🚨 [security] Update mongodb 3.6.6 → 3.6.12 (patch) #256
+17
−10
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ mongodb (3.6.6 → 3.6.12) · Repo · Changelog
Security Advisories 🚨
🚨 MongoDB Driver may publish events containing authentication-related data
Release Notes
3.6.12
3.6.10
3.6.9
3.6.8
3.6.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 44 commits:
chore(release): 3.6.12
chore(NODE-3408): test against mongod 5.0 (#2958)
fix(NODE-3487): check for nullish aws mechanism property (#2957)
fix(NODE-3528): add support for snappy v7 (#2947)
docs(NODE-3481): deprecate unref (#2936)
chore(release): 3.6.11
fix(NODE-3199): unable to bundle driver due to uncaught require (#2903)
fix(NODE-1843): bulk operations ignoring provided sessions [PORT] (#2898)
chore(NODE-3316): add author info and update bug url in package.json (#2887)
test(NODE-3381): command monitoring redaction tests (#2873)
chore(release): 3.6.10
refactor(NODE-3324): bump max wire version to 13 (#2875)
fix(NODE-3397): report more helpful error with unsupported authMechanism in initial handshake (#2876)
test(NODE-3307): unified runner does not assert identical keys (#2867)
fix(NODE-3380): perform retryable write checks against server (#2861)
fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)
fix(NODE-3358): Command monitoring objects hold internal state references (#2858)
fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagate (#2852)
refactor(NODE-3356): Update command monitoring logging (#2853)
test(NODE-2856): ensure defaultTransactionOptions get used from session (#2845)
fix(NODE-3356): update redaction logic for command monitoring events (#2847)
test(NODE-3357): extend timeout for atlas connectivity (#2846)
test(NODE-3288): sync command-monitoring spec tests to 3.6 (#2838)
docs: change links to use https (#2836)
refactor(NODE-2752): deprecate strict option for Db.collection (#2819)
chore(release): 3.6.9
fix(NODE-3309): remove redundant iteration of bulk write result (#2815)
fix: fix url parsing for a mongodb+srv url that has commas in the database name (#2789)
chore(release): 3.6.8
fix(cmap): undo flipping of `beforeHandshake` flag for timeout errors (#2813)
chore(release): 3.6.7
fix(NODE-3192): check clusterTime is defined before access (#2806)
test(NODE-3187): port unified test runner (#2783)
fix(NODE-3252): state transistion from DISCONNECTED (#2807)
refactor(NODE-1812): Deprecate returnOriginal in favor of returnDocument (#2808)
refactor: deprecate remove, removeOne, insertMany bulk operations (#2797)
chore(NODE-3198): bump optional-require for yarn v2 pnp support (#2781)
fix(NODE-3173): Preserve sort key order for numeric string keys (#2790)
fix(sdam): topology no longer causes close event (#2791)
fix(docs): removing incorrect apm docs (#2793)
Remove callback from Collection.initializeOrderedBulkOp() (#2782)
chore(NODE-3186): ensure all aws tests are run (#2776)
fix(NODE-3176): handle errors from MessageStream (#2774)
fix: invalid case on writeconcern makes skip check fail (#2773)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands