Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump bson from 4.6.5 to 6.0.0 #28

Closed

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 4, 2023

Bumps bson from 4.6.5 to 6.0.0.

Release notes

Sourced from bson's releases.

v6.0.0

6.0.0 (2023-08-24)

The MongoDB Node.js team is pleased to announce version 6.0.0 of the bson package!

Release Notes

In this major version update, we focused on removing deprecated or otherwise difficult to use APIs and fixing impactful bugs.

[!Important] The BSON_MAJOR_VERSION has been bumped to 6. Only BSON objects that have this major version can be serialized with this version of the library. Mismatched objects will throw a BSONVersionError when attempting to serialize.

[!Important] The minimum supported Node.js version is now v16.20.1. We strive to keep our minimum supported Node.js version in sync with the runtime's release cadence to keep up with the latest security updates and modern language features.

Decimal128 constructor now throws when detecting loss of precision

Prior to this release, Decimal128 would round numbers with more than 34 significant digits and lose precision. Now, on detecting loss of precision, Decimal128's constructor and Decimal128.fromString will throw a BSONError. This behaviour should have been the default as the Decimal128 class was always intended to be high-precision floating point value. As such, silently rounding is undesirable behaviour as it can potentially result in data loss.

// previous behaviour
> new Decimal128('10000000000000000000000000000000001')
new Decimal128("1.000000000000000000000000000000000E+34")
// new behaviour
> new Decimal128('10000000000000000000000000000000001')
Uncaught:
BSONError: "10000000000000000000000000000000001" is not a valid Decimal128 string - inexact rounding
at invalidErr (bson/lib/bson.cjs:1402:11)
at Decimal128.fromString (bson/lib/bson.cjs:1555:21)
at new Decimal128 (bson/lib/bson.cjs:1411:37)

Note a separate method with corrected rounding behaviour will be available in the next minor version of this library. Additionally a fix for this bug and the aforementioned new method with corrected rounding will be added in the next minor release of v5 of this library.

Strings of length 12 can no longer make an ObjectId

(From String.length): [The String length] property returns the number of code units in the string. JavaScript uses UTF-16 encoding, where each Unicode character may be encoded as one or two code units, so it's possible for the value returned by length to not match the actual number of Unicode characters in the string.

The ObjectId constructor erroneously interpreted a string with length of 12 as UTF8 bytes that could be converted to an ObjectId. This is unexpected for at least two reasons. The first is that a legacy approach (pre- Uint8Arrays) to handling binary data was to pass around "binary strings", where each character represents a single byte, this is not the same as interpreting a sting as UTF8, which has restrictions on how each byte can be formatted. The second is that a string of length 12 does not result in 12 bytes of data when converted to utf8 (ex. '🐶🐶🐶🐶🐶🐶'.length === 12, but as UTF8 bytes this is a 24-byte sequence).

Despite the bugginess of the behavior discussed above, the right string in the right context does create the proper byte sequence, so we are considering this a breaking change and removing it in this major release.

Removed ISO-8859-1 string format from Binary (a.k.a 'latin1', 'binary')

The Binary BSON type no longer accepts a string as a constructor argument nor can write() be invoked with a string argument. Both methods interpreted strings as binary sequences rather than UTF-8 or base64 which are much more common and expected formats. If there is a string representation of your data it is now expected that the logic that interprets the string format exists outside the Binary class to avoid misinterpreting data. Additionally, .value() only returns a Uint8Array/Buffer that is properly sized to the data. Internally Binary may maintain a .buffer property larger than the the actual data that will be written to BSON bytes. Use .value() to obtain only the bytes relevant to your Binary data.

new Binary(Buffer.from('ÿÿ', 'binary'));
</tr></table> 

... (truncated)

Changelog

Sourced from bson's changelog.

6.0.0 (2023-08-24)

⚠ BREAKING CHANGES

  • NODE-5504: bump bson major version (#605)
  • NODE-4770: remove 12 length string support from ObjectId constructor (#601)
  • NODE-4769: remove ISO-8859-1 string support from Binary (#602)
  • NODE-5223: remove deprecated cacheHexString (#595)
  • NODE-4787: bump minimum Node.js version to v16.20.1 (#590)

Features

  • NODE-4769: remove ISO-8859-1 string support from Binary (#602) (74f7f8a)
  • NODE-4770: remove 12 length string support from ObjectId constructor (#601) (409c592)
  • NODE-4787: bump minimum Node.js version to v16.20.1 (#590) (1dcca92)
  • NODE-5223: remove deprecated cacheHexString (#595) (76eca2b)
  • NODE-5504: bump bson major version (#605) (9615902)

Bug Fixes

  • NODE-5509: Allow undefined or null params in ObjectId.equals (#607) (e2674c6)
  • NODE-5546: decimal 128 fromString performs inexact rounding (#613) (1384cee)
  • NODE-5559: account for quotes when inspecting Code and BSONSymbol (#612) (0664840)

6.0.0-alpha.0 (2023-08-15)

⚠ BREAKING CHANGES

  • NODE-5504: bump bson major version (#605)
  • NODE-4770: remove 12 length string support from ObjectId constructor (#601)
  • NODE-4769: remove ISO-8859-1 string support from Binary (#602)
  • NODE-5223: remove deprecated cacheHexString (#595)
  • NODE-4787: bump minimum Node.js version to v16.20.1 (#590)

Features

  • NODE-4769: remove ISO-8859-1 string support from Binary (#602) (74f7f8a)
  • NODE-4770: remove 12 length string support from ObjectId constructor (#601) (409c592)
  • NODE-4787: bump minimum Node.js version to v16.20.1 (#590) (1dcca92)
  • NODE-5223: remove deprecated cacheHexString (#595) (76eca2b)
  • NODE-5504: bump bson major version (#605) (9615902)

Bug Fixes

  • NODE-5509: Allow undefined or null params in ObjectId.equals (#607) (e2674c6)

... (truncated)

Commits
  • 7b98403 chore(main): release 6.0.0 [skip-ci] (#596)
  • 1384cee fix(NODE-5546): decimal 128 fromString performs inexact rounding (#613)
  • 06f1774 chore(NODE-5580): add release alpha action (#616)
  • 0664840 fix(NODE-5559): account for quotes when inspecting Code and BSONSymbol (#612)
  • db2fc68 chore(NODE-5543): fix duplicate PR highlights (#610)
  • bcc9211 chore(release): 6.0.0-alpha.0
  • 4ec5484 docs(NODE-5525): add nodejs driver version compat table (#609)
  • 28d3652 chore(NODE-5447): update bson dependencies (#608)
  • e2674c6 fix(NODE-5509): Allow undefined or null params in ObjectId.equals (#607)
  • 9615902 feat(NODE-5504)!: bump bson major version (#605)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for bson since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [bson](https://github.com/mongodb/js-bson) from 4.6.5 to 6.0.0.
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md)
- [Commits](mongodb/js-bson@v4.6.5...v6.0.0)

---
updated-dependencies:
- dependency-name: bson
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 4, 2023
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 18, 2023

Superseded by #30.

@dependabot dependabot bot closed this Sep 18, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/develop/bson-6.0.0 branch September 18, 2023 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants