fix(deps): update minor and patch for gatsby-source-mongodb

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb	dependencies	minor	^3.5.9 -> ^3.6.2
query-string	dependencies	patch	^6.13.1 -> ^6.13.3

---

Release Notes

mongodb/node-mongodb-native

v3.6.2

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver

Release Highlights

Updated bl dependency due to CVE-2020-8244

See this link for more details: GHSA-pp7h-53gx-mx7r

Connection pool wait queue processing is too greedy

The logic for processing the wait queue in our connection pool ran the risk of
starving the event loop. Calls to process the wait queue are now wrapped in a
setImmediate to prevent starvation

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2798] - Update version of dependency "bl" due to vulnerability
• [NODE-2803] - Connection pool wait queue processing is too greedy

v3.6.1

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.1 of the driver

Release Highlights

Kerberos

A bug in introducing the new CMAP Connection prevented some users from properly authenticating with the kerberos module.

Index options are not respected with createIndex

The logic for building the createIndex command was changed in v3.6.0 to use an allowlist rather than a blocklist, but omitted a number of index types in that list. This release reintroduces all supported index types to the allowlist.

Remove strict mode for createCollection

Since v3.6.0 createCollection will no longer returned a cached Collection instance if a collection already exists in the database, rather it will return a server error stating that the collection already exists. This is the same behavior provided by the strict option for createCollection, so that option has been removed from documentation.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2755] - "language_override" option support for text index is broken

Improvement

• [NODE-2730] - Move MongoAuthProcess into the driver source tree
• [NODE-2746] - Strict mode for `createCollection` should be removed

v3.6.0

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.0 of the driver

NOTE: This version begins our official support for MongoDB 4.4

Release Highlights

Streaming topology changes

MongoDB drivers maintain a local view of the topology they are connected to, and ensure the accuracy of that view by polling connected nodes on average every ~10s. In MongoDB 4.4, drivers are now able to receive push notifications about topology updates, effectively reducing the time for client recovery in failover scenarios to the time it takes for the server to make the election and report the outcome.

This feature is enabled by default when connecting to MongoDB 4.4, no changes are needed for user code.

Authentication

MONGODB-AWS authentication mechanism

The MONGODB-AWS authentication mechanism uses your Amazon Web Services Identity and Access Management (AWS IAM) credentials to authenticate users on MongoDB 4.4+. Please read more about this new authentication mechanism in our documentation.

Performance improvements

There were two projects to transparently improve performance of authentication in MongoDB 4.4:

• A driver can now include the first saslStart command in its initial handshake with server. This so-called "speculative authentication" allows us to reduce one roundtrip to the server for authentication a connection. This feature is only support for X.509, SCRAM-SHA-1 and SCRAM-SHA-256 (default) authentication mechanisms.

• The SCRAM conversation between driver and server can now skip one of it's empty exchanges which also serves to reduce the roundtrips during a SCRAM authentication.

OCSP stapling testing

OCSP stapling greatly improves performance when using LetsEncrypt certificates, removing the need for an external request to LetsEncrypt servers for each authentication attempt. No additional changes were required to support OCSP stapling in the driver, but extensive testing was added to verify that the feature works as expected.

Changes in behavior of Db.prototype.createCollection

The createCollection helper used to internally run a listCollections command in order to see if a collection already existed before running the command. If it determined a collection with the same name existed, it would skip running the command and return an instance of Collection. This behavior was changed in v3.6.0 to avoid potentially serious bugs, specifically that the driver was not considering options passed into createCollection as part of the collection equality check. Imagine the following scenario:

const client = new MongoClient('...');
await client.connect();
 
await client.db('foo').collection('bar').insert({ importantField: 'llamas' });
await client.db('foo').createCollection('bar', {
  validator: { $jsonSchema: {
    bsonType: 'object',
    required: ['importantField'],
    properties: { name: { bsonType: 'boolean' } }
  }
});

The createCollection call which defines a JSON schema validator would be completely bypassed because of the existence of bar, which was implicitly created in the first command. Our policy is strictly adhere to semver, but in rare cases like this where we feel there is potential for a data corrupting bug, we make breaking behavioral changes to protect the user.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.6/
API: http://mongodb.github.io/node-mongodb-native/3.6/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Epic

• [NODE-2450] - Node MongoDB 4.4 Support

New Feature

• [NODE-2434] - Reduce Client Time To Recovery On Topology Changes
• [NODE-2288] - MONGODB-AWS Support
• [NODE-2289] - Support for allowDiskUse on find operations
• [NODE-2290] - Allow passing hint to findAndModify update and replace operations
• [NODE-2291] - Improve testing around default writeConcern
• [NODE-2295] - Collection and index creation in multi-doc txns
• [NODE-2427] - OCSP Support
• [NODE-2487] - Support speculative authentication attempts in isMaster
• [NODE-2301] - Support shorter SCRAM conversation
• [NODE-2269] - Add support for validate command "background" option

Improvement

• [NODE-2175] - Avoid using readConcern snapshot in sharded transaction tests
• [NODE-2176] - Resync bson-corpus array.json to fix duplicate test names
• [NODE-2393] - Change uri_options/auth-options spec test to enable conditional tests
• [NODE-2394] - Verify max set version and max election id on topologies in SDAM spec tests
• [NODE-2422] - Validate that mongocryptd is not spawned if bypassAutoEncryption=true
• [NODE-2430] - Raise error if hint specified for unacknowledged update using OP_MSG or OP_UPDATE
• [NODE-2431] - Reduce floating point precision required of extended json implementations
• [NODE-2432] - Clarify behavior when "me" field doesn&#​39;t match any values in "hosts" array
• [NODE-2477] - Allow hinting the delete command
• [NODE-2504] - Add SDAM test for incompatible server becoming compatible
• [NODE-2506] - Ensure that the WriteConcernError "errInfo" object is propagated
• [NODE-2538] - Add RetryableWriteError error labels to retryable transaction tests
• [NODE-2546] - Deprecate geoHaystack and geoSearch
• [NODE-2559] - Reduce race conditions in SDAM error handling
• [NODE-2560] - Make &#​39;reIndex&#​39; a standalone-only command
• [NODE-2564] - Clarify how a driver must handle wrong set name in single topology
• [NODE-2569] - &#​39;CommitQuorum&#​39; option support for &#​39;createIndexes’ command on MongoDB 4.4
• [NODE-2576] - Raise error when hint option is provided on unacknowledged writes against any server version
• [NODE-2592] - Update documentation for Text Search
• [NODE-2594] - Do not add the RetryableWriteError label to errors that occur during a write within a transaction (excepting commitTransaction and abortTransaction)
• [NODE-2622] - allowDiskUse option for find should be documented as only being supported in 4.4+
• [NODE-2627] - Reduce default keepalive time to align with Azure defaults
• [NODE-2659] - Drivers should retry replSetStepDown after "Unable to acquire X lock" error
• [NODE-2661] - Define behavior of connectTimeoutMS=0 with streaming protocol
• [NODE-2675] - Test that ElectionInProgress is not resumed
• [NODE-2682] - Treat CursorNotFound as a resumable change stream error
• [NODE-2150] - Bump wire protocol version for 4.4
• [NODE-2379] - Expand use of error labels for RetryableWrites
• [NODE-2423] - Deprecate oplogReplay find command option from CRUD spec
• [NODE-2426] - Make ExceededTimeLimit retryable writes error
• [NODE-2429] - GridFS index checking should support indexes created in the shell
• [NODE-2433] - Lift restriction on authSource without credentials
• [NODE-2452] - Unify behavior around configuration for replica set discovery
• [NODE-2510] - Driver support for server Hedged Reads
• [NODE-2516] - Update comment in Transactions withTxn examples for the manual.
• [NODE-2557] - Remove replicaset from tests that perform reIndex command

Bug

• [NODE-2416] - Confusing documentation for collection.aggregate collation option
• [NODE-2502] - replaceOne example in test/examples/update_documents.js incorrect
• [NODE-2537] - createCollection helper should not run listIndexes outside of strict mode
• [NODE-2567] - Fix qs dependency for older node
• [NODE-2616] - SDAM test typo "compatible"
• [NODE-2623] - Gridfs doesn&#​39;t allow to catch exception with length that exceeds file size
• [NODE-2660] - Throw an error if bulk update documents don&#​39;t contain update operator expressions
• [NODE-2711] - Monitoring should not be immediately scheduled on streaming failure

v3.5.11

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.11 of the driver

Release Highlights

Kerberos

A bug in introducing the new CMAP Connection prevented some users from properly
authenticating with the kerberos module.

Updated bl dependency due to CVE-2020-8244

See this link for more details: GHSA-pp7h-53gx-mx7r

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2731] - CMAP Connection type does not provide host/port properties
• [NODE-2798] - Update version of dependency "bl" due to vulnerability

v3.5.10

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver

NOTE: This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0

Release Highlights

TypeError: Cannot read property 'documents' of null

@​adrian-gierakowski helped us identify a bug with our ChangeStreamCursor, specifically when the cursor
was complete it would not return a valid document but instead a null value.

Command helper not respecting server selection specification rules

The server selection specification indicates that the "runCommand" helper should act
as a read operation for the purposes of server selection, and that it should use a default read
preference of "primary" which can only be overridden by the helper itself. The driver had a bug
where it would inherit the read preference from its "parent" type (Collection, Db, MongoClient)
which is at odds with the specified behavior.

mongodb+srv invalid IPv6 support

Due to a bug in how we referred to ipv6 addresses internal to the driver, if a mongodb+srv
connection string was provided with an ipv6 address the driver would never be able to connect
and would result in a the following error RangeError: Maximum call stack size exceeded.

maxStalenessSeconds not accepted when provided via options

There was a bug in our connection string and MongoClient options parsing where a value provided
for maxStalenessSeconds would not end up being reflected in the ReadPreference used internal
to the driver.

Sessions are prohibited with unacknowledged writes

MongoDB can provide no guarantees around unacknowledged writes when used within a session. The
driver will now silently remove the lsid field from all writes issued with { w: 0 }, and
will return an error in these situations in the upcoming 4.0 major release.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2626] - initialising change stream results in: TypeError: Cannot read property &#​39;documents&#​39; of null
• [NODE-2649] - Driver 3.5.x with useUnifiedTopology sends admin commands to secondary
• [NODE-2671] - ipv6 is not supported when using dns service discovering
• [NODE-2678] - ReadPreference.fromOptions doesn&#​39;t pull "maxStalenessSeconds" from options

Improvement

• [NODE-1341] - Prohibit using unacknowledged writes with explicit sessions

sindresorhus/query-string

v6.13.3

Compare Source

• Fix the TypeScript type for the .stringifyUrl() method b15f945

v6.13.2

Compare Source

• Fix the ParsedQuery TypeScript typ 56d2923

---

Renovate configuration

📅 Schedule: "before 7am" in timezone GMT.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.