Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency mongodb to v6 #593

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 5, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mongodb ^5.0.0 -> ^6.0.0 age adoption passing confidence

Release Notes

mongodb/node-mongodb-native (mongodb)

v6.10.0

Compare Source

Features
Bug Fixes
  • NODE-6394: data events missed while awaiting drain (#​4249) (3f9d243)
  • NODE-6418: change stream resumes infinitely after failed aggregates (#​4267) (6ecf198)
  • NODE-6436: only force majority write concern on commitTransaction retry (#​4284) (a7d1d43)

v6.9.0

Compare Source

Features
Bug Fixes
  • NODE-5720: on pre-4.4 sharded servers, the node driver uses error.writeConcern.code to determine retryability (#​4155) (b26c328)
  • NODE-6241: allow Binary as local kms provider key for auto encryption (#​4165) (d85f827)
  • NODE-6259: replace dynamically assigned length property with a static getter (#​4173) (320dde0)
  • NODE-6276: preserve top level error code MongoWriteConcernError (#​4183) (e902584)
  • NODE-6284: make sparsity and trimFactor optional (#​4189) (8622545)
  • NODE-6355: respect utf8 validation options when iterating cursors (#​4214) (8bfe187)
  • NODE-6362: cache cursor deserialization options across deserialize calls (#​4221) (833eaa4)
  • NODE-6367: enable mixed use of iteration APIs (#​4231) (08912c8)
Performance Improvements

v6.8.2

Compare Source

The MongoDB Node.js team is pleased to announce version 6.8.2 of the mongodb package!

Release Notes
Fixed mixed use of cursor.next() and cursor[Symbol.asyncIterator]

In 6.8.0, we inadvertently prevented the use of cursor.next() along with using for await syntax to iterate cursors. If your code made use of the following pattern and the call to cursor.next retrieved all your documents in the first batch, then the for-await loop would never be entered. This issue is now fixed.

const firstDoc = await cursor.next();

for await (const doc of cursor) {
    // process doc
    // ...
}
Bug Fixes
Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v6.8.1

Compare Source

v6.8.0

Compare Source

Features
Bug Fixes
  • NODE-5801: use more specific key typing for multiple KMS provider support (#​4146) (465ffd9)
  • NODE-6085: add TS support for KMIP data key options (#​4128) (f790cc1)
  • NODE-6241: allow Binary as local KMS provider key (#​4160) (fb724eb)
  • NODE-6242: close becomes true after calling close when documents still remain (#​4161) (e3d70c3)

v6.7.0

Compare Source

Features
Bug Fixes
  • NODE-6165: useBigInt64 causes compareTopologyVersion to throw (#​4109) (21b729b)

v6.6.2

Compare Source

Bug Fixes
  • NODE-6171: RTT set to zero when serverMonitoringMode=stream (#​4110) (7a7ec5b)

v6.6.1

Compare Source

Bug Fixes
  • NODE-6151: MongoClient connect does not keep Node.js running (#​4101) (7e0d9e6)

v6.6.0

Compare Source

The MongoDB Node.js team is pleased to announce version 6.6.0 of the mongodb package!

Release Notes

Aggregation pipelines can now add stages manually

When creating an aggregation pipeline cursor, a new generic method addStage() has been added in the fluid API for users to add aggregation pipeline stages in a general manner.

const documents = await users.aggregate().addStage({ $project: { name: true } }).toArray();

Thank you @​prenaissance for contributing this feature!

cause and package name included for MongoMissingDependencyErrors

MongoMissingDependencyErrors now include a cause and a dependencyName field, which can be used to programmatically determine which package is missing and why the driver failed to load it.

For example:

MongoMissingDependencyError: The iHateJavascript module does not exist
    at findOne (mongodb/main.js:7:11)
    at Object.<anonymous> (mongodb/main.js:14:1)
    ... 3 lines matching cause stack trace ...
    at Module._load (node:internal/modules/cjs/loader:1021:12) {
  dependencyName: 'iHateJavascript',
  [Symbol(errorLabels)]: Set(0) {},
  [cause]: Error: Cannot find module 'iHateJavascript'
  Require stack:
  - mongodb/main.js
      at require (node:internal/modules/helpers:179:18)
      at findOne (mongodb/main.js:5:5)
      at Object.<anonymous> (mongodb/main.js:14:1) {
    code: 'MODULE_NOT_FOUND',
    requireStack: [ 'mongodb/main.js' ]
  }
}
ServerDescription Round Trip Time (RTT) measurement changes
(1) ServerDescription.roundTripTime is now a moving average

Previously, ServerDescription.roundTripTime was calculated as a weighted average of the most recently observed heartbeat duration and the previous duration. This update changes this behaviour to average ServerDescription.roundTripTime over the last 10 observed heartbeats. This should reduce the likelihood that the selected server changes as a result of momentary spikes in server latency.

(2) Added minRoundTripTime to ServerDescription

A new minRoundTripTime property is now available on the ServerDescription class which gives the minimum RTT over the last 10 heartbeats. Note that this value will be reported as 0 when fewer than 2 samples have been observed.

type supported in SearchIndexDescription

It is now possible to specify the type of a search index when creating a search index:

const indexName = await collection.createSearchIndex({
  name: 'my-vector-search-index',
  // new! specifies that a `vectorSearch` index is created
  type: 'vectorSearch',
  definition: {
    mappings: { dynamic: false }
  }
});
Collection.findOneAndModify's UpdateFilter.$currentDate no longer throws on collections with limited schema

Example:

// collection has no schema
collection.update(
    $currentData: {
       lastModified: true
    } // no longer throws a TS error
);
TopologyDescription now properly stringifies itself to JSON

The TopologyDescription class is exposed by the driver in server selection errors and topology monitoring events to provide insight into the driver's current representation of the server's topology and to aid in debugging. However, the TopologyDescription uses Maps internally, which get serialized to {} when JSON stringified. We recommend using Node's util.inspect() helper to print topology descriptions because inspect properly handles all JS types and all types we use in the driver. However, if JSON must be used, the TopologyDescription now provides a custom toJSON() hook:

client.on('topologyDescriptionChanged', ({ newDescription }) => {
   // recommended!
	console.log('topology description changed', inspect(newDescription, { depth: Infinity, colors: true }))

    // now properly prints the entire topology description
	console.log('topology description changed', JSON.stringify(newDescription))
});
Omit readConcern and writeConcern in Collection.listSearchIndexes options argument

[!Important]
readConcern and writeConcern are no longer viable keys in the options argument passed into Collection.listSearchIndexes

This type change is a correctness fix.

Collection.listSearchIndexes is an Atlas specific method, and Atlas' search indexes do not support readConcern and writeConcern options. The types for this function now reflect this functionality.

Don't throw error when non-read operation in a transaction has a ReadPreferenceMode other than 'primary'

The following error will now only be thrown when a user provides a ReadPreferenceMode other than primary and then tries to perform a command that involves a read:

new MongoTransactionError('Read preference in a transaction must be primary');

Prior to this change, the Node Driver would incorrectly throw this error even when the operation does not perform a read.
Note: a RunCommandOperation is treated as a read operation for this error.

TopologyDescription.error type is MongoError

[!Important]
The TopologyDescription.error property type is now MongoError rather than MongoServerError.

This type change is a correctness fix.

Before this change, the following errors that were not instances of MongoServerError were already passed into TopologyDescription.error at runtime:

  • MongoNetworkError (excluding MongoNetworkRuntimeError)
  • MongoError with a MongoErrorLabel.HandshakeError label
indexExists() no longer supports the full option

The Collection.indexExists() helper supported an option, full, that modified the internals of the method. When full was set to true, the driver would always return false, regardless of whether or not the index exists.

The full option is intended to modify the return type of index enumeration APIs (Collection.indexes() and Collection.indexInformation(), but since the return type of Collection.indexExists() this option does not make sense for the Collection.indexExists() helper.

We have removed support for this option.

indexExists(), indexes() and indexInformation() support cursor options in Typescript

These APIs have supported cursor options at runtime since the 4.x version of the driver, but our Typescript has incorrectly omitted cursor options from these APIs.

Index information helpers have accurate Typescript return types

Collection.indexInformation(), Collection.indexes() and Db.indexInformation() are helpers that return index information for a given collection or database. These helpers take an option, full, that configures whether the return value contains full index descriptions or a compact summary:

collection.indexes({ full: true });   // returns an array of index descriptions
collection.indexes({ full: false });  // returns an object, mapping index names to index keys

However, the Typescript return type of these helpers was always Document. Thanks to @​prenaissance, these helpers now have accurate type information! The helpers return a new type, IndexDescriptionCompact | IndexDescriptionInfo[], which accurately reflects the return type of these helpers. The helpers also support type narrowing by providing a boolean literal as an option to the API:

collection.indexes();   // returns `IndexDescriptionCompact | IndexDescriptionInfo[]`
collection.indexes({ full: false });  // returns an `IndexDescriptionCompact`
collection.indexes({ full: true });  // returns an `IndexDescriptionInfo[]`

collection.indexInfo();   // returns `IndexDescriptionCompact | IndexDescriptionInfo[]`
collection.indexInfo({ full: false });  // returns an `IndexDescriptionCompact`
collection.indexInfo({ full: true });  // returns an `IndexDescriptionInfo[]`

db.indexInfo();   // returns `IndexDescriptionCompact | IndexDescriptionInfo[]`
db.indexInfo({ full: false });  // returns an `IndexDescriptionCompact`
db.indexInfo({ full: true });  // returns an `IndexDescriptionInfo[]`
AWS credentials with expirations no longer throw when using on-demand AWS KMS credentials

In addition to letting users provide KMS credentials manually, client-side encryption supports fetching AWS KMS credentials on-demand using the AWS SDK. However, AWS credential mechanisms that returned access keys with expiration timestamps caused the driver to throw an error.

The driver will no longer throw an error when receiving an expiration token from the AWS SDK.

ClusterTime interface signature optionality

The ClusterTime interface incorrectly reported the signature field as required, the server may omit it, so the typescript has been updated to reflect reality.

Summary

Features
  • NODE-3639: add a general stage to the aggregation pipeline builder (#​4079) (8fca1aa)
  • NODE-5678: add options parsing support for timeoutMS and defaultTimeoutMS (#​4068) (ddd1e81)
  • NODE-5762: include cause and package name for all MongoMissingDependencyErrors (#​4067) (62ea94b)
  • NODE-5825: add minRoundTripTime to ServerDescription and change roundTripTime to a moving average (#​4059) (0e3d6ea)
  • NODE-5919: support new type option in create search index helpers (#​4060) (3598c23)
  • NODE-6020: upgrade bson to ^6.5.0 (#​4035) (8ab2055)
  • NODE-6149: upgrade bson to ^6.7.0 (#​4099) (7f191cf)
Bug Fixes
  • NODE-3681: Typescript error in Collection.findOneAndModify UpdateFilter.$currentDate (#​4047) (a8670a7)
  • NODE-5530: make topology descriptions JSON stringifiable (#​4070) (3a0e011)
  • NODE-5745: ignore Read/Write Concern in Atlas Search Index Helpers (#​4042) (67d7bab)
  • NODE-5925: driver throws error when non-read operation in a transaction has a ReadPreferenceMode other than primary (#​4075) (39fc198)
  • NODE-5971: attach v to createIndexes command when version is specified (#​4043) (1879a04)
  • NODE-5999: Change TopologyDescription.error type to MongoError (#​4028) (30432e8)
  • NODE-6019: indexExists always returns false when full is set to true (#​4034) (0ebc1ac)
  • NODE-6029: update types for collection listing indexes (#​4072) (232bf3c)
  • NODE-6051: only provide expected allowed keys to libmongocrypt after fetching AWS KMS credentials (#​4057) (c604e74)
  • NODE-6066: ClusterTime.signature can be undefined (#​4069) (ce55ca9)
Performance Improvements
  • NODE-6127: move error construction into setTimeout callback (#​4094) (6abc074)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v6.5.0

Compare Source

Features
  • NODE-5968: container and Kubernetes awareness in client metadata (#​4005) (28b7040)
  • NODE-5988: Provide access to raw results doc on MongoServerError (#​4016) (c023242)
  • NODE-6008: deprecate CloseOptions interface (#​4030) (f6cd8d9)
Bug Fixes
  • NODE-5636: generate _ids using pkFactory in bulk write operations (#​4025) (fbb5059)
  • NODE-5981: read preference not applied to commands properly (#​4010) (937c9c8)
  • NODE-5985: throw Nodejs' certificate expired error when TLS fails to connect instead of CERT_HAS_EXPIRED (#​4014) (057c223)
  • NODE-5993: memory leak in the Connection class (#​4022) (69de253)
Performance Improvements

v6.4.0

Compare Source

Features
  • NODE-3449: Add serverConnectionId to Command Monitoring Spec (735f7aa)
  • NODE-3470: retry selects another mongos (#​3963) (84959ee)
  • NODE-3689: require hello command for connection handshake to use OP_MSG disallowing OP_QUERY (#​3938) (ce7df0f)
  • NODE-4686: Add log messages to CLAM (#​3955) (e3bfa30)
  • NODE-4687: Add logging to server selection (#​3946) (7f3ce0b)
  • NODE-4719: add SDAM Logging Spec (#​3940) (a3c0298)
  • NODE-4847: Add config error handling to logging (#​3970) (8f7bb59)
  • NODE-5717: make ExceededTimeLimit retryable reads error (#​3947) (106ab09)
  • NODE-5885: upgrade BSON to ^6.3.0 (#​3983) (9401d09)
  • NODE-5939: Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic (#​3991) (e0a37e5)
  • NODE-5978: upgrade BSON to ^6.4.0 (#​4007) (90f2f70)
Bug Fixes
  • NODE-5127: implement reject kmsRequest on server close (#​3964) (568e05f)
  • NODE-5609: node driver omits base64 padding in sasl-continue command (#​3975) (b7d28d3)
  • NODE-5765: change type for countDocuments (#​3932) (22cae0f)
  • NODE-5791: type error with $addToSet in bulkWrite (#​3953) (b93d405)
  • NODE-5818: Add feature flagging to server selection logging (#​3974) (55203ef)
  • NODE-5839: support for multibyte code-points in stringifyWithMaxLen (#​3979) (aed1cf0)
  • NODE-5840: heartbeat duration includes socket creation (#​3973) (a42039b)
  • NODE-5901: propagate errors to transformed stream in cursor (#​3985) (ecfc615)
  • NODE-5944: make AWS session token optional (#​4002) (f26de76)
Performance Improvements
  • NODE-5771: improve new connection (#​3948) (a4776cf)
  • NODE-5854: Conditional logger instantiation and precompute willLog perf fix (#​3984) (a63fbc2)
  • NODE-5928: consolidate signal use and abort promise wrap (#​3992) (38742c2)

v6.3.0

Compare Source

Features
Bug Fixes
  • NODE-4863: do not use RetryableWriteError for non-server errors (#​3914) (08c9fb4)
  • NODE-5709: bump mongodb-connection-string-url to 3.0.0 (#​3909) (1c3dc02)
  • NODE-5749: RTTPinger always sends legacy hello (#​3921) (ebbfb8a)

v6.2.0

Compare Source

Features
Bug Fixes
  • NODE-5496: remove client-side collection and database name check validation (#​3873) (98550c6)
  • NODE-5628: bulkWriteResult.insertedIds does not filter out _ids that are not actually inserted (#​3867) (09f2a67)
  • NODE-5706: make findOne() close implicit session to avoid memory leak (#​3897) (995d138)

v6.1.0

Compare Source

Features
Bug Fixes
  • NODE-5551: set AWS region from environment variable for STSClient (#​3831) (e9a5079)
  • NODE-5588: recursive calls to next cause memory leak (#​3841) (9a8fdb2)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • NODE-5584: adopt bson v6 and mongodb-client-encryption v6 (#​3845)
  • NODE-5484: mark MongoError for internal use and remove Node14 cause assignment logic (#​3800)
  • NODE-4788: use implementer Writable methods for GridFSBucketWriteStream (#​3808)
  • NODE-4986: remove callbacks from ClientEncryption encrypt, decrypt, and createDataKey (#​3797)
  • NODE-5490: bump kerberos compatibility to ^2.0.1 (#​3798)
  • NODE-3568: ensure includeResultsMetadata is false by default (#​3786)
  • NODE-3989: only accept true and false for boolean options (#​3791)
  • NODE-5233: prevent session from one client from being used on another (#​3790)
  • NODE-5444: emit deprecation warning for useNewUrlParser and useUnifiedTopology (#​3792)
  • NODE-5470: convert remaining FLE to TS and drop support for onKMSProvidersRefresh (#​3787)
  • NODE-5508: remove EvalOperation and EvalOptions (#​3795)
  • NODE-3920: validate options are not repeated in connection string (#​3788)
  • NODE-3924: read tls files async (#​3776)
  • NODE-5430: make AutoEncrypter and MongoClient.autoEncrypter internal (#​3789)
  • NODE-4961: remove command result from commit and abort transaction APIs (#​3784)
  • NODE-2014: return executor result from withSession and withTransaction (#​3783)
  • NODE-5409: allow socks to be installed optionally (#​3782)
  • NODE-4796: remove addUser and collection.stats APIs (#​3781)
  • NODE-4936: remove unsupported options from db.command and admin.command (#​3775)
  • NODE-5228: remove unneeded fields from ConnectionPoolCreatedEvent.options (#​3772)
  • NODE-5190: remove deprecated keep alive options (#​3771)
  • NODE-5186: remove duplicate BulkWriteResult accessors (#​3766)
  • NODE-5376: remove deprecated ssl options (#​3755)
  • NODE-5415: bump minimum Node.js version to v16.20.1 (#​3760)
Features
  • NODE-2014: return executor result from withSession and withTransaction (#​3783) (65aa288)
  • NODE-3568: ensure includeResultsMetadata is false by default (#​3786) (fee8d3e)
  • NODE-3920: validate options are not repeated in connection string (#​3788) (11631a2)
  • NODE-3924: read tls files async (#​3776) (68adaf1)
  • NODE-3989: only accept true and false for boolean options (#​3791) (e2e36cc)
  • NODE-4796: remove addUser and collection.stats APIs (#​3781) (e79ac9d)
  • NODE-4961: remove command result from commit and abort transaction APIs (#​3784) (71c5936)
  • NODE-4986: remove callbacks from ClientEncryption encrypt, decrypt, and createDataKey (#​3797) (51a573f)
  • NODE-5186: remove duplicate BulkWriteResult accessors (#​3766) (8693987)
  • NODE-5190: remove deprecated keep alive options (#​3771) (7ade907)
  • NODE-5233: prevent session from one client from being used on another (#​3790) (9268b35)
  • NODE-5376: remove deprecated ssl options (#​3755) (ee56c8e)
  • NODE-5396: add mongodb-js/saslprep as a required dependency (#​3815) (bd031fc)
  • NODE-5409: allow socks to be installed optionally (#​3782) (787bdbf)
  • NODE-5415: bump minimum Node.js version to v16.20.1 (#​3760) (de158b2)
  • NODE-5430: make AutoEncrypter and MongoClient.autoEncrypter internal (#​3789) (b16ef9e)
  • NODE-5444: emit deprecation warning for useNewUrlParser and useUnifiedTopology (#​3792) (c08060d)
  • NODE-5470: convert remaining FLE to TS and drop support for onKMSProvidersRefresh (#​3787) (844aa52)
  • NODE-5484: mark MongoError for internal use and remove Node14 cause assignment logic (#​3800) (a17b0af)
  • NODE-5490: bump kerberos compatibility to ^2.0.1 (#​3798) (1044be1)
  • NODE-5508: remove EvalOperation and EvalOptions (#​3795) (225cb81)
  • NODE-5566: add ability to provide CRL file via tlsCRLFile (#​3834) (33c86c9)
  • NODE-5584: adopt bson v6 and mongodb-client-encryption v6 (#​3845) (7bef363)
Bug Fixes
  • NODE-4788: use implementer Writable methods for GridFSBucketWriteStream (#​3808) (7955610)
  • NODE-4936: remove unsupported options from db.command and admin.command (#​3775) (52cd649)
  • NODE-5228: remove unneeded fields from ConnectionPoolCreatedEvent.options (#​3772) (7a91714)
  • NODE-5412: drop aws sdk version to match node18 runtime (#​3809) (1e96e49)
  • NODE-5548: ensure that tlsCertificateKeyFile maps to cert and key (#​3819) (a0955bd)
  • NODE-5592: withTransaction return type (#​3846) (05d2725)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions github-actions bot added the fix label Jun 5, 2024
Copy link

github-actions bot commented Jun 5, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@mongodb-js/saslprep 1.1.9 UnknownUnknown
npm/@types/node 20.10.7 🟢 7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@types/whatwg-url 11.0.5 🟢 7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/bson 6.10.0 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 7Found 19/24 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1024 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases🟢 83 out of the last 3 releases have a total of 3 signed artifacts.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/mongodb 6.11.0 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
npm/mongodb-connection-string-url 3.0.1 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 4Found 11/24 approved changesets -- score normalized to 4
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
npm/tr46 4.1.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 1Found 4/22 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/undici-types 5.26.5 🟢 8.1
Details
CheckScoreReason
Binary-Artifacts🟢 8binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1025 out of 25 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 8Found 23/28 approved changesets -- score normalized to 8
Contributors🟢 10project has 81 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/whatwg-url 13.0.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/23 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/mongodb ^6.0.0 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0

Scanned Files

  • package-lock.json
  • package.json

Copy link

netlify bot commented Jun 5, 2024

Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name Link
🔨 Latest commit 86d739e
🔍 Latest deploy log https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/674ca6dca880be0008c5f505

Copy link

codecov bot commented Jun 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.11%. Comparing base (0cddb71) to head (86d739e).

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #593   +/-   ##
=======================================
  Coverage   63.11%   63.11%           
=======================================
  Files          47       47           
  Lines        1681     1681           
=======================================
  Hits         1061     1061           
  Misses        620      620           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 7 times, most recently from fdf99fe to 68f985d Compare June 13, 2024 17:05
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 14 times, most recently from f0f38db to 45f7ca2 Compare June 22, 2024 16:00
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 5 times, most recently from 35364d0 to 76eab9c Compare July 5, 2024 13:46
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 4 times, most recently from 2e455a0 to 47ca751 Compare October 25, 2024 06:49
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 11 times, most recently from 2d3aa91 to ae25d7d Compare October 31, 2024 13:35
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 8 times, most recently from dfcb54c to 1d5bee0 Compare November 14, 2024 10:19
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 3 times, most recently from 418c12f to 2423e3b Compare November 20, 2024 14:10
@renovate renovate bot force-pushed the renovate/mongodb-6.x branch 2 times, most recently from 358d9fd to 9c2dd4f Compare December 1, 2024 02:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant