Update dependency mongodb to v3.5.10 [SECURITY] - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
mongodb	3.5.9 -> 3.5.10

GitHub Vulnerability Alerts

GHSA-mh5c-679w-hh4r

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.

Recommendation

Upgrade to version 3.1.13 or later.

---

Release Notes

mongodb/node-mongodb-native (mongodb)

v3.5.10

Compare Source

The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver

NOTE: This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0

Release Highlights

TypeError: Cannot read property 'documents' of null

@​adrian-gierakowski helped us identify a bug with our ChangeStreamCursor, specifically when the cursor
was complete it would not return a valid document but instead a null value.

Command helper not respecting server selection specification rules

The server selection specification indicates that the "runCommand" helper should act
as a read operation for the purposes of server selection, and that it should use a default read
preference of "primary" which can only be overridden by the helper itself. The driver had a bug
where it would inherit the read preference from its "parent" type (Collection, Db, MongoClient)
which is at odds with the specified behavior.

mongodb+srv invalid IPv6 support

Due to a bug in how we referred to ipv6 addresses internal to the driver, if a mongodb+srv
connection string was provided with an ipv6 address the driver would never be able to connect
and would result in a the following error RangeError: Maximum call stack size exceeded.

maxStalenessSeconds not accepted when provided via options

There was a bug in our connection string and MongoClient options parsing where a value provided
for maxStalenessSeconds would not end up being reflected in the ReadPreference used internal
to the driver.

Sessions are prohibited with unacknowledged writes

MongoDB can provide no guarantees around unacknowledged writes when used within a session. The
driver will now silently remove the lsid field from all writes issued with { w: 0 }, and
will return an error in these situations in the upcoming 4.0 major release.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/
API: http://mongodb.github.io/node-mongodb-native/3.5/api/
Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

Bug

• [NODE-2626] - initialising change stream results in: TypeError: Cannot read property &#​39;documents&#​39; of null
• [NODE-2649] - Driver 3.5.x with useUnifiedTopology sends admin commands to secondary
• [NODE-2671] - ipv6 is not supported when using dns service discovering
• [NODE-2678] - ReadPreference.fromOptions doesn&#​39;t pull "maxStalenessSeconds" from options

Improvement

• [NODE-1341] - Prohibit using unacknowledged writes with explicit sessions

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.