Skip to content

Update dependency mongodb to v3.5.8#11

Open
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/mongodb-3.x-lockfile
Open

Update dependency mongodb to v3.5.8#11
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/mongodb-3.x-lockfile

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 6, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change
mongodb dependencies patch 3.5.73.5.8

By merging this PR, the issue #15 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
Medium Medium 6.5 CVE-2020-8244

Release Notes

mongodb/node-mongodb-native (mongodb)

v3.5.8

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.8 of the driver

Release Highlights

Fixes for NEAREST latency window calculation

@​adityapatadia helped uncover an issue with our server selection logic which
filtered out servers after evaluating whether they were in the latency window.
This meant that non-viable servers were considered during the window calculation
and would render certain viable servers unviable.

BulkWriteError writeErrors property

@​vkarpov15 submitted a patch to always include writeErrors on a BulkWriteError.
We have logic to set the message of BulkWriteError to the message of the first
error encountered if there is only one error. Unfortunately, this logic removed
the writeErrors field when doing that, so users could be faced with an error
which conditionally changed shape.

Memory leak in timed out wait queue members

@​dead-horse identified a memory leak in the new connection pool where wait queue
members which timed out might be left in the queue indefinitely under sufficient
load. The fix here was to ensure that all wait queue members are flushed during
wait queue processing before evaluating whether there were available sockets to
process new requests.

Implicit sessions cleanup improvements

Once @​dead-horse was able to patch the connection pool memory leak, they also
identified a edge case where implicit sessions could be leaked in a very specific
error condition. The logic to release implicit sessions was simplified, preventing
this from happening in the future

Unordered bulk writes continue-on-error

A bug introduced last summer prevented unordered bulk write operations from
continuing after the first write error - one of the most important features of
being an unordered operation. We now properly support this feature again.

journal in connection string is ignored

@​nknighter filed a report that the journal option was ignored when provided
via the connection string. The paramater j was supported both through the
connection string and explicit added to MongoClient options, but the official
documentation for connection strings support a journal option.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

  • [NODE-2407] - UnifiedTopology + near read makes application crash with timeout error when one of replica server is down
  • [NODE-2413] - The node process enters an infinite loop at the pool and causes OOM
  • [NODE-2442] - journal=true is ignored in connection string
  • [NODE-2548] - Change streams do not resume from errors
  • [NODE-2565] - Change stream should not check for NonResumableChangeStreamError label
  • [NODE-2619] - Unordered bulk write aborts on first encountered error
  • [NODE-2625] - BulkWriteError should always have a writeErrors field

Task

  • [NODE-2478] - Use white list for change stream resumability
  • [NODE-2598] - Change stream close refactor
  • [NODE-2605] - Refactor shared test helpers to improve usability

Improvement

  • [NODE-2522] - Remove ElectionInProgress (216) from ResumableChangeStreamError
  • [NODE-2571] - Don&#​39;t use admin database for FLE tests
  • [NODE-2630] - Simplify code path for ending implicit sessions in cursors
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jul 6, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.5.8 - autoclosed Mar 26, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/mongodb-3.x-lockfile branch March 26, 2023 11:57
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 - autoclosed Update dependency mongodb to v3.5.8 Mar 31, 2023
@mend-for-github-com mend-for-github-com bot reopened this Mar 31, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/mongodb-3.x-lockfile branch March 31, 2023 04:50
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.5.8 - autoclosed Apr 23, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/mongodb-3.x-lockfile branch April 23, 2023 11:24
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 - autoclosed Update dependency mongodb to v3.5.8 Apr 24, 2023
@mend-for-github-com mend-for-github-com bot reopened this Apr 24, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/mongodb-3.x-lockfile branch April 24, 2023 11:09
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.5.8 - autoclosed Jun 14, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/mongodb-3.x-lockfile branch June 14, 2023 21:23
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 - autoclosed Update dependency mongodb to v3.5.8 Jun 18, 2023
@mend-for-github-com mend-for-github-com bot reopened this Jun 18, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/mongodb-3.x-lockfile branch June 18, 2023 11:56
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 838a171 to a834651 Compare June 18, 2023 11:57
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from a834651 to 92c6f49 Compare December 5, 2023 01:11
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.6.6 Dec 5, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 92c6f49 to af2549a Compare December 13, 2023 05:01
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from af2549a to b5410a5 Compare January 2, 2024 05:08
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from b5410a5 to c0cf845 Compare March 6, 2024 06:23
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.6.6 Update dependency mongodb to v3.5.8 Mar 6, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.6.6 Jan 19, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from c0cf845 to 98f77cd Compare January 19, 2025 09:42
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 98f77cd to c094af5 Compare January 31, 2025 20:24
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.6.6 Update dependency mongodb to v3.5.8 Jan 31, 2025
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.5.8 - autoclosed Mar 27, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/mongodb-3.x-lockfile branch March 27, 2025 06:18
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 - autoclosed Update dependency mongodb to v3.5.8 Mar 31, 2025
@mend-for-github-com mend-for-github-com bot reopened this Mar 31, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 0014860 to c094af5 Compare March 31, 2025 10:34
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.6.6 Mar 31, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from c094af5 to 24c97b9 Compare April 1, 2025 11:20
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 24c97b9 to f923204 Compare April 12, 2025 18:07
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.6.6 Update dependency mongodb to v3.5.8 Apr 12, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from f923204 to 25a68e5 Compare May 13, 2025 10:29
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.6.6 May 13, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 25a68e5 to f82ac64 Compare June 13, 2025 00:19
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.6.6 Update dependency mongodb to v3.5.8 Jun 13, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from f82ac64 to 2f35876 Compare June 13, 2025 10:05
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from 2f35876 to fae5426 Compare October 14, 2025 02:34
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.5.8 Update dependency mongodb to v3.6.6 Oct 14, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mongodb-3.x-lockfile branch from fae5426 to dfd916a Compare October 18, 2025 00:57
@mend-for-github-com mend-for-github-com bot changed the title Update dependency mongodb to v3.6.6 Update dependency mongodb to v3.5.8 Oct 18, 2025
@mend-for-github-com
Copy link
Author

mend-for-github-com bot commented Oct 29, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants