build(deps): bump the npm_and_yarn group in /apps/OpenSignServer with 2 updates

[dependabot]

Bumps the npm_and_yarn group in /apps/OpenSignServer with 2 updates: mongodb and parse-server.

Updates mongodb from 4.10.0 to 6.5.0

Release notes

Sourced from mongodb's releases.

v6.5.0

6.5.0 (2024-03-11)

The MongoDB Node.js team is pleased to announce version 6.5.0 of the mongodb package!

Release Notes

Bulk Write Operations Generate Ids using pkFactory

When performing inserts, the driver automatically generates _ids for each document if there is no _id present. By default, the driver generates ObjectIds. An option, pkFactory, can be used to configure the driver to generate _ids that are not object ids.

For a long time, only Collection.insert and Collection.insertMany actually used the pkFactory, if configured. Notably, Collection.bulkWrite(), Collection.initializeOrderedBulkOp() and Collection.initializeOrderedBulkOp() always generated ObjectIds, regardless of what was configured on collection.

The driver always generates _ids for inserted documents using the pkFactory.

[!CAUTION] If you are using a pkFactory and performing bulk writes, you may have inserted data into your database that does not have _ids generated by the pkFactory.

Fixed applying read preference to commands depending on topology

When connecting to a secondary in a replica set with a direct connection, if a read operation is performed, the driver attaches a read preference of primaryPreferred to the command.

Fixed memory leak in Connection layer

The Connection class has recently been refactored to operate on our socket operations using promises. An oversight how we made async network operations interruptible made new promises for every operation. We've simplified the approach and corrected the leak.

Query SRV and TXT records in parallel

When connecting using a convenient SRV connection string (mongodb+srv://) hostnames are obtained from an SRV dns lookup and some configuration options are obtained from a TXT dns query. Those DNS operations are now performed in parallel to reduce first-time connection latency.

Container and Kubernetes Awareness

The Node.js driver now keeps track of container metadata in the client.env.container field of the handshake document.

If space allows, the following metadata will be included in client.env.container:

env?: { 
  container?: {
    orchestrator?: 'kubernetes' // if process.env.KUBERNETES_SERVICE_HOST is set
    runtime?: 'docker' // if the '/.dockerenv' file exists
  } 
}

Note: If neither Kubernetes nor Docker is present, client.env will not have the container property.

Add property errorResponse to MongoServerError

The MongoServer error maps keys from the error document returned by the server on to itself. There are some use cases where the original error document is desirable to obtain in isolation. So now, the mongoServerError.errorResponse property stores a reference to the error document returned by the server.

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.5.0 (2024-03-11)

Features

• NODE-5968: container and Kubernetes awareness in client metadata (#4005) (28b7040)
• NODE-5988: Provide access to raw results doc on MongoServerError (#4016) (c023242)
• NODE-6008: deprecate CloseOptions interface (#4030) (f6cd8d9)

Bug Fixes

• NODE-5636: generate _ids using pkFactory in bulk write operations (#4025) (fbb5059)
• NODE-5981: read preference not applied to commands properly (#4010) (937c9c8)
• NODE-5985: throw Nodejs' certificate expired error when TLS fails to connect instead of CERT_HAS_EXPIRED (#4014) (057c223)
• NODE-5993: memory leak in the Connection class (#4022) (69de253)

Performance Improvements

• NODE-5986: parallelize SRV/TXT resolution (#4012) (eab8f23)

6.4.0 (2024-02-29)

Features

• NODE-3449: Add serverConnectionId to Command Monitoring Spec (735f7aa)
• NODE-3470: retry selects another mongos (#3963) (84959ee)
• NODE-3689: require hello command for connection handshake to use OP_MSG disallowing OP_QUERY (#3938) (ce7df0f)
• NODE-4686: Add log messages to CLAM (#3955) (e3bfa30)
• NODE-4687: Add logging to server selection (#3946) (7f3ce0b)
• NODE-4719: add SDAM Logging Spec (#3940) (a3c0298)
• NODE-4847: Add config error handling to logging (#3970) (8f7bb59)
• NODE-5717: make ExceededTimeLimit retryable reads error (#3947) (106ab09)
• NODE-5885: upgrade BSON to ^6.3.0 (#3983) (9401d09)
• NODE-5939: Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic (#3991) (e0a37e5)
• NODE-5978: upgrade BSON to ^6.4.0 (#4007) (90f2f70)

Bug Fixes

• NODE-5127: implement reject kmsRequest on server close (#3964) (568e05f)
• NODE-5609: node driver omits base64 padding in sasl-continue command (#3975) (b7d28d3)
• NODE-5765: change type for countDocuments (#3932) (22cae0f)
• NODE-5791: type error with $addToSet in bulkWrite (#3953) (b93d405)
• NODE-5818: Add feature flagging to server selection logging (#3974) (55203ef)
• NODE-5839: support for multibyte code-points in stringifyWithMaxLen (#3979) (aed1cf0)
• NODE-5840: heartbeat duration includes socket creation (#3973) (a42039b)
• NODE-5901: propagate errors to transformed stream in cursor (#3985) (ecfc615)

... (truncated)

Commits

• c9e32ad chore(main): release 6.5.0 [skip-ci] (#4013)
• f6cd8d9 feat(NODE-6008): deprecate CloseOptions interface (#4030)
• 36fa752 refactor(NODE-5915): topology close logic to be synchronous (#4021)
• 937c9c8 fix(NODE-5981): read preference not applied to commands properly (#4010)
• 31f1eed test(NODE-5969): convert CSFLE corpus test #6 to TS, async/await and add writ...
• fbb5059 fix(NODE-5636): generate _ids using pkFactory in bulk write operations (#4025)
• 2348548 test(DRIVERS-2812): sdam load balancer tests in serverless (#4026)
• c023242 feat(NODE-5988): Provide access to raw results doc on MongoServerError (#4016)
• 69de253 fix(NODE-5993): memory leak in the Connection class (#4022)
• 28b7040 feat(NODE-5968): container and Kubernetes awareness in client metadata (#4005)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for mongodb since your current version.

Updates parse-server from 6.5.5 to 7.0.0

Release notes

Sourced from parse-server's releases.

7.0.0

7.0.0 (2024-03-19)

Bug Fixes

• CacheAdapter does not connect when using a CacheAdapter with a JSON config (#8633) (720d24e)
• Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) (8e7a6b1)
• Context not passed to Cloud Code Trigger beforeFind when using Parse.Query.include (#8765) (7d32d89)
• Deny request if master key is not set in Parse Server option masterKeyIps regardless of ACL and CLP (#8957) (a7b5b38)
• Docker image not published to Docker Hub on new release (#8905) (a2ac8d1)
• Docker version releases by removing arm/v6 and arm/v7 support (#8976) (1f62dd0)
• GraphQL file upload fails in case of use of pointer or relation (#8721) (1aba638)
• Improve PostgreSQL injection detection; fixes security vulnerability GHSA-6927-3vr9-fxf2 which affects Parse Server deployments using a Postgres database (#8961) (cbefe77)
• Incomplete user object in verifyEmail function if both username and email are changed (#8889) (1eb95ae)
• Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) (0023ce4)
• Parse Server option fileExtensions default value rejects file extensions that are less than 3 or more than 4 characters long (#8699) (2760381)
• Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) (3d6d50e)
• Security bump @​babel/traverse from 7.20.5 to 7.23.2 (#8777) (2d6b3d1)
• Security upgrade graphql from 16.6.0 to 16.8.1 (#8758) (71dfd8a)
• Server crashes on invalid Cloud Function or Cloud Job name; fixes security vulnerability GHSA-6hh7-46r2-vf29 (#9024) (9f6e342)
• Server crashes when receiving an array of Parse.Pointer in the request body (#8784) (66e3603)
• Username is undefined in email verification link on email change (#8887) (e315c13)

Features

• Add $setOnInsert operator to Parse.Server.database.update (#8791) (f630a45)
• Add installationId to arguments for verifyUserEmails, preventLoginWithUnverifiedEmail (#8836) (a22dbe1)
• Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) (8adcbee)
• Add Parse.User as function parameter to Parse Server options verifyUserEmails, preventLoginWithUnverifiedEmail on login (#8850) (972f630)
• Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) (09fbeeb)
• Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) (a9c34ef)
• Add password validation via POST request for user with unverified email using master key and option ignoreEmailVerification (#8895) (633a9d2)
• Add support for MongoDB 7 (#8761) (3de8494)
• Add support for MongoDB query comment (#8928) (2170962)
• Add support for Node 20, drop support for Node 14, 16 (#8907) (ced4872)
• Add support for Postgres 16 (#8898) (99489b2)
• Allow Parse.Session.current on expired session token instead of throwing error (#8722) (f9dde4a)
• Allow setting createdAt and updatedAt during Parse.Object creation with maintenance key (#8696) (77bbfb3)
• Deprecation DEPPS5: Config option allowClientClassCreation defaults to false (#8849) (29624e0)
• Deprecation DEPPS6: Authentication adapters disabled by default (#8858) (0cf58eb)
• Deprecation DEPPS7: Remove deprecated Cloud Code file trigger syntax (#8855) (4e6a375)
• Deprecation DEPPS8: Parse Server option allowExpiredAuthDataToken defaults to false (#8860) (e29845f)
• Deprecation DEPPS9: LiveQuery fields option is renamed to keys (#8852) (38983e8)
• Node process exits with error code 1 on uncaught exception to allow custom uncaught exception handling (#8894) (70c280c)
• Switch GraphQL server from Yoga v2 to Apollo v4 (#8959) (105ae7c)
• Upgrade Parse Server Push Adapter to 5.0.2 (#8813) (6ef1986)
• Upgrade to Parse JS SDK 5 (#9022) (ad4aa83)

Performance Improvements

... (truncated)

Commits

• c83de8c chore(release): 7.0.0 [skip ci]
• 4c74b2b build: Release (#9034)
• 60cf2dd empty
• 0d5acf3 chore(release): 7.0.0-beta.1 [skip ci]
• 5c2c120 build: Release beta (#9033)
• 63d4880 empty
• 09310a7 chore(release): 7.0.0-alpha.29 [skip ci]
• 9f6e342 fix: Server crashes on invalid Cloud Function or Cloud Job name; fixes securi...
• 901aaf8 chore(release): 7.0.0-alpha.28 [skip ci]
• ad4aa83 feat: Upgrade to Parse JS SDK 5 (#9022)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
open-sign	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 7, 2024 11:18am

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.