MongoDB 5.0.1 is a patch release following 5.0.0 of the official Node.js driver, refining and stabilizing the previous version. Both versions maintain the same core dependencies, including "bson":"^5.0.0", "socks":"^2.7.1", "saslprep":"^1.0.3", and "mongodb-connection-string-url":"^2.6.0", ensuring consistent functionality for developers relying on these foundational components. The devDependencies and peerDependencies also remain identical, signifying no significant changes in the development or runtime environments. The key difference lies in the dist object, where fileCount is the same at 303, but unpackedSize shows a slight increase from 2449490 bytes in 5.0.0 to 2450670 bytes in 5.0.1. Although the filesize difference is very small, this suggests minor code-level adjustments, bug fixes, or internal optimizations within the library in 5.0.1. This is further supported by the difference in releaseDate.
Developers should consider upgrading to 5.0.1 for the most stable and refined experience, although the incremental nature of the release suggests no breaking changes or major feature additions. It's always recommended to check the MongoDB driver changelog for detailed information on specific fixes and improvements.
All the vulnerabilities related to the version 5.0.1 of the package
MongoDB Driver may publish events containing authentication-related data
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.
Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).
This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
