Skip to content

[Snyk] Upgrade mongodb from 6.20.0 to 6.21.0 #2283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
madhavilosetty-intel wants to merge 1 commit into from
Closed

[Snyk] Upgrade mongodb from 6.20.0 to 6.21.0 #2283

madhavilosetty-intel wants to merge 1 commit into from

Conversation

@madhavilosetty-intel
Copy link
Contributor

@madhavilosetty-intel madhavilosetty-intel commented Jan 6, 2026

snyk-top-banner

Snyk has created this PR to upgrade mongodb from 6.20.0 to 6.21.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released 2 months ago.

Release notes
Package name: mongodb
  • 6.21.0 - 2025-11-12

    6.21.0 (2025-11-05)

    The MongoDB Node.js team is pleased to announce version 6.21.0 of the mongodb package!

    Release Notes

    Deprecated items to be removed in 7.0.0

    The following items have been deprecated and will be removed in 7.0.0:

    MongoCredentials.authMechanismProperties.AWS_SESSION_TOKEN // URI & client options for AWS variables will no longer be respected
CommandOptions.noResponse // Unused
ConnectionOptions.cancellationToken // Unused
CursorStreamOptions // Only option, transform, removed in favor of Stream#map

    Features

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 6.20.0 - 2025-09-18

    6.20.0 (2025-09-17)

    The MongoDB Node.js team is pleased to announce version 6.20.0 of the mongodb package!

    Release Notes

    Collection and Db objects now provide references to their Db and MongoClient

    import { MongoClient } from 'mongodb';

    const client = new MongoClient(process.env.MONGODB_URI);
    const db = client.db('test');
    assert(db.client === client); // returns the MongoClient associated with the Db object
    const collection = db.collection('test');
    assert(collection.db === db); // returns the Db associated with the Collection object

    Hint is supported with unacknowledged writes for delete, update and findAndModify commands on servers that support hint

    The driver no longer throws errors when hint is provided to unacknowledged writes for delete, update and findAndModify commands in the following circumstances:

    • No error is thrown for update commands.
    • No errors are thrown for delete and findAndModify commands on servers >=4.4.

    ServerCapabilities and ReadPreference.minWireVersion are deprecated

    Neither the ServerCapabilities class nor the ReadPreference.minWireVersion property were ever intended for public use and, internally, are effectively dead code with the driver's minimum supported server version being 4.2.

    Driver info and metadata MongoClient options have been deprecated.

    These will be made internal in a future major release:

    • driverInfo
    • additionalDriverInfo
    • metadata
    • extendedMetadata

    CommandOperationOptions.retryWrites is deprecated

    CommandOperationOptions.retryWrites is deprecated. This per‑command option has no effect; the Node.js driver only honors retryWrites when configured at the client level (MongoClient options) or via the connection string. Do not use this option on individual commands. There is no runtime behavior change because it was already ignored, but it will be removed in an upcoming major release and may cause type or build errors in code that references it. To control retryable writes, set retryWrites in MongoClient options or include retryWrites=true|false in the connection string.

    ChangeStream .tryNext() now updates resumeToken to prevent duplicates after resume

    When .tryNext() returns a change document, the driver now caches its resumeToken, aligning its behavior with .next() and the 'change' event. If .tryNext() returns null (no new changes), nothing is cached, which is unchanged from previous behavior.

    Previously, .tryNext() did not update the resumeToken, so a resumable error could cause a resume from an older token and re-deliver already processed changes. With this release, resumes continue from the latest token observed via .tryNext(), preventing duplicates.

    const changeStream = collection.watch([]);
while (true) {
  const change = await changeStream.tryNext(); // prior versions could return duplicates
  await scheduler.wait(1000);  // delay since tryNext() does not wait for changes
}

    Applications that poll change streams with .tryNext() in non-blocking loops benefit directly. There are no API changes; if you previously tracked and passed resumeAfter or startAfter manually, you can now rely on the driver’s built-in token caching.

    Huge thanks to @ rkistner for bringing this bug to our attention and for sharing code to reproduce it. Huge thanks as well to @ Omnicpie for investigating and implementing a fix.

    Change Streams now resume on MongoServerSelectionError

    When the driver encounters a MongoServerSelectionError while processing a Change Stream (e.g., due to a transient network issue or during an election), it now treats the error as resumable and attempts to resume using the latest cached resume token.

    This applies to both iterator and event-emitter usage:

    // Iterator form
const changeStream = collection.watch([]);
for await (const change of changeStream) {
  // process change
}
    // Event-emitter form
const changeStream = collection.watch([]);
changeStream.on('change', (change) => {
  // process change
});

    There are no API changes. If you previously caught MongoServerSelectionError and implemented manual resume logic, you can now rely on the driver’s built-in resume mechanism, which uses the cached resume token from the change event’s _id to continue without losing events.

    Huge thanks to @ grossbart for bringing this bug to our attention, investigating it and for sharing code to reproduce it!

    MongoClient.appendMetadata() ignores duplicate metadata

    MongoClient.appendMetadata() will no longer append metadata if it duplicates the metadata already appended to the MongoClient.

    Features

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

from mongodb GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade mongodb from 6.20.0 to 6.21.0
51ba421 
Snyk has created this PR to upgrade mongodb from 6.20.0 to 6.21.0.

See this package in npm:
mongodb

See this project in Snyk:
https://app.snyk.io/org/mlosetty-intel/project/87ea6c00-12f8-440f-89ed-409dd64ca91a?utm_source=github&utm_medium=referral&page=upgrade-pr
@madhavilosetty-intel madhavilosetty-intel deleted the snyk-upgrade-d5a40a4acabe63b88b51615a064e1370 branch January 6, 2026 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@madhavilosetty-intel @snyk-bot