Update mongoose 8.5.2 → 8.6.1 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ mongoose (8.5.2 → 8.6.1) · Repo · Changelog

Release Notes

8.6.1

8.6.1 / 2024-09-03

• fix(document): avoid unnecessary clone() in applyGetters() that was preventing getters from running on 3-level deep subdocuments #14844 #14840 #14835
• fix(model): throw error if bulkSave() did not insert or update any documents #14837 #14763
• fix(cursor): throw error in ChangeStream constructor if changeStreamThunk() throws a sync error #14846
• types(query): add $expr to RootQuerySelector #14845
• docs: update populate.md to fix missing match: { } #14847 makhoulshbeeb

8.6.0

8.6.0 / 2024-08-28

• feat: upgrade mongodb -> 6.8.0, handle throwing error on closed cursor in Mongoose with MongooseError instead of MongoCursorExhaustedError #14813
• feat(model+query): support options parameter for distinct() #14772 #8006
• feat(QueryCursor): add getDriverCursor() function that returns the raw driver cursor #14745
• types: change query selector to disallow unknown top-level keys by default #14764 alex-statsig
• types: make toObject() and toJSON() not generic by default to avoid type widening #14819 #12883
• types: avoid automatically inferring lean result type when assigning to explicitly typed variable #14734

8.5.4

8.5.4 / 2024-08-23

• fix: add empty string check for collection name passed #14806 Shubham2552
• docs(model): add 'throw' as valid strict value for bulkWrite() and add some more clarification on throwOnValidationError #14809

8.5.3

8.5.3 / 2024-08-13

• fix(document): call required functions on subdocuments underneath nested paths with correct context #14801 #14788
• fix(populate): avoid throwing error when no result and lean() set #14799 #14794 #14759 MohOraby
• fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility #14774 #14771 #14623 #14394
• types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & #14800 #14793
• types: support schema type inference based on schema options timestamps as well #14773 #13215 ark23CIS
• types(cursor): indicate that cursor.next() can return null #14798 #14787
• types: allow mongoose.connection.db to be undefined #14797 #14789
• docs: add schema type widening advice #14790 JstnMcBrd

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @​mongodb-js/saslprep (indirect, 1.1.8 → 1.1.9) · Repo · Changelog

↗️ mongodb (indirect, 6.7.0 → 6.8.0) · Repo · Changelog

Release Notes

6.8.0

6.8.0 (2024-06-27)

The MongoDB Node.js team is pleased to announce version 6.8.0 of the mongodb package!

Release Notes

Add ReadConcernMajorityNotAvailableYet to retryable errors

ReadConcernMajorityNotAvailableYet (error code 134) is now a retryable read error.

ClientEncryption.createDataKey() and other helpers now support named KMS providers

KMS providers can now be associated with a name and multiple keys can be provided per-KMS provider. The following example configures a ClientEncryption object with multiple AWS keys:

const clientEncryption = new ClientEncryption(keyVaultClient, {
  'aws:key1': {
    accessKeyId: ...,
    secretAccessKey: ...
  },
  'aws:key2': {
    accessKeyId: ...,
    secretAccessKey: ...
  },
clientEncryption.createDataKey('aws:key-1', { ... });

Named KMS providers are supported for azure, AWS, KMIP, local and gcp KMS providers. Named KMS providers cannot be used if the application is using the automatic KMS provider refresh capability.

This feature requires mongodb-client-encryption>=6.0.1.

KMIP data keys now support a delegated option

When creating a KMIP data key, delegated can now be specified. If true, the KMIP provider will perform encryption / decryption of the data key locally, ensuring that the encryption key never leaves the KMIP server.

clientEncryption.createDataKey('kmip', { masterKey: { delegated: true } } );

This feature requires mongodb-client-encryption>=6.0.1.

Cursor responses are now parsed lazily 🦥

MongoDB cursors (find, aggregate, etc.) operate on batches of documents equal to batchSize. Each time the driver runs out of documents for the current batch it gets more (getMore) and returns each document one at a time through APIs like cursor.next() or for await (const doc of cursor).

Prior to this change, the Node.js driver was designed in such a way that the entire BSON response was decoded after it was received. Parsing BSON, just like parsing JSON, is a synchronous blocking operation. This means that throughout a cursor's lifetime invocations of .next() that need to fetch a new batch hold up on parsing batchSize (default 1000) documents before returning to the user.

In an effort to provide more responsiveness, the driver now decodes BSON "on demand". By operating on the layers of data returned by the server, the driver now receives a batch, and only obtains metadata like size, and if there are more documents to iterate after this batch. After that, each document is parsed out of the BSON as the cursor is iterated.

A perfect example of where this comes in handy is our beloved mongosh! 💚

test> db.test.find()
[
	{ _id: ObjectId('665f7fc5c9d5d52227434c65'), ... },
  ...
]
Type "it" for more

That Type "it" for more message would now print after parsing only the documents displayed rather than after the entire batch is parsed.

Add Signature to Github Releases

The Github release for the mongodb package now contains a detached signature file for the NPM package (named
mongodb-X.Y.Z.tgz.sig), on every major and patch release to 6.x and 5.x. To verify the signature, follow the instructions in the 'Release Integrity' section of the README.md file.

The LocalKMSProviderConfiguration's key property accepts Binary

A local KMS provider at runtime accepted a BSON Binary instance but the Typescript inaccurately only permitted Buffer and string.

Clarified cursor state properties

The cursor has a few properties that represent the current state from the perspective of the driver and server. This PR corrects an issue that never made it to a release but we would like to take the opportunity to re-highlight what each of these properties mean.

• cursor.closed - cursor.close() has been called, and there are no more documents stored in the cursor.
• cursor.killed - cursor.close() was called while the cursor still had a non-zero id, and the driver sent a killCursors command to free server-side resources
• cursor.id == null - The cursor has yet to send it's first command (ex. find, aggregate)
• cursor.id.isZero() - The server sent the driver a cursor id of 0 indicating a cursor no longer exists on the server side because all data has been returned to the driver.
• cursor.bufferedCount() - The amount of documents stored locally in the cursor.

Features

• NODE-5718: add ReadConcernMajorityNotAvailableYet to retryable errors (#4154) (4f32dec)
• NODE-5801: allow multiple providers providers per type (#4137) (4d209ce)
• NODE-5853: support delegated KMIP data key option (#4129) (aa429f8)
• NODE-6136: parse cursor responses on demand (#4112) (3ed6a2a)
• NODE-6157: add signature to github releases (#4119) (f38c5fe)

Bug Fixes

• NODE-5801: use more specific key typing for multiple KMS provider support (#4146) (465ffd9)
• NODE-6085: add TS support for KMIP data key options (#4128) (f790cc1)
• NODE-6241: allow Binary as local KMS provider key (#4160) (fb724eb)
• NODE-6242: close becomes true after calling close when documents still remain (#4161) (e3d70c3)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 28 commits:

• chore(main): release 6.8.0 [skip-ci] (#4125)
• chore(NODE-6243): move Node release tooling to drivers-github-tools (#4159)
• fix(NODE-6242): close becomes true after calling close when documents still remain (#4161)
• fix(NODE-6241): allow `Binary` as local KMS provider key (#4160)
• feat(NODE-5718): add ReadConcernMajorityNotAvailableYet to retryable errors (#4154)
• chore(NODE-6118): generate authorized publisher report and compliance report (#4156)
• chore(NODE-5974): sync CSOT tests (#4153)
• chore(NODE-6199): Update test/lambda/mongodb dependencies (#4145)
• test(NODE-6202): use single mongos in unacknowledged write tests (#4149)
• refactor: move CountDocument logic into collection API (#4148)
• refactor(NODE-6174): use client.s.options in session (#4134)
• fix(NODE-5801): use more specific key typing for multiple KMS provider support (#4146)
• feat(NODE-6136): parse cursor responses on demand (#4112)
• ci(NODE-6203): fix atlas connectivity tests (#4142)
• chore(NODE-6212): generate sarif reports in releases and upload sbom lite to s3 [skip-ci] (#4143)
• docs: generate docs from latest main [skip-ci] (#4009)
• feat(NODE-5801): allow multiple providers providers per type (#4137)
• docs: update legacy drivers section and fix drop down (#4130)
• docs(NODE-6193): add releasing documentation (#4136)
• refactor: replace symbol properties in cursor classes (#4133)
• refactor(NODE-6201): cursor to use fetchBatch when current batch is empty (#4093)
• feat(NODE-5853): support delegated KMIP data key option (#4129)
• chore: use new mongodb-client-encryption and update filter to support versions (#4132)
• fix(NODE-6085): add TS support for KMIP data key options (#4128)
• chore: refactor test filters to typescript (#4054)
• docs: remove 6.8+ documentation from 6.7 API docs (#4127)
• docs: generate 6.7 api docs (#4126)
• feat(NODE-6157): add signature to github releases (#4119)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)