This repository was archived by the owner on Mar 26, 2025. It is now read-only.
Update dependency mongodb to v4.17.0 [SECURITY]#149
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
September 26, 2023 14:20
1b7764f to
b9e017e
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
September 28, 2023 15:26
b9e017e to
bc6aa92
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
October 15, 2023 15:26
a6d0ff6 to
14b4f49
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
October 23, 2023 12:21
14b4f49 to
3f0559a
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
November 6, 2023 07:24
3f0559a to
5116cbf
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
November 16, 2023 11:44
5116cbf to
7d4e700
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
December 3, 2023 10:27
7d4e700 to
a566275
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
February 2, 2024 14:38
a566275 to
122cae7
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
February 25, 2024 10:31
122cae7 to
d42218f
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
March 12, 2024 10:26
d42218f to
ec70ffb
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
March 24, 2024 13:33
37e39b9 to
5bdab3b
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
April 21, 2024 08:45
1730db5 to
38a5ced
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
June 8, 2024 19:17
8e3c158 to
2a5c410
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
July 21, 2024 15:08
2a5c410 to
e9d7a03
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
August 6, 2024 06:20
e9d7a03 to
d2f2977
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
August 28, 2024 07:08
d2f2977 to
fd83451
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
October 9, 2024 09:02
fd83451 to
2b03a6d
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
December 2, 2024 11:03
2b03a6d to
72ea7a5
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
2 times, most recently
from
January 30, 2025 14:38
efb29a4 to
032eb63
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
February 9, 2025 13:53
032eb63 to
2318120
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
March 3, 2025 17:47
2318120 to
9cd0831
Compare
renovate
Bot
force-pushed
the
renovate/npm-mongodb-vulnerability
branch
from
March 17, 2025 12:31
9cd0831 to
5110a74
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.0.1->4.17.0GitHub Vulnerability Alerts
CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.
Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).
This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
Release Notes
mongodb/node-mongodb-native (mongodb)
v4.17.0Compare Source
The MongoDB Node.js team is pleased to announce version 4.17.0 of the
mongodbpackage!Release Notes
mongodb-js/saslprepis now installed by defaultUntil v6, the driver included the
saslpreppackage as an optional dependency for SCRAM-SHA-256 authentication.saslprepbreaks when bundled with webpack because it attempted to read a file relative to the package location and consequently the driver would throw errors when using SCRAM-SHA-256 if it were bundled.The driver now depends on
mongodb-js/saslprep, a fork ofsaslprepthat can be bundled with webpack because it includes the necessary saslprep data in memory upon loading. This will be installed by default but will only be used if SCRAM-SHA-256 authentication is used.Remove credential availability on
ConnectionPoolCreatedEventIn order to avoid mistakenly printing credentials the
ConnectionPoolCreatedEventwill replace the credentials option with an empty object. The credentials are still accessble via MongoClient options:client.options.credentials.Features
Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.v4.16.0Compare Source
The MongoDB Node.js team is pleased to announce version 4.16.0 of the
mongodbpackage!Features
Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.v4.15.0Compare Source
The MongoDB Node.js team is pleased to announce version 4.15.0 of the mongodb package!
Features
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
v4.14.0Compare Source
The MongoDB Node.js team is pleased to announce version 4.14.0 of the mongodb package!
Deprecations
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
v4.13.0Compare Source
Features
Bug Fixes
4.12.1 (2022-11-23)
Bug Fixes
v4.12.1Compare Source
v4.12.0Compare Source
Features
Bug Fixes
v4.11.0Compare Source
Features
Bug Fixes
v4.10.0Compare Source
Features
Bug Fixes
v4.9.1Compare Source
The MongoDB Node.js team is pleased to announce version 4.9.1 of the mongodb package!
Release Highlights
This is a bug fix release as noted below.
Bug Fixes
v4.9.0Compare Source
Features
Bug Fixes
oplogReplayoption as deprecated (#3337) (6c69b7d)4.8.1 (2022-07-26)
Bug Fixes
v4.8.1Compare Source
v4.8.0Compare Source
Features
Bug Fixes
v4.7.0Compare Source
Features
Bug Fixes
v4.6.0Compare Source
Features
Bug Fixes
v4.5.0Compare Source
Features
commentfield (#3167) (4e2f9bf)Bug Fixes
watchtype parameter to extendChangeStreamtype parameter (#3183) (43ba9fc)4.4.1 (2022-03-03)
Features
Bug Fixes
v4.4.1Compare Source
v4.4.0Compare Source
Features
Bug Fixes
4.3.1 (2022-01-18)
Bug Fixes
v4.3.1Compare Source
v4.3.0Compare Source
Features
enableUtf8Validationoption (#3074) (4f56409)Bug Fixes
GridFSBucketWriteStream.prototype.end()returnthisfor compat with @types/node@17.0.6 (#3088) (7bb9e37)4.2.2 (2021-12-13)
Bug Fixes
4.2.1 (2021-11-30)
Bug Fixes
v4.2.2Compare Source
v4.2.1Compare Source
v4.2.0Compare Source
Features
authorizedCollectionsoption to thedb.listCollectionsmethod (#3021) (e1234a7)Bug Fixes
defaultTransactionOptionswith POJO rather than ReadConcern instance (#3032) (53b3164)4.1.3 (2021-10-05)
Bug Fixes
4.1.2 (2021-09-14)
Bug Fixes
4.1.1 (2021-08-24)
Bug Fixes
v4.1.4Compare Source
Release Highlights
This release includes a couple of bug fixes as noted below:
Bug Fixes
Documentation
We invite you to try the mongodb library immediately, and report any issues to the NODE project.
v4.1.3Compare Source
v4.1.2Compare Source
v4.1.1Compare Source
v4.1.0[Compare Source](http
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.