-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
breaking change in findOne(ObjectId(id)) since 5.7.5 - not documented #8268
Comments
but
I think it was a bad behavior before |
@sibelius I agree. But it still a breaking change if you have to change the code. |
@tomgrossman sorry for the inconvenience - this backwards breaking change was definitely unintentional. We just weren't aware the MongoDB driver supported this: https://github.com/mongodb/node-mongodb-native/blob/0f399b5c355bdfe8d5c237854953e405b536cb8b/lib/collection.js#L325-L327 . @sibelius no real reason why |
Do you want to request a feature or report a bug?
bug
What is the current behavior?
using the following snippet:
When using
mongoose 5.7.4
it works fine and returns the inserted user.When using
mongoose 5.7.5
it returns null.This is due the a BSON vulnerability fix done in
#8222
f3eca5b
What is the expected behavior?
If it's a vulnerability, it must be fixed. But if it's a breaking change, it needs to be documented in the release notes and probably change the version to major.
What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version.
Node.js - 10
Mongoose: 5.7.4, 5.7.5, 5.7.6
MongoDB - 4.0
The text was updated successfully, but these errors were encountered: