Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mongodb from 5.5.0 to 5.9.2 #417

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

j-mendez
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade mongodb from 5.5.0 to 5.9.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 9 versions ahead of your current version.

  • The recommended version was released on 6 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Information Exposure
SNYK-JS-MONGODB-5871303
424 No Known Exploit
Release notes
Package name: mongodb
  • 5.9.2 - 2023-12-05

    5.9.2 (2023-11-16)

    The MongoDB Node.js team is pleased to announce version 5.9.2 of the mongodb package!

    Release Notes

    Fix connection leak when serverApi is enabled

    When enabling serverApi the driver's RTT mesurment logic (used to determine the closest node) still sent the legacy hello command "isMaster" causing the server to return an error. Unfortunately, the error handling logic did not correctly destroy the socket which would cause a leak.

    Both sending the correct hello command and the error handling connection clean up logic are fixed in this change.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.9.1 - 2023-10-20

    5.9.1 (2023-10-18)

    The MongoDB Node.js team is pleased to announce version 5.9.1 of the mongodb package!

    Release Notes

    insertedIds in bulk write now contain only successful insertions

    Prior to this fix, the bulk write error's result.insertedIds property contained the _id of each attempted insert in a bulk operation.

    Now, when a bulkwrite() or an insertMany() operation rejects one or more inserts, throwing an error, the error's result.insertedIds property will only contain the _id fields of successfully inserted documents.

    Fixed edge case leak in findOne()

    When running a findOne against a time series collection, the driver left the implicit session for the cursor un-ended due to the way the server returns the resulting cursor information. Now the cursor will always be cleaned up regardless of the outcome of the find operation.

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 5.9.0 - 2023-09-14
  • 5.8.1 - 2023-08-23
  • 5.8.0 - 2023-08-21
  • 5.7.0 - 2023-07-06
  • 5.6.0 - 2023-06-01
  • 5.6.0-dev.20230606.sha.2b83ea4 - 2023-06-06
  • 5.6.0-dev.20230603.sha.008fd6f - 2023-06-03
  • 5.5.0 - 2023-05-11
from mongodb GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade mongodb from 5.5.0 to 5.9.2.

See this package in npm:
mongodb

See this project in Snyk:
https://app.snyk.io/org/j-mendez/project/a856e7ec-3c81-4251-a6c3-1974682eed73?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants