[Snyk] Upgrade bson from 6.9.0 to 6.10.4 #533
Open
+5
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade bson from 6.9.0 to 6.10.4. See this package in npm: bson See this project in Snyk: https://app.snyk.io/org/biancode/project/ca3a6f1d-7eb7-46ca-9602-da5034e4f631?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Greet Contributors Bot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade bson from 6.9.0 to 6.10.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released 24 days ago.
Release notes
Package name: bson
-
6.10.4 - 2025-06-02
- NODE-6074: Removes top-level await in bson with separate node and browser ESM bundles (#749) (4602973)
- NODE-6735, NODE-6711: add BSON vector validation to EJSON stringification, serialization and conversion to native types (#748) (64ff6a2)
- API
- Changelog
-
6.10.3 - 2025-02-19
⚠️ Fixed potential data corruption bug when
- NODE-6764: incorrect negative bigint handling (#752) (b3212b4)
- API
- Changelog
-
6.10.2 - 2025-01-30
- NODE-6608: calculateObjectSize returns the wrong value for bigint (#742) (1fed073)
- API
- Changelog
-
6.10.1 - 2024-12-03
- NODE-6552: remove cache and use toStringTag in type helpers (#740) (3ede13e)
- NODE-6450: Lazy objectId hex string cache (#722) (7c37580)
- API
- Changelog
-
6.10.0 - 2024-11-19
-
6.9.1 - 2025-03-06
⚠️ Fixed potential data corruption bug when
- NODE-6830: incorrect negative bigint handling (#752) (#776) (b13d730)
- API
- Changelog
-
6.9.0 - 2024-10-21
from bson GitHub release notes6.10.4 (2025-06-02)
The MongoDB Node.js team is pleased to announce version 6.10.4 of the
bsonpackage!Release Notes
Top-Level Await removed from the browser BSON bundle
In versions <6.10.4, BSON uses a top-level await to asynchronously import the
cryptomodule. This change unintentionally caused headaches for users of webpack, react native, vite and other tools bundlers and tools.The top-level await has been removed from all BSON bundles. Thanks to @ lourd for this contribution.
Prevent the creation of incorrectly sized float32 vectors
This adds validation to our
BSON.serializeandEJSON.stringifymethods that will prevent creating float 32 vectors that are not a multiple of 4. Previously created vectors that do not meet this validation will still bedeserializedandparsedso they can be fixed.Additionally, the
toFloat32Array(),toInt8Array(), andtoPackedBits()methods now perform the same validation that serialize does to prevent use of incorrectly formatted Binary vector values. (For example, a packed bits vector with more than 7 bits of padding)Vectors of an incorrect length could only be made manually (directly constructing the bytes and calling
new Binary). We recommend usingtoFloat32ArrayandfromFloat32Arraywhen interacting with Vectors in MongoDB as they handle the proper creation and translation of this data type.Bug Fixes
Documentation
We invite you to try the
bsonlibrary immediately, and report any issues to the NODE project.6.10.3 (2025-02-19)
The MongoDB Node.js team is pleased to announce version 6.10.3 of the
bsonpackage!Release Notes
useBigInt64is enabledAfter refactoring to improve deserialization performance in #649, we inadvertently introduced a bug that manifested when deserializing
Longvalues with theuseBigInt64flag enabled. The bug would lead to negativeLongvalues being deserialized as unsigned integers. This issue has been resolved here.Thanks to @ rkistner for reporting this bug!
Bug Fixes
Documentation
We invite you to try the
bsonlibrary immediately, and report any issues to the NODE project.6.10.2 (2025-01-29)
The MongoDB Node.js team is pleased to announce version 6.10.2 of the
bsonpackage!Release Notes
Fix
calculateObjectSizenot accounting forBigIntvalue sizeBSON.calculateObjectSizewas missing a condition forBigIntvalues, meaning it did not account for them in the same way that it would forLongvalues. This has been corrected so thatBigintvalues contribute 8 bytes worth of size to the total count.We also added a new default condition that will catch any new values that may be returned by
typeofin the future and will throw an error rather than returning an inaccurate size.Bug Fixes
Documentation
We invite you to try the
bsonlibrary immediately, and report any issues to the NODE project.6.10.1 (2024-11-27)
The MongoDB Node.js team is pleased to announce version 6.10.1 of the
bsonpackage!Release Notes
Fix issue with the internal unbounded type cache
As an optimization, a previous performance improvement stored the type information of seen objects to avoid recalculating type information. This caused an issue in the driver under extreme load and high memory usage as the cache grew. The assumption was that garbage collection would clear it enough to sustain normal operation. The cache is now removed and other optimal type checking is used in its place.
Cache the hex string of an ObjectId lazily
When
ObjectId.cacheHexStringis set totruewe no longer convert the buffer to a hex string in the constructor, since the cache is already being filled in any call toobjectid.toHexString().Additionally, if a string is passed into the constructor we can cache this immediately as there is no performance impact and no extra memory that needs to be allocated.
This improves the performance for situations where you are parsing ObjectIds from a string (ex.
JSON) and want to avoid recalculating the hex. It also improves situations where you have ObjectIds coming from BSON and only convert some of them strings perhaps after applying some filter to eliminate some.With
cacheHexStringenabled deserializing ObjectIds from BSON shows ~80% performance improvement andtoString-ing ObjectIds that were constructed from a string convert ~40% faster!Thanks to @ SeanReece for contributing this improvement!
Bug Fixes
Performance Improvements
Documentation
We invite you to try the
bsonlibrary immediately, and report any issues to the NODE project.6.9.1 (2025-03-06)
The MongoDB Node.js team is pleased to announce version 6.9.1 of the
bsonpackage!Release Notes
useBigInt64is enabledAfter refactoring to improve deserialization performance in #649, we inadvertently introduced a bug that manifested when deserializing
Longvalues with theuseBigInt64flag enabled. The bug would lead to negativeLongvalues being deserialized as unsigned integers. This issue has been resolved here.Thanks to @ rkistner for reporting this bug!
Bug Fixes
Documentation
We invite you to try the
bsonlibrary immediately, and report any issues to the NODE project.Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: