MongoDB Node.js driver version 3.1.5 represents a minor update over the previous stable version, 3.1.4, primarily focusing on internal dependency upgrades. While the core functionality remains consistent, developers should note the updated mongodb-core dependency, moving from version 3.1.3 to 3.1.4. This core module handles the low-level communication with MongoDB servers, containing crucial bug fixes and performance improvements. Therefore, upgrading is generally recommended for enhanced stability and compatibility.
Both versions maintain the same developer-facing API, making the transition seamless, ensuring developers can continue using existing code without significant changes. Also using the same safe-buffer to manage binary data. The developer tooling also remains the same between the versions, having eslint for code linting, prettier for code formatting and testing utilities like chai and sinon for assertions and mocking. The devDependencies and license also remain the same.
A notable difference exists in the package size, with version 3.1.4 having an unpacked size of 958421 compared to 831012 in 3.1.5. However, this difference in size is generally not a significant factor for most users. Ultimately, the update from 3.1.4 to 3.1.5 mainly involves incorporating improvements within the mongodb-core dependency, leading to a more robust and refined driver experience for interacting with MongoDB databases. Developers need to update only if they are experiencing issues related to the core driver, even though upgrading is still encouraged in most situations.
All the vulnerabilities related to the version 3.1.5 of the package
Denial of Service in mongodb
Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.
Upgrade to version 3.1.13 or later.
