The MongoDB Node.js team is pleased to announce version 4.17.0 of the
Until v6, the driver included the
saslprep package as an optional dependency for SCRAM-SHA-256 authentication.
saslprep breaks when bundled with webpack because it attempted to read a file relative to the package location and consequently the driver would throw errors when using SCRAM-SHA-256 if it were bundled.
The driver now depends on
mongodb-js/saslprep, a fork of
saslprep that can be bundled with webpack because it includes the necessary saslprep data in memory upon loading. This will be installed by default but will only be used if SCRAM-SHA-256 authentication is used.
In order to avoid mistakenly printing credentials the
ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options:
- NODE-5272: do not create or drop ecc collections (#3678) (d26ad61)
- NODE-5398: use mongodb-js/saslprep instead of saslprep (#3820) (5244711)
- NODE-5262: AWS Lambda metadata detection logic is too permissive (#3683) (c0c3d99)
- NODE-5311: construct error messages for AggregateErrors in Node16+ (#3683) (98b7bdf)
NODE-5316: prevent parallel topology creation in MongoClient.connect (#3696) (e13038d)
- Thank you
@clemclxfor contributing this fix!
- Thank you
- NODE-5356: prevent scram auth from throwing TypeError if saslprep is not a function (#3732) (2d028af)
- NODE-5536: remove credentials from ConnectionPoolCreatedEvent options (#3812) (2910dca)
We invite you to try the
mongodb library immediately, and report any issues to the NODE project.