This repository has been archived by the owner on Jun 4, 2024. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade bson from 6.3.0 to 6.7.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 4 versions ahead of your current version.
The recommended version was released on 24 days ago.
Release notes
Package name: bson
6.7.0 (2024-05-01)
The MongoDB Node.js team is pleased to announce version 6.7.0 of the
bson
package!Release Notes
Add
Long.fromStringStrict
methodThe
Long.fromStringStrict
method is almost identical to theLong.fromString
method, except it throws aBSONError
if any of the following are true:Unlike
Long.fromString
, this method does not coerce the inputs'+/-Infinity'
and'NaN'
toLong.ZERO
, in any case.Examples:
Long.fromString('1234xxx5'); // coerces input and returns new Long(123400)
// when writing in radix 10, 'n' and 'a' are both invalid characters
Long.fromStringStrict('NaN'); // throws BSONError
Long.fromString('NaN'); // coerces input and returns Long.ZERO
Note
Long.fromStringStrict
's functionality will be present inLong.fromString
in the V7 BSON release.Add static
Double.fromString
methodThis method attempts to create an
Double
type from a string, and will throw aBSONError
on any string input that is not representable as aIEEE-754 64-bit double
.Notably, this method will also throw on the following string formats:
'Infinity'
,'-Infinity'
, and'NaN'
input strings are still allowed)Strings with leading zeros, however, are also allowed.
Add static
Int32.fromString
methodThis method attempts to create an
Int32
type from string, and will throw aBSONError
on any string input that is not representable as anInt32
.Notably, this method will also throw on the following string formats:
Strings with leading zeros, however, are allowed
UTF-8 validation now throws a
BSONError
on overlong encodings in Node.jsSpecifically, this affects
deserialize
when utf8 validation is enabled, which is the default.An overlong encoding is when the number of bytes in an encoding is inflated by padding the code point with leading 0s (see here for more information).
Long.fromString
takes radix into account before coercing '+/-Infinity' and 'NaN' toLong.ZERO
Long.fromString
no longer coerces the following cases toLong.ZERO
when the provided radix supports all characters in the string:'+Infinity'
,'-Infinity'
, or'Infinity'
when 35 <= radix <= 36'NaN'
when 24 <= radix <= 36Features
Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.6.6.0 (2024-04-01)
The MongoDB Node.js team is pleased to announce version 6.6.0 of the
bson
package!Release Notes
Binary.toString
andBinary.toJSON
align with BSON serializationWhen BSON serializes a Binary instance it uses the bytes between
0
andbinary.position
since Binary supports pre-allocating empty space and writing segments of data using.put()
/.write()
. Erroneously, thetoString()
andtoJSON()
methods did not use theposition
property to limit how much of the underlying buffer to transform into the final value, potentially returning more string than relates to the actual data of the Binary instance.In general, you may not encounter this bug if
Binary
instances are created from a data source (new Binary(someBuffer)
) or are returned by the database because in both of these casesbinary.position
is equal to the length of the underlying buffer.Fixed example creating an empty Binary:
Experimental APIs
This release contains experimental APIs that are not suitable for production use. As a reminder, anything marked
@ experimental
is not a part of the stable semantically versioned API and is subject to change in any subsequent release.Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.6.5.0 (2024-03-12)
The MongoDB Node.js team is pleased to announce version 6.5.0 of the
bson
package!Release Notes
Fixed float byte-wise handling on big-endian systems
Caution
Among the platforms BSON and the MongoDB driver support this issue impacts s390x big-endian systems. x86, ARM, and other little-endian systems are not affected. Existing versions of the driver can be upgraded to this release.
A recent change to the BSON library started parsing and serializing floats using a
Float64Array
. When reading the bytes from this array the ordering is dependent on the platform it is running on and we now properly account for that ordering.Add
SUBTYPE_SENSITIVE
onBinary
classWhen a BSON.Binary object is of 'sensitive' subtype, the object's subtype will equal
0x08
.Features
Bug Fixes
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.6.4.0 (2024-02-29)
The MongoDB Node.js team is pleased to announce version 6.4.0 of the
bson
package!Release Notes
BSON short basic latin string writing performance improved!
The BSON library's string encoding logic now attempts to optimize for basic latin (ASCII) characters. This will apply to both BSON keys and BSON values that are or contain strings. If strings are less than 6 bytes we observed approximately 100% increase in speed while around 24 bytes the performance was about 33% better. For any non-basic latin bytes or at 25 bytes or greater the BSON library will continue to use Node.js' Buffer.toString API.
The intent is to generally target the serialization of BSON keys which are often short and only use basic latin.
Fixed objectId symbol property not defined on instances from cross cjs and mjs
We do recommend that users of the driver use the BSON APIs exported from the driver. One reason for this is at this time the driver is only shipped in commonjs format and as a result it will only import the commonjs BSON bundle. If in your application you use import syntax then there will be a commonjs and an es module instance in the current process which prevents things like
instanceof
from working.Also, private symbols defined in one package will not be equal to symbols defined in the other. This caused an issue on ObjectId's private symbol property preventing the
.equals
method from one package from operating on an ObjectId created from another.Thanks to @ dot-i's contribution we've changed the private symbol to a private string property so that the
.equals()
method works across module types.Deserialization performance increased
If BSON data does not contain Doubles and UTF8 validation is disabled the deserializer is careful to not allocate data structures needed to support that functionality. This has shown to greatly increase (2x-1.3x) the performance of the deserializer.
Thank you @ billouboq for this contribution!
Improve the performance of small byte copies
When serializing ObjectIds, Decimal128, and UUID values we can get better performance by writing the byte-copying logic in Javascript for loops rather than using the TypedArray.set API. ObjectId serialization performance is 1.5x-2x faster.
Improved the performance of serializing and deserializing doubles and bigints
We now use bit shifting and multiplication operators in place of DataView getX/setX calls to parse and serialize bigints and a Float64Array to convert a double to bytes. This change has been shown to increase deserializing performance ~1.3x and serializing performance ~1.75x.
Use allocUnsafe for ObjectIds and Decimal128
For small allocations Node.js performance can be improved by using pre-allocated pooled memory. ObjectIds and Decimal128 instance will now use allocUnsafe on Node.js.
Features
Bug Fixes
Performance Improvements
Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.6.3.0 (2024-01-31)
The MongoDB Node.js team is pleased to announce version 6.3.0 of the
bson
package!Release Notes
BSON short basic latin string parsing performance improved! 🐎
The BSON library's string decoding logic now attempts to optimize for basic latin (ASCII) characters. This will apply to both BSON keys and BSON values that are or contain strings. If strings are less than 6 bytes we observed approximately ~100% increase in speed while around 15 bytes the performance was about ~30% better. For any non-basic latin bytes or at 20 bytes or greater the BSON library will continue to use Node.js'
Buffer.toString
API.The intent is to generally target the deserialization of BSON keys which are often short and only use basic latin, Et tu, _id?
Using a
number
type as input to theObjectId
constructor is deprecatedInstead, use
static createFromTime()
to set a numeric value for the newObjectId
.new ObjectId(Date.now())
// recommended
ObjectId.createFromTime(Date.now())
Features
ObjectId
constructor (#640) (44bec19)Documentation
We invite you to try the
bson
library immediately, and report any issues to the NODE project.Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: