Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade bson from 6.9.0 to 6.10.0 #507

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade bson from 6.9.0 to 6.10.0 #507

wants to merge 1 commit into from

Conversation

biancode
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to upgrade bson from 6.9.0 to 6.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released on 22 days ago.

Release notes
Package name: bson
  • 6.10.0 - 2024-11-19

    6.10.0 (2024-11-18)

    The MongoDB Node.js team is pleased to announce version 6.10.0 of the bson package!

    Release Notes

    BSON Binary Vector Support!

    The Binary class has new helpers to assist with using the newly minted Vector sub_type of Binary sub_type == 9 🎉! For more on how these types can be used with MongoDB take a look at How to Ingest Quantized Vectors!

    Here's a summary of the API:

    class Binary {
    toInt8Array(): Int8Array;
    toFloat32Array(): Float32Array;
    toPackedBits(): Uint8Array;

    static fromInt8Array(array: Int8Array): Binary;
    static fromFloat32Array(array: Float32Array): Binary;
    static fromPackedBits(array: Uint8Array, padding: number = 0): Binary;
    }

    Relatively self-explanatory: each one supports converting to and constructing from a native Javascript data type that corresponds to one of the three vector types: Int8, Float32, PackedBit.

    Vector Bytes Format

    When a Binary is sub_type 9 the first two bytes are set to important metadata about the vector.

    • binary.buffer[0] - The datatype that indicates what the following bytes are.
    • binary.buffer[1] - The padding amount, a value 0-7 that indicates how many bits to ignore in a PackedBit vector.

    Packed Bits 📦

    static fromPackedBits(array: Uint8Array, padding: number = 0)

    When handling packed bits, the last byte may not be entirely used. For example, a PackedBit vector = [0xFF, 0xF0] with padding = 4 ignores those last four 0s making the bit vector logically equal to 12 ones.

        F    F    F    0
[1111 1111 1111]   // ignored: the four 0s are padding

    Important

    When using the fromPackedBits method to set your padding amount to avoid inadvertently extending your bit vector.

    Unpacking Bits 🧳

    Packed bits get special treatment with two styles of conversion methods to suit your vector-y needs. toBits will return individually addressable bits shifted apart into an array. fromBits takes the same format in reverse and packs the bits into bytes.

    Notice there is no argument to set the padding. That is because it can be determined by the array's length. Recall those 12 ones from the previous example, well, the padding has to be 4 to reach a multiple of 8.

    class Binary {
  toBits(): Int8Array;
  static fromBits(bits: ArrayLike<number>): Binary;
}

    Caution

    We highly encourage using ONLY these methods to interact with vector data and avoid operating directly on the byte format. Other Binary class methods (put(), write() read(), and value()) and direct access of data in a Binary's buffer beyond the 1st index should only be used in exceptional circumstances and with extreme caution after closely consulting the BSON Vector specification.

    Details to keep in mind

    • A javascript engine's endianness is platform dependent whereas BSON is always in little-endian format so if viewing bytes as Float32s take care to re-order bytes as needed.
    • Int8 vectors are signed bytes but read() always returns unsigned bytes.
    • The vector data begins at offset 2.

    Binary's read() returns a view of Binary.buffer

    Binary's read() return type claimed it would return number[] or Uint8Array which was true in previous BSON versions that didn't always store a Uint8Array on the buffer property like Binary does today.

    read()'s length parameter did not respect the position value allowing reading bytes beyond the data that is actually stored in the Binary. This has been corrected.

    Additionally, this method returned a view in Node.js environments and a copy in Web environments. it has been fixed to always return a view.

    Features

    Bug Fixes

    Documentation

    We invite you to try the bson library immediately, and report any issues to the NODE project.

  • 6.9.0 - 2024-10-21

    6.9.0 (2024-10-15)

    The MongoDB Node.js team is pleased to announce version 6.9.0 of the bson package!

    Release Notes

    Timestamp now has t and i properties

    To make this type a bit easier to use we are surfacing the breakdown of the two internal 32 bit segments of a Timestamp value.

    const ts = new Timestamp({ i: 2, t: 1 });
ts.i // 2
ts.t // 1

    ObjectId.isValid(string) performance improvement

    Often used to validate whether a hex string is the correct length and proper format before constructing an ObjectId for querying, the isValid function will validate strings much faster than before. Many thanks to @ SeanReece for the contribution!

    Serialization performance improved.

    Optimizations have been implemented with respect to BSON serialization across the board, resulting in up to 20% gains in serialization with a sample of MFlix documents. Thanks again to @ SeanReece for the contribution!

    Features

    Performance Improvements

    Documentation

    We invite you to try the bson library immediately, and report any issues to the NODE project.

from bson GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade bson from 6.9.0 to 6.10.0
50e217d 
Snyk has created this PR to upgrade bson from 6.9.0 to 6.10.0.

See this package in npm:
bson

See this project in Snyk:
https://app.snyk.io/org/biancode/project/ca3a6f1d-7eb7-46ca-9602-da5034e4f631?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions GitHub Actions
Copy link

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. 🎉

The amazing contributor in this pull request is @snyk-bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@biancode @snyk-bot