Skip to content

chore(deps): bump the prod-dependencies group across 1 directory with 3 updates#4986

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-be0dce9576
Open

chore(deps): bump the prod-dependencies group across 1 directory with 3 updates#4986
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-be0dce9576

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-dependencies group with 3 updates in the / directory: @mongodb-js/saslprep, bson and mongodb-connection-string-url.

Updates @mongodb-js/saslprep from 1.3.2 to 1.4.12

Commits
  • 04e390e chore(ci): bump packages
  • 14b7668 chore(deps-dev): bump @​types/node from 22.15.31 to 25.5.2 (#649)
  • d78b253 chore: update cidrs.json [skip ci]
  • 12ef575 chore(ci): bump packages
  • dcc663b fix(device-id): device id drift between devtools products and altas cli COMPA...
  • f49e20e chore(ci): bump packages
  • e9d7de3 fix(tracking-plan): identifyTraits must have payload (#805)
  • a78ba11 chore(ci): bump packages
  • 83e66d3 feat(mongodb-constants): update $unionWith template with db field COMPASS-998...
  • 0424f26 chore: update cidrs.json [skip ci]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by gribnoysup, a new releaser for @​mongodb-js/saslprep since your current version.


Updates bson from 7.2.0 to 7.3.1

Release notes

Sourced from bson's releases.

v7.3.1

7.3.1 (2026-06-23)

The MongoDB Node.js team is pleased to announce version 7.3.1 of the bson package!

Release Notes

ObjectId initialization now tolerates partial process polyfills

Adds optional chaining to Node.js startup snapshot API calls in ObjectId so that environments with a stubbed or partial process global no longer throw a TypeError at startup.

Bug Fixes

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

v7.3.0

7.3.0 (2026-06-17)

The MongoDB Node.js team is pleased to announce version 7.3.0 of the bson package!

Release Notes

Deprecated inapplicable Long members on Timestamp

Timestamp inherits from Long for storage convenience, but it is semantically a (t, i) pair, not a general 64-bit integer. If you have called Long methods directly on Timestamp instances (for example toNumber(), getHighBits(), getLowBits(), or aithmetic and bitwise operations), those are now marked @deprecated with no runtime behavior changes. The .t and .i accessors provide direct, semantically consistent access to the two timestamp components.

BSON operations no longer throw on deeply nested documents

Core serialization and deserialization function (serialize, deserialize, calculateObjectSize) have been rewritten as iterative algorithms, so a sufficiently-nested document will no longer exhaust the call stack.

Behavior change: Code with Scope scopes are no longer promoted to DBRef

As a side effect of the rewrite, a Code with Scope scope that happens to carry $ref, $id, and $db keys is no longer promoted to a DBRef instance. The scope is returned as a plain object, which is the correct behavior: a scope represents JavaScript variable bindings, not a document reference.

new Binary(buffer, subType) now coerces subType to match BSON bytes

The Binary constructor now normalizes subtype inputs to match BSON serialization. Previously, passing a stringified subtype like '4' would cause a mismatch between the sub_type property (string '4') and the serialized BSON value (0x04). The constructor now converts inputs to ensure consistency.

EJSON.stringify now correctly handles all parameter combinations

Previously, calling EJSON.stringify(value, options, space) silently discarded the space parameter, producing unformatted output. This has been fixed so all documented call signatures work as expected:

... (truncated)

Changelog

Sourced from bson's changelog.

7.3.1 (2026-06-23)

Bug Fixes

7.3.0 (2026-06-17)

Features

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for bson since your current version.


Updates mongodb-connection-string-url from 7.0.0 to 7.0.1

Release notes

Sourced from mongodb-connection-string-url's releases.

v7.0.1

7.0.1 (2026-01-26)

The MongoDB Node.js team is pleased to announce version 7.0.1 of the mongodb-connection-string-url package!

Release Notes

This release does not contain public-facing changes.

Documentation

We invite you to try the mongodb-connection-string-url library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb-connection-string-url's changelog.

7.0.1 (2026-01-26)

Miscellaneous Chores

  • deps-dev: bump js-yaml from 3.14.1 to 3.14.2 (#109) (d6e7654)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… 3 updates

Bumps the prod-dependencies group with 3 updates in the / directory: [@mongodb-js/saslprep](https://github.com/mongodb-js/devtools-shared), [bson](https://github.com/mongodb/js-bson) and [mongodb-connection-string-url](https://github.com/mongodb-js/mongodb-connection-string-url).


Updates `@mongodb-js/saslprep` from 1.3.2 to 1.4.12
- [Commits](https://github.com/mongodb-js/devtools-shared/compare/@mongodb-js/saslprep@1.3.2...@mongodb-js/saslprep@1.4.12)

Updates `bson` from 7.2.0 to 7.3.1
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md)
- [Commits](mongodb/js-bson@v7.2.0...v7.3.1)

Updates `mongodb-connection-string-url` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/mongodb-js/mongodb-connection-string-url/releases)
- [Changelog](https://github.com/mongodb-js/mongodb-connection-string-url/blob/main/HISTORY.md)
- [Commits](mongodb-js/mongodb-connection-string-url@v7.0.0...v7.0.1)

---
updated-dependencies:
- dependency-name: "@mongodb-js/saslprep"
  dependency-version: 1.4.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: bson
  dependency-version: 7.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: mongodb-connection-string-url
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 06:16
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants