fix(deps): update dependency mongodb to v3.6.10 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mongodb	3.6.9 -> 3.6.10

GitHub Vulnerability Alerts

CVE-2021-32050

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

---

Release Notes

mongodb/node-mongodb-native (mongodb)

v3.6.10

Compare Source

The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package!

Release Highlights

This patch addresses a few bugs listed below. Notably the bsonRegExp option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example:

await collection.insertOne({ a: new BSONRegExp('(?-i)AA_') })
await collection.findOne({ a: new BSONRegExp('(?-i)AA_') }, { bsonRegExp: true })
// { _id: ObjectId,  a: BSONRegExp { pattern: '(?-i)AA_', options: '' } }

Also there was an issue with Cursor.forEach where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example:

collection.find({}).forEach(doc => {
    if(doc.bad) throw new Error('bad document!');
}).catch(error => {
    // now this is called! and error is `bad document!`
})
// before this fix the `bad document!` error would be thrown synchronously
// and have to be caught with try catch out here

Bug Fixes

• NODE-2035: Exceptions thrown from awaited cursor forEach do not propagate (#​2852) (a917dfa)
• NODE-3150: added bsonRegExp option for v3.6 (#​2843) (e4a9a57)
• NODE-3358: Command monitoring objects hold internal state references (#​2858) (750760c)
• NODE-3380: perform retryable write checks against server (#​2861) (621677a)
• NODE-3397: report more helpful error with unsupported authMechanism in initial handshake (#​2876) (3ce148d)

Documentation

• Reference: https://docs.mongodb.com/drivers/node/current/
• API: http://mongodb.github.io/node-mongodb-native/3.6/api
• Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the mongodb package immediately, and report any issues to the NODE project.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.