parse-server
parse-server copied to clipboard
parse-community
refactor: upgrade mongodb from 4.6.0 to 4.7.0
Snyk has created this PR to upgrade mongodb from 4.6.0 to 4.7.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 1 version ahead of your current version.
- The recommended version was released 22 days ago, on 2022-06-06.
Release notes
Package name: mongodb
-
4.7.0 - 2022-06-06
The MongoDB Node.js team is pleased to announce version 4.7.0 of the mongodb package! Happy MongoDB World Day!
Release Highlights
Support for ZSTD Compression
zstd compression is now supported by the NodeJS driver. To enable zstd compression, add it as a dependency in your project:
npm install –save @ mongodb-js/zstd. The add the option to your URI options:mongodb://host:port/db?compressors=zstd.Improved Connection Storm Avoidance
The Node driver has improved connection storm avoidance by limiting the number of connections that the driver will attempt to open to each server at a time. The number of concurrent connection attempts is set to 2 by default, but can be configured with a new MongoClient argument,
maxConnecting. The following code example creates a new MongoClient that configuresmaxConnectingto 5.const client = new MongoClient('MONGODB_URL', { maxConnecting: 5 });
Expanded Change Stream Events
The collection.watch function now supports a new option,
showExpandedEvents. WhenshowExpandedEventsis enabled, change streams will report the following events on servers 6.0 and later:createIndexesdropIndexesmodifycreateshardCollection
On servers 6.1.0 and later,
showExpandedEventswill also show change stream events for the following commands:reshardCollectionrefineCollectionShardKey
As an example, the following code creates a change stream that has expanded events enabled on a collection:
const client = new MongoClient('MONGODB_URL'); await client.connect();const collection = client.db('example-db').collection('example-collection'); const changeStream = collection.watch([], { showExpandedEvents: true });
Change Stream Support of Pre/Post Images
Change streams now support pre and post images for update events. To enable pre and post images, the collection must be created with the
changeStreamPreAndPostImagesoption enabled:const collection = await db.createCollection(‘collectionName’, { changeStreamPreAndPostImages: { enabled: true }} )
Pre and post images can then be enabled on the change stream when the change stream is created:
const changeStream = collection.watch([], { fullDocumentBeforeChange: ‘required’ })
See the documentation on pre and post images for more information: https://www.mongodb.com/docs/v6.0/changeStreams/#change-streams-with-document-pre--and-post-images.
Improved Performance in Serverless Environments
The driver now only processes the most recent server monitoring event if multiple heartbeat events are recorded in sequence before any can be processed. In serverless environments, this results in increased performance when a function is invoked after a period of inactivity as well as lower resource consumption.
Estimated Document Count uses the Count command
The 5.0 server compatible release unintentionally broke the
estimatedDocumentCountcommand on views by changing the implementation from thecountcommand toaggregateand acollStatsstage. This release fixes estimatedDocumentCount on views by reverting the implementation to usecount.Due to an oversight, the count command was omitted from the Stable API in server versions 5.0.0 - 5.0.8 and 5.1.0 - 5.3.1, so users of the Stable API with estimatedDocumentCount are recommended to upgrade their MongoDB clusters to 5.0.9 or 5.3.2 (if on Atlas) or set apiStrict: false when constructing their MongoClients.
MongoClient.connect is now optional
If an operation is run before MongoClient.connect is called by the client, the driver will now automatically connect along with that first operation. This makes the repl experience much more streamlined, going right from client construction to your first insert or find. However, MongoClient.connect can still be called manually and remains useful for learning about misconfiguration (auth, server not started, connection string correctness) early in your application's startup.
Note: It's a known limitation that explicit sessions (client.startSession) and
initializeOrderedBulkOp,initializeUnorderedBulkOpcannot be used until MongoClient.connect is first called. Look forward to a future patch release that will correct these inconsistencies.Support for Clustered Collections
Clustered Collections can now be created using the
createCollectionmethod in the Node driver:const client = new MongoClient('MONGODB_URL'); // No need to connect anymore! (see above) const collection = await client.db(‘example-db’).createCollection(‘example-collection’, { key: _id, unique: true });
More information about clustered indexes can be found on the official documentation page. https://www.mongodb.com/docs/upcoming/core/clustered-collections/
Automatic Encryption Shared Library
To enable the driver to use the new Automatic Encryption Shared Library instead of using mongocryptd, pass the location of the library in the auto-encryption extra options to the
MongoClient. Example:const client = new MongoClient(uri, { autoEncryption: { keyVaultNamespace: 'encryption.__keyVault', kmsProviders: { local: { key: 'localKey' } }, extraOptions: { cryptSharedLibPath: "/path/to/mongo_crypt_v1.dylib", }, encryptedFieldsMap: { "default.secretCollection": { [ { keyId: '_id', path: 'ssn', bsonType: 'string', queries: { queryType: 'equality' } } ] }, }, }, })Queryable Encryption Preview
Queryable Encryption is a beta feature that enables you to encrypt data in your application before you send it over the network to MongoDB while still maintaining the ability to query the encrypted data. With Queryable Encryption enabled, no MongoDB-managed service has access to your data in an unencrypted form.
Checkout the documentation: https://www.mongodb.com/docs/upcoming/core/queryable-encryption/queryable-encryption/
ATTENTION: This feature is included in this release as a beta preview. All related APIs marked with
@ expirementalin the documentation. There are no guarantees that the APIs will not undergo breaking changes without prior notice.Features:
- NODE-1837: add zstd compression option (#3237) (1261432)
- NODE-2993: implement maxConnecting (#3255) (c9d3816)
- NODE-3750: make maxConnecting configurable (#3261) (ee41447)
- NODE-3938: Add support for pre/post images in change streams (#3250) (981465c)
- NODE-4079: estimated document count uses count (#3244) (a752e75)
- NODE-4081: fix and deprecate change stream resume options (#3270) (47adfb3)
- NODE-4139: streaming protocol message changes (#3256) (4b9ad77)
- NODE-4192: make MongoClient.connect optional (#3232) (a2359e4)
- NODE-4196: add support for showExpandedEvents in change streams (#3254) (9c1782e)
- NODE-4229: bump maxWireVersion to 17 (#3265) (d13cec2)
Bug Fixes
- NODE-4103: respect BSON options when creating change streams (#3247) (b2798d9)
- NODE-4108: improve return type for withTransaction() (#3236) (48e0e6e)
- NODE-4254: allow csfle to be dynamically required (#3260) (cd6b5a0)
- NODE-4281: ensure that the driver always uses Node.js timers (#3275) (4501a1c)
Documentation
- Reference: https://docs.mongodb.com/drivers/node/current/
- API: https://mongodb.github.io/node-mongodb-native/4.7
- Changelog: https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
- 4.6.0 - 2022-05-11 Read more
Commit messages
Package name: mongodb
- 1cc2c4b chore(release): 4.7.0
- c8362eb test: resumability for change stream unified tests (#3282)
- 9c1782e feat(NODE-4196): add support for showExpandedEvents in change streams (#3254)
- ed50ef5 test(NODE-4262): simplify leak checker for startSession fixes (#3281)
- 0936b58 chore: skip failing TS version (#3285)
- 7a5d2f5 chore: add generated docs files to release commit (#3283)
- 6cae4b4 test(NODE-4270): convert command monitoring tests to unified format (#3276)
- f8e7301 chore(NODE-4285): rename csfle shared library references (#3280)
- 4501a1c fix(NODE-4281): ensure that the driver always uses Node.js timers (#3275)
- 47adfb3 feat(NODE-4081): fix and deprecate change stream resume options (#3270)
- cb3e860 test: improve change stream tests (#3272)
- 52fea4d test(NODE-4274): fix `match` logic in unified spec runner (#3267)
- ee41447 feat(NODE-3750): make maxConnecting configurable (#3261)
- f1887bf chore: update typescript version (#3268)
- d13cec2 feat(NODE-4229): bump maxWireVersion to 17 (#3265)
- 11e7e00 test(NODE-4255): sync clustered index spec tests (#3266)
- 6845069 chore(NODE-4246): update FLE2 collection management (#3251)
- 52eb62b chore(NODE-4265): fle2 -> queryable encryption (#3263)
- cd6b5a0 fix(NODE-4254): allow csfle to be dynamically required (#3260)
- 4b9ad77 feat(NODE-4139): streaming protocol message changes (#3256)
- c496c25 chore(NODE-4266): improve error message for SCRAM-SHA-1 in FIPS mode (#3258)
- c9d3816 feat(NODE-2993): implement maxConnecting (#3255)
- b2798d9 fix(NODE-4103): respect BSON options when creating change streams (#3247)
- 1261432 feat(NODE-1837): add zstd compression option (#3237)
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
I will reformat the title to use the proper commit message syntax.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Merging #8083 (ab91484) into alpha (f821dfd) will increase coverage by
0.02%. The diff coverage isn/a.
@@ Coverage Diff @@
## alpha #8083 +/- ##
==========================================
+ Coverage 94.18% 94.20% +0.02%
==========================================
Files 182 182
Lines 13720 13720
==========================================
+ Hits 12922 12925 +3
+ Misses 798 795 -3
| Impacted Files | Coverage Δ | |
|---|---|---|
| src/RestWrite.js | 94.57% <0.00%> (+0.15%) |
:arrow_up: |
| src/Adapters/Files/GridFSBucketAdapter.js | 80.32% <0.00%> (+0.81%) |
:arrow_up: |
| src/ParseServerRESTController.js | 98.48% <0.00%> (+1.51%) |
:arrow_up: |
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
