MongoDB v3.6.5 is a patch release of the official Node.js driver, building upon the v3.6.4 version. Both versions share the same set of core dependencies like bl, bson, denque, saslprep, safe-buffer, and require_optional, ensuring foundational stability and compatibility. Likewise, the development dependencies, including testing frameworks such as chai, mocha, and sinon, linting tools like eslint, and utilities for code formatting and documentation remain consistent. Developers will find no significant API changes or altered functionalities between these releases based solely on examining their declared dependencies.
Key differences likely reside in bug fixes, performance enhancements, and internal refactoring, none of which are reflected in the package manifest data provided. While fileCount remains the same at 148, unpackedSize marginally increased from 1506010 to 1510007, suggesting minor additions or adjustments in the codebase of version 3.6.5. The releaseDate confirms that v3.6.5 was released later than v3.6.4.
For developers, upgrading from v3.6.4 to v3.6.5 is recommended to leverage any potential stability improvements but no relevant functional change needs to be addressed. Focus should stay on considering the driver's dependencies (bson, bl, etc) as they were maintained. Consult the official MongoDB Node.js driver changelog and release notes, as those provide in depth information.
All the vulnerabilities related to the version 3.6.5 of the package
MongoDB Driver may publish events containing authentication-related data
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.
Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).
This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
