MongoDB Node.js driver version 3.0.3 represents a minor update from the preceding stable release, version 3.0.2. Both versions serve as the official MongoDB driver for Node.js applications, facilitating seamless interaction with MongoDB databases. Core functionality remains consistent, with the mongodb-core dependency updated from version 3.0.2 to 3.0.3, suggesting internal improvements and bug fixes within the underlying MongoDB driver core. Developers relying on the MongoDB Node.js driver should appreciate the incremental enhancements offered by version 3.0.3.
The dependency graph is virtually identical, encompassing developer tools such as co, bson, chai, jsdoc, eslint, semver, bluebird, istanbul, prettier, coveralls, worker-farm, betterbenchmarks, mongodb-mock-server, mongodb-test-runner, mongodb-extended-json, eslint-plugin-prettier, and conventional-changelog-cli. The consistency in development dependencies indicates a stable tooling and testing environment. While the core API remains largely unchanged between these versions, upgrading to 3.0.3 is recommended to benefit from the bug fixes and optimizations incorporated within the core component to enhance application performance and reliability. Always conduct thorough testing after upgrading to ensure compatibility in the application.
The release date of 3.0.3 is later than the release date of the 3.0.2 so this is the main reason to upgrade to get the last bug fixes.
All the vulnerabilities related to the version 3.0.3 of the package
Denial of Service in mongodb
Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.
Upgrade to version 3.1.13 or later.
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.
Deserialization of Untrusted Data in bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
