fix(NODE-5200): relax SRV record validation to account for a dot suffix #3640
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
durran
approved these changes
Apr 14, 2023
durran
added
the
Primary Review
ksibisamir
added a commit
to SaTT-Wallet/Backend
that referenced
this pull request
Jun 9, 2023
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to upgrade mongodb from
4.14.0 to 4.16.0.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **2 versions** ahead of your current
version.
- The recommended version was released **2 months ago**, on 2023-04-18.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>mongodb</b></summary>
<ul>
<li>
<b>4.16.0</b> - <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v4.16.0">2023-04-18</a></br><p>The
MongoDB Node.js team is pleased to announce version 4.16.0 of the
<code>mongodb</code> package!</p>
<h3>Features</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5159">NODE-5159</a>:</strong>
add FaaS env information to client metadata (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3639"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3639/hovercard">#3639</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e0b20f1ba4c0d8826077703a3cd77936b9be7dfd">e0b20f1</a>)</li>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5199">NODE-5199</a>:</strong>
add alternative runtime detection to client metadata (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3647"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3647/hovercard">#3647</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/fba16adb52f2ef37e87ea64bd6163711d0f09b84">fba16ad</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5161">NODE-5161</a>:</strong>
metadata duplication in handshake (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3628"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3628/hovercard">#3628</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/b79014286c714291a1d16f12c6397e545411da0f">b790142</a>)</li>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5200">NODE-5200</a>:</strong>
relax SRV record validation to account for a dot suffix (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3640"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3640/hovercard">#3640</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/4272c43aed8790edcc38c69004e227c97117076a">4272c43</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a href="https://docs.mongodb.com/drivers/node/4.16/"
rel="nofollow">Reference</a></li>
<li><a href="https://mongodb.github.io/node-mongodb-native/4.16/"
rel="nofollow">API</a></li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/v4.16.0/HISTORY.md">Changelog</a></li>
</ul>
<p>We invite you to try the <code>mongodb</code> library immediately,
and report any issues to the <a
href="https://jira.mongodb.org/projects/NODE" rel="nofollow">NODE
project</a>.</p>
</li>
<li>
<b>4.15.0</b> - <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v4.15.0">2023-04-04</a></br><p>The
MongoDB Node.js team is pleased to announce version 4.15.0 of the
mongodb package!</p>
<h3>Features</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5054">NODE-5054</a>:</strong>
add AssumeRoleWithWebIdentity support to 4x driver (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3566"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3566/hovercard">#3566</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/8a8c386a8dc9263aa68826a8705c7800752a7153">8a8c386</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5097">NODE-5097</a>:</strong>
set timeout on write and reset on message (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3590"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3590/hovercard">#3590</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/2d3576bf154843f0b8f63710c530d07cdc7a2ea6">2d3576b</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/"
rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li>
<li>API: <a href="https://mongodb.github.io/node-mongodb-native/4.15/"
rel="nofollow">https://mongodb.github.io/node-mongodb-native/4.15/</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/v4.15.0/HISTORY.md">HISTORY.md</a></li>
</ul>
<p>We invite you to try the mongodb library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
<li>
<b>4.14.0</b> - <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v4.14.0">2023-02-07</a></br><p>The
MongoDB Node.js team is pleased to announce version 4.14.0 of the
mongodb package!</p>
<h3>Deprecations</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4992">NODE-4992</a>:</strong>
Deprecate methods and options that reference legacy logger (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3532"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3532/hovercard">#3532</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/6c94b4a826f51796a23d26f0d1976e5dfcd88d88">6c94b4a</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-4999">NODE-4999</a>:</strong>
Write Concern 0 Must Not Affect Read Operations (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3541"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3541/hovercard">#3541</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/ddfc2b9bc0475b3d18db355ed73cebfccaf6b874">ddfc2b9</a>)</li>
<li><strong><a class="issue-link js-issue-link notranslate"
rel="noopener noreferrer nofollow"
href="https://jira.mongodb.org/browse/NODE-5026">NODE-5026</a>:</strong>
revert "ensure that MessageStream is destroyed when connections are
destroyed" (<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/3551"
data-hovercard-type="pull_request"
data-hovercard-url="/mongodb/node-mongodb-native/pull/3551/hovercard">#3551</a>)
(<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/c4da623b1b30439521ce59e4d9db810ea7d213e2">c4da623</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/"
rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li>
<li>API: <a href="https://mongodb.github.io/node-mongodb-native/4.14/"
rel="nofollow">https://mongodb.github.io/node-mongodb-native/4.14/</a></li>
<li>Changelog: <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/v4.14.0/HISTORY.md">HISTORY.md</a></li>
</ul>
<p>We invite you to try the mongodb library immediately, and report any
issues to the <a href="https://jira.mongodb.org/projects/NODE"
rel="nofollow">NODE project</a>.</p>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases">mongodb
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>mongodb</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/134d32ffe0b37977d71508a2f4484ba60139c9fc">134d32f</a>
chore(release): 4.16.0</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/fba16adb52f2ef37e87ea64bd6163711d0f09b84">fba16ad</a>
feat(NODE-5199): add alternative runtime detection to client metadata
(#3647)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e0b20f1ba4c0d8826077703a3cd77936b9be7dfd">e0b20f1</a>
feat(NODE-5159): add FaaS env information to client metadata
(#3639)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/4272c43aed8790edcc38c69004e227c97117076a">4272c43</a>
fix(NODE-5200): relax SRV record validation to account for a dot suffix
(#3640)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/c11e2cf1ad6c6afc5aedc1105da82b7e01e3cb16">c11e2cf</a>
test(NODE-5181): update fle2 v2 spec tests (#3630)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/b79014286c714291a1d16f12c6397e545411da0f">b790142</a>
fix(NODE-5161): metadata duplication in handshake (#3628)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/49fa63860c1f949eb65f60abbf323534961b3552">49fa638</a>
chore(release): 4.15.0</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/00a8cff7e6bba07308f204e5bb4b196a4ef23040">00a8cff</a>
chore: update BSON to v4.7.2 (#3614)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/d6821bf72df551eb9b670bd7c817506408809c75">d6821bf</a>
test(NODE-5149): fix broken range index test (#3617)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/79d774e5d396faf52a919053674afa0cb5c50bfa">79d774e</a>
ci(NODE-5090): download node to local directory (#3591)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/2d3576bf154843f0b8f63710c530d07cdc7a2ea6">2d3576b</a>
fix(NODE-5097): set timeout on write and reset on message (#3590)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/33208b7b8c39570829306012ebbf065e3831a881">33208b7</a>
test(NODE-5093): fix fle2 collection names in legacy fle2 tests</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/8a8c386a8dc9263aa68826a8705c7800752a7153">8a8c386</a>
feat(NODE-5054): add AssumeRoleWithWebIdentity support to 4x driver
(#3566)</li>
<li><a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/ed5182a32f063fa6bee230f7f1649d944d200d09">ed5182a</a>
test(NODE-5043): assert MongoClients are garbage collectable
(#3561)</li>
</ul>
<a
href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/compare/908b3b6b7aad13a411439624431382aeca8ab6cd...134d32ffe0b37977d71508a2f4484ba60139c9fc">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2MjI3YTQxYy1lZGRjLTRlMjUtOTk0Ni1hYjg0ZTc3NWM5ZmEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjYyMjdhNDFjLWVkZGMtNGUyNS05OTQ2LWFiODRlNzc1YzlmYSJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00/settings/integration?pkg=mongodb&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"6227a41c-eddc-4e25-9946-ab84e775c9fa","prPublicId":"6227a41c-eddc-4e25-9946-ab84e775c9fa","dependencies":[{"name":"mongodb","from":"4.14.0","to":"4.16.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"b89486be-ad07-4d6c-a51a-2fa8a25baa00","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2023-04-18T17:51:24.112Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
What is changing?
Is there new documentation needed for these changes?
What is the motivation for this change?
Double check the following
npm run check:lintscripttype(NODE-xxxx)[!]: descriptionfeat(NODE-1234)!: rewriting everything in coffeescript