Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump MongoDB.Driver from 2.8.1 to 2.18.0 #347

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 17, 2022

Bumps MongoDB.Driver from 2.8.1 to 2.18.0.

Release notes

Sourced from MongoDB.Driver's releases.

.NET Driver Version 2.18.0 Release Notes

This is the general availability release for the 2.18.0 version of the driver.

The main new features in 2.18.0 include:

  • Snappy compression now uses a managed implementation
  • ZStandard compression now uses a managed implementation
  • Cache AWS credentials when possible
  • New cross driver standard logging support
  • Support for $documents aggregation pipeline stage

An online version of these release notes is available at:

https://github.com/mongodb/mongo-csharp-driver/blob/master/Release%20Notes/Release%20Notes%20v2.18.0.md

The full list of JIRA issues resolved in this release is available at:

https://jira.mongodb.org/issues/?jql=project%20%3D%20CSHARP%20AND%20fixVersion%20%3D%202.18.0%20ORDER%20BY%20key%20ASC

Documentation on the .NET driver can be found at:

https://mongodb.github.io/mongo-csharp-driver/

.NET Driver Version 2.17.1 Release Notes

This is a patch release that fixes a potential data corruption bug in RewrapManyDataKey when rotating encrypted data encryption keys backed by GCP or Azure key services.

The following conditions will trigger this bug:

  • A GCP-backed or Azure-backed data encryption key being rewrapped requires fetching an access token for decryption of the data encryption key.

The result of this bug is that the key material for all data encryption keys being rewrapped is replaced by new randomly generated material, destroying the original key material.

To mitigate potential data corruption, upgrade to this version or higher before using RewrapManyDataKey to rotate Azure-backed or GCP-backed data encryption keys. A backup of the key vault collection should always be taken before key rotation.

An online version of these release notes is available at:

https://github.com/mongodb/mongo-csharp-driver/blob/master/Release%20Notes/Release%20Notes%20v2.17.1.md

The list of JIRA tickets resolved in this release is available at:

https://jira.mongodb.org/issues/?jql=project%20%3D%20CSHARP%20AND%20fixVersion%20%3D%202.17.1%20ORDER%20BY%20key%20ASC

Documentation on the .NET driver can be found at:

http://mongodb.github.io/mongo-csharp-driver/

Upgrading

... (truncated)

Commits
  • 554c799 CSHARP-4364: Bump maxWireVersion for MongoDB 6.1. (#903)
  • 627b791 CSHARP-4365: Fix Sandcastle warning regarding Microsoft.Extensions.Logging.Ab...
  • fa38bc8 Add missing doc comments to resolve Sandcastle doc warnings.
  • 04842bc Update version numbers to 2.18.0 in docs files.
  • c0c812a Release notes for 2.18.0.
  • 5585012 CSHARP-4362: TestEmptySortedSet test failing on net6.
  • 664d96c CSHARP-4348: Improve logging related class and member names (#899)
  • c0d3b4c CSHARP-4279: Logs truncation (#891)
  • ca00c14 CSHARP-4337: Use correct serializer for conditional result.
  • 3d67e80 CSHARP-4273: Cache AWS Credentials Where Possible. (#894)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) from 2.8.1 to 2.18.0.
- [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases)
- [Commits](mongodb/mongo-csharp-driver@v2.8.1...v2.18.0)

---
updated-dependencies:
- dependency-name: MongoDB.Driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Oct 17, 2022
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 30, 2023

Superseded by #365.

@dependabot dependabot bot closed this Jan 30, 2023
@dependabot dependabot bot deleted the dependabot/nuget/MongoDB.Driver-2.18.0 branch January 30, 2023 04:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants