any-sync-coordinator icon indicating copy to clipboard operation
any-sync-coordinator copied to clipboard
verified publisher icon anyproto

Bump go.mongodb.org/mongo-driver from 1.16.1 to 1.17.1

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps go.mongodb.org/mongo-driver from 1.16.1 to 1.17.1.

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.17.1

The MongoDB Go Driver Team is pleased to release version 1.17.1 of the official Go driver.

Release Notes

This release improves the behavior of connection checkout by checking for closed connections.

It also fixes a bug where the authSource from a TXT record would be overridden for auth mechanisms that require an authSource of $external.

For a full list of tickets included in this release, please see the links below:

Full Changelog: v1.17.0...v1.17.1

Documentation for the Go driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go driver is greatly appreciated!

MongoDB Go Driver 1.17.0

The MongoDB Go Driver Team is pleased to release version 1.17.0 of the official MongoDB Go driver.

Release Notes

This release adds support for client authentication using OpenID Connect (MONGODB-OIDC), and for the Queryable Encryption Range Protocol. The driver now supports MongoDB 8.0. Additionally, IndexView has been extended to include methods for dropping indexes by key (i.e. DropOneWithKey and DropWithKey).

[!NOTE]

This is the last planned minor release in the 1.x series. Future driver versions will be in the 2.x series. The v1.17.x will still receive security and bug fixes for a year.

Queryable Encryption Range Protocol

Added range protocol support for Queryable Encryption.

MONGODB-OIDC

Added support OpenID Connect (OIDC) authentication for workload identities. A workload identity is an identity you assign to a software workload, such as an application, service, script, or container, to authenticate and access other services and resources.

See the documentation for more details.

For a full list of tickets included in this release, please see the links below:

... (truncated)

Commits
  • 070817d BUMP v1.17.1
  • b45e5d9 GODRIVER-3156 Detect and discard closed idle connections. (#1815) [release/1....
  • b473d1b GODRIVER-3313 [release/1.17] Skip CSOT spec tests on Windows and macOS. (#1838)
  • c0afeee GODRIVER-3358 [release/1.17] Do not override authSource from TXT record (#1840)
  • bd39092 GODRIVER-2589 [release/1.17] Clarify *Cursor.All() behavior in comment. (#1...
  • b7e6686 DEVPROD-10453 Use assume_role for s3 uploads [release/1.17] (#1824) (#1837)
  • 3911a1b update repo metadata
  • 5484657 BUMP v1.17.0
  • be25b9a GODRIVER-3302 Handle malformatted message length properly. (#1758)
  • 4757f44 GODRIVER-3312 Use remaining test secrets from the vault [v1] (#1811)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Oct 07 '24 08:10 dependabot[bot]

New Coverage 55.0% of statements
Patch Coverage 0.0% of changed statements (0/0)

Coverage provided by https://github.com/seriousben/go-patch-cover-action

github-actions[bot] avatar Oct 07 '24 09:10 github-actions[bot]

@dependabot rebase

cheggaaa avatar Jul 16 '25 08:07 cheggaaa

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgo.mongodb.org/​mongo-driver@​v1.16.1 ⏵ v1.17.476 +110010010080

View full report

socket-security[bot] avatar Jul 16 '25 08:07 socket-security[bot]

@dependabot rebase

cheggaaa avatar Jul 16 '25 10:07 cheggaaa