[Snyk] Upgrade bson from 6.7.0 to 6.8.0

[biancode]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade bson from 6.7.0 to 6.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released on 22 days ago.

Release notes

Package name: bson

• 6.8.0 - 2024-06-27
  

  6.8.0 (2024-06-27)

  The MongoDB Node.js team is pleased to announce version 6.8.0 of the bson package!

  Release Notes

  Add Signature to Github Releases

  The Github release for js-bson now contains a detached signature file for the NPM package (named
  bson-X.Y.Z.tgz.sig), on every major and patch release to 6.x and 5.x. To verify the signature, follow the instructions in the 'Release Integrity' section of the README.md file.

  Optimize performance of Long.fromBigInt

  Internally fromBigInt was originally implemented using toString of the bigint value. Now, Long.fromBigInt has been refactored to use bitwise operations greatly improving performance.

  Features

  • NODE-6156: add signature to github releases (#692) (f0fbe91)

  Performance Improvements

  • NODE-6126: improve Long.fromBigInt performance (#681) (63eafcb)

  Documentation

  • API
  • Changelog

  We invite you to try the bson library immediately, and report any issues to the NODE project.

• 6.7.0 - 2024-05-02
  

  6.7.0 (2024-05-01)

  The MongoDB Node.js team is pleased to announce version 6.7.0 of the bson package!

  Release Notes

  Add Long.fromStringStrict method

  The Long.fromStringStrict method is almost identical to the Long.fromString method, except it throws a BSONError if any of the following are true:

  • input string has invalid characters, for the given radix
  • the string contains whitespace
  • the value the input parameters represent is too large or too small to be a 64-bit Long

  Unlike Long.fromString, this method does not coerce the inputs '+/-Infinity' and 'NaN' to Long.ZERO, in any case.

  Examples:

  Long.fromStringStrict('1234xxx5'); // throws BSONError
  Long.fromString('1234xxx5'); // coerces input and returns new Long(123400)

  // when writing in radix 10, 'n' and 'a' are both invalid characters
  Long.fromStringStrict('NaN'); // throws BSONError
  Long.fromString('NaN'); // coerces input and returns Long.ZERO

  Note

  Long.fromStringStrict's functionality will be present in Long.fromString in the V7 BSON release.

  Add static Double.fromString method

  This method attempts to create an Double type from a string, and will throw a BSONError on any string input that is not representable as a IEEE-754 64-bit double.
  Notably, this method will also throw on the following string formats:

  • Strings in non-decimal and non-exponential formats (binary, hex, or octal digits)
  • Strings with characters other than sign, numeric, floating point, or slash characters (Note: 'Infinity', '-Infinity', and 'NaN' input strings are still allowed)
  • Strings with leading and/or trailing whitespace
    Strings with leading zeros, however, are also allowed.

  Add static Int32.fromString method

  This method attempts to create an Int32 type from string, and will throw a BSONError on any string input that is not representable as an Int32.
  Notably, this method will also throw on the following string formats:

  • Strings in non-decimal formats (exponent notation, binary, hex, or octal digits)
  • Strings with non-numeric and non-leading sign characters (ex: '2.0', '24,000')
  • Strings with leading and/or trailing whitespace

  Strings with leading zeros, however, are allowed

  UTF-8 validation now throws a BSONError on overlong encodings in Node.js

  Specifically, this affects deserialize when utf8 validation is enabled, which is the default.

  An overlong encoding is when the number of bytes in an encoding is inflated by padding the code point with leading 0s (see here for more information).

  Long.fromString takes radix into account before coercing '+/-Infinity' and 'NaN' to Long.ZERO

  Long.fromString no longer coerces the following cases to Long.ZERO when the provided radix supports all characters in the string:

  • '+Infinity', '-Infinity', or 'Infinity' when 35 <= radix <= 36
  • 'NaN' when 24 <= radix <= 36

  // when writing in radix 27, 'n' and 'a' are valid characters, so 'NaN' represents the decimal number 17060
  Long.fromString('NaN', 27); // new Long(17060)
  Long.fromString('NaN', 10); // new Long(0) <-- Since 'NaN' is not a valid input in base 10, it gets coerced to Long.ZERO

  Features

  • NODE-5648: add Long.fromStringStrict() (#675) (9d5a5df)
  • NODE-6086: add Double.fromString() method (#671) (e943cdb)
  • NODE-6087: add Int32.fromString method (#670) (5a21889)

  Bug Fixes

  • NODE-6123: utf8 validation is insufficiently strict (#676) (ae8bac7)
  • NODE-6144: Long.fromString incorrectly coerces valid inputs to Long.ZERO in special cases (#677) (208f7e8)

  Documentation

  • API
  • Changelog

  We invite you to try the bson library immediately, and report any issues to the NODE project.

from bson GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. 🎉

The amazing contributor in this pull request is @snyk-bot