Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-5380

Update AWS Credential Providers to Latest

    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Use Case

      As a developer
      I want to use the latest AWS credential providers
      So that I have a secure driver experience.

      @aws-sdk/client-sts has a dependency on fast-xml-parser that has the below security warning. Updating to the latest SDK updates the related dependency.

      Note that this is a peer dependency, downstream users can upgrade without changes.

      User Impact

      Only dependency security warnings. See: https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858

      Dependencies

      None

      Unknowns

      None

      Acceptance Criteria

      Implementation Requirements

      • Update @aws-sdk/credential-providers to 3.360.0 in the Node driver

      Testing Requirements

      None

      Documentation Requirements

      None

      Follow Up Requirements

      • Update bindings migration ticket to remove peer @aws-sdk/credential-providers in mongodb-client-encryption

            Assignee:
            Unassigned Unassigned
            Reporter:
            durran.jordan@mongodb.com Durran Jordan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: