for NonResumableChangeStreamError label
• [NODE-2619] - Unordered bulk write aborts on first encountered error
• [NODE-2625] - BulkWriteError should always have a writeErrors field

Task

• [NODE-2478] - Use white list for change stream resumability
• [NODE-2598] - Change stream close refactor
• [NODE-2605] - Refactor shared test helpers to improve usability

Improvement

• [NODE-2522] - Remove ElectionInProgress (216) from ResumableChangeStreamError
• [NODE-2571] - Don&#​39;t use admin database for FLE tests
• [NODE-2630] - Simplify code path for ending implicit sessions in cursors

v3.5.7

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.7 of the driver

Release Highlights

Warning: Accessing non-existent property 'count' of module exports inside circular dependency

Work earlier this year left some dead code in our operations code, resulting in this warning message reported by multiple users. While we still have a few cycles in our codebase yet, this will quiet Node.js 14's circular dependency warnings.

Sessions are only acquired when operations are executed

Drivers use an implicit session for all operations where an explicit session is not provided. A subtle bug was introduced when session support was implemented where implicit sessions were created and assigned to operations even if they were about to sit in a queue waiting for execution. This results in the driver creating many sessions rather than reusing pooled ones. The fix is to ensure a session is only checked out of the pool when the operation is about to be written to a server.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2536] - Circular dependency in Node.js 14 nightly
• [NODE-2552] - Server session creation grows unbounded with every operation call

Improvement

• [NODE-2534] - Document options supported by the unified topology
• [NODE-2560] - Make &#​39;reIndex&#​39; a standalone-only command

v3.5.6

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.6 of the driver

Release Highlights

Regression in map when cursor used as a stream

@​dobesv helped identify a regression where a map function would be applied twice
if defined on a cursor, and that cursor was used to stream data.

TypeError: Cannot read property 'code' of undefined

User @​linus-hologram originally reported an issue with a TypeError when the lambda
passed to the withTransaction helper rejected with a null value. @​vkarpov15
submitted the fix.

readPreferenceTags interpreted as an array

A bug was fixed where readPreferenceTags with a single value in the connection
string was not properly interpreted as an array of tags. This prevented the
Use Analytics Nodes to Isolate Workload guidance from working
correctly.

Cannot set property 'isDirty' of null

User @​sean-daley reported seeing this in an AWS Lambda environment, but has proven to
be somewhat of a heisenbug. We are rolling out a fix here that ensures sessions
(implicit or not) are not used after they have been explicitly ended.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2503] - Cursor ReadStream applies map function twice
• [NODE-2515] - TypeError when transaction is rejected with empty reason
• [NODE-2541] - readPreferenceTags are not interpreted as an array
• [NODE-2545] - Cannot set property &#​39;isDirty&#​39; of null
• [NODE-2549] - Unknown topology should return empty array for server selection with read preference

v3.5.5

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.5 of the driver

Release Highlights

Regression in hasNext when using a cursor with a limit

@​peterbroadhurst helped point out a regression introduced in v3.5.4 where using hasNext
on a cusor with a limit would not return the full set of results.

Ignored topology updates cause servers to fall out of latency window

A change introduced across all MongoDB drivers, and in particular v3.5.0 of the Node.js
driver, attempted to prevent needless duplicate topologyDescriptionChanged topology events
by introducing a ServerDescription equality operator. Since equality does not take the
lastUpdateTime and lastWriteDate fields of an ismaster into account, the driver could
eventually consider servers non-suitable for server selection, since they would fall out
of the latency window.
All updates are considered viable for topology updates now, and only event emission is
gated by ServerDescription equality.

Memory leaks with Node.js v12+

The legacy topology types (in particular if you were connected to a replic set) used a
custom Timeout class to wrap a timer. Unfortunately, the class depended on an undocumented,
private variable _called, which was removed in Node.js v12. This would lead to the driver
thinking the timeout never occurred, and therefore never releasing the object for garbage
collection. We recommend users of the legacy topology types immediately update to this
version of the driver, or use the Unified Topology which is unaffected by this bug.

TypeError: Cannot read property 'Symbol(cancelled)' of undefined

@​erfanium and @​Paic helped us identify an issue in rare failover events where multiple
requests to process the server selection queue would result in an attempted property
access of an undefined variable.

promiseLibrary not respected by newly introduced maybePromise helper

@​tobyealden pointed out that an internal refactor to use a helper to optionally
return a Promise for top level API methods was not, in fact, using a custom
promise library if one was provided!

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2460] - Memory Leak with ReplSet and NodeJS v12
• [NODE-2472] - TypeError on server available with useUnifiedTopology: true
• [NODE-2474] - Server_Description update with lastUpdateTime / lastWriteDate fields is ignored in topology
• [NODE-2480] - TypeError after reconnecting
• [NODE-2483] - Regression using hasNext on cursor with limit
• [NODE-2490] - promiseLibrary option is not honoured

v3.5.4

Compare Source

Bug Fixes

• cmap: don't run min connection thread if no minimum specified (2d1b713)
• sdam: use ObjectId comparison to track maxElectionId (a1e0849)
• topology: ensure selection wait queue is always processed (bf701d6)
• topology: enter STATE_CLOSING before draining waitQueue (494dffb)
• don't consume first document when calling hasNext on cursor (bb359a1)

Features

• add utility helper for returning promises or using callbacks (ac9e4c9)

v3.5.3

Compare Source

Bug Fixes

• message-stream: support multiple inbound message packets (8388443)
• server: non-timeout network errors transition to Unknown state (fa4b01b)

Features

• connection: support exhaust behavior at the transport level (9ccf268)

v3.5.2

Compare Source

Bug Fixes

• properly handle err messages in MongoDB 2.6 servers (0f4ab38)
• topology: always emit SDAM unrecoverable errors (57f158f)

v3.5.1

Compare Source

Bug Fixes

• cmap: accept all node TLS options as pool options (5995d1d)
• cmap: error wait queue members on failed connection creation (d13b153)
• connect: listen to secureConnect for tls connections (f8bdb8d)
• transactions: use options helper to resolve read preference (9698a76)
• uri_parser: TLS uri variants imply ssl=true (c8d182e)

v3.5.0

Compare Source

Bug Fixes

• copy ssl option to pool connection options (563ced6)
• destroy connections marked as closed on checkIn / checkOut (2bd17a6)
• ensure sync errors are thrown, and don't callback twice (cca5b49)
• ignore connection errors during pool destruction (b8805dc)
• not all message payloads are arrays of Buffer (e4df5f4)
• recover on network error during initial connect (a13dc68)
• remove servers with me mismatch in updateRsFromPrimary (95a772e)
• report the correct platform in client metadata (35d0274)
• reschedule monitoring before emitting heartbeat events (7fcbeb5)
• socket timeout for handshake should be connectTimeoutMS (c83af9a)
• timed out streams should be destroyed on timeout event (5319ff9)
• use remote address for stream identifier (f13c20b)
• used weighted RTT calculati

[mend-for-github-com]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json