Merge branch 'main' into uri-validate-less

.eslintignore

@@ -2,5 +2,3 @@
 lib
 test/disabled
 !etc/docs
-
-test/explicit-resource-management

.eslintrc.json

@@ -6,13 +6,11 @@
   },
   "plugins": [
     "simple-import-sort",
-    "import",
     "@typescript-eslint",
     "prettier",
     "unused-imports",
     "tsdoc",
-    "mocha",
-    "github"
+    "mocha"
   ],
   "extends": [
     "eslint:recommended",
@@ -67,15 +65,17 @@
     ],
     "simple-import-sort/imports": "error",
     "simple-import-sort/exports": "error",
-    "import/first": "error",
-    "import/newline-after-import": "error",
-    "import/no-duplicates": "error",
     "strict": [
       "error",
       "global"
     ],
     "@typescript-eslint/no-explicit-any": "off",
+    "@typescript-eslint/no-non-null-assertion": "error",
+    // We use redundant type constituents for documentation purposes.
+    "@typescript-eslint/no-redundant-type-constituents": "off",
+    "@typescript-eslint/no-empty-function": "error",
     "@typescript-eslint/require-await": "off",
+    "@typescript-eslint/no-unused-expressions": "off",
     "@typescript-eslint/consistent-type-imports": [
       "error",
       {
@@ -121,12 +121,8 @@
         "message": "Do not strictly check typeof undefined (NOTE: currently this rule only detects the usage of 'undefined' string literal so this could be a misfire)"
       }
     ],
-    "@typescript-eslint/no-unused-vars": [
-      "error",
-      {
-        "argsIgnorePattern": "^_"
-      }
-    ]
+    "@typescript-eslint/no-unused-vars": "error",
+    "no-duplicate-imports": "error"
   },
   "overrides": [
     {
@@ -168,6 +164,9 @@
         "@typescript-eslint/no-empty-function": "off",
         "@typescript-eslint/no-this-alias": "off",
         "@typescript-eslint/no-unused-vars": "off",
+        "@typescript-eslint/consistent-type-imports": "off",
+        // JS test files use require
+        "@typescript-eslint/no-require-imports": "off",
         // Since we use ts-node we should always require the TS code
         // Also we have patches to apply to the mock server, so we should always import from there
         "no-restricted-modules": [
@@ -200,6 +199,15 @@
         "no-restricted-syntax": "off",
         "typescript-eslint/ban-ts-comment": "off",
         "no-restricted-imports": "off",
+        "@typescript-eslint/no-unused-vars": [
+          "error",
+          {
+            "argsIgnorePattern": "^_",
+            "caughtErrorsIgnorePattern": "^_",
+            "destructuredArrayIgnorePattern": "^_",
+            "varsIgnorePattern": "^_"
+          }
+        ],
         "@typescript-eslint/no-restricted-imports": [
           "error",
           {
@@ -235,12 +243,23 @@
         "@typescript-eslint/restrict-plus-operands": "off",
         "@typescript-eslint/restrict-template-expressions": "off",
         "@typescript-eslint/require-await": "off",
+        "@typescript-eslint/no-redundant-type-constituents": "off",
+        "@typescript-eslint/no-unused-expressions": "off",
+        "@typescript-eslint/no-explicit-any": "off",
         "no-return-await": "off",
         "@typescript-eslint/return-await": [
           "error",
           "always"
         ],
-        "github/no-then": "error",
+        "@typescript-eslint/no-unused-vars": [
+          "error",
+          {
+            "argsIgnorePattern": "^_",
+            "caughtErrorsIgnorePattern": "^_",
+            "destructuredArrayIgnorePattern": "^_",
+            "varsIgnorePattern": "^_"
+          }
+        ],
         "no-restricted-imports": [
           "error",
           {
@@ -263,7 +282,7 @@
         "tsdoc/syntax": "warn",
         "no-console": "off",
         "@typescript-eslint/no-explicit-any": "off",
-        "@typescript-eslint/no-unused-vars": "error",
+        "@typescript-eslint/no-unused-vars": "off",
         "@typescript-eslint/ban-ts-comment": "off",
         "@typescript-eslint/no-empty-function": "off"
       }
@@ -276,7 +295,18 @@
       ],
       "parser": "@typescript-eslint/parser",
       "rules": {
-        "unused-imports/no-unused-imports": "error"
+        "unused-imports/no-unused-imports": "error",
+        "@typescript-eslint/no-empty-object-type": "off",
+        "@typescript-eslint/no-unsafe-declaration-merging": "off",
+        "no-duplicate-imports": "off",
+        "@typescript-eslint/consistent-type-imports": [
+          "error",
+          {
+            "prefer": "type-imports",
+            "disallowTypeAnnotations": false,
+            "fixStyle": "separate-type-imports"
+          }
+        ]
       }
     }
   ]

.evergreen/config.yml

@@ -3522,7 +3522,7 @@ tasks:
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: check resource management feature integration
-  - name: check-types-typescript-next-node-types-20.14.10
+  - name: check-types-typescript-next-node-types-22.4.1
     tags:
       - check-types-typescript-next
       - typescript-compilation
@@ -3534,10 +3534,10 @@ tasks:
             - {key: NODE_LTS_VERSION, value: '16'}
             - {key: NPM_VERSION, value: '9'}
             - {key: TS_VERSION, value: next}
-            - {key: TYPES_VERSION, value: 20.14.10}
+            - {key: TYPES_VERSION, value: 22.4.1}
       - func: install dependencies
       - func: check types
-  - name: check-types-typescript-current-node-types-20.14.10
+  - name: check-types-typescript-current-node-types-22.4.1
     tags:
       - check-types-typescript-current
       - typescript-compilation
@@ -3549,7 +3549,7 @@ tasks:
             - {key: NODE_LTS_VERSION, value: '16'}
             - {key: NPM_VERSION, value: '9'}
             - {key: TS_VERSION, value: current}
-            - {key: TYPES_VERSION, value: 20.14.10}
+            - {key: TYPES_VERSION, value: 22.4.1}
       - func: install dependencies
       - func: check types
   - name: check-types-typescript-next-node-types-16.x
@@ -3597,7 +3597,7 @@ tasks:
             - {key: TYPES_VERSION, value: 18.11.9}
       - func: install dependencies
       - func: check types
-  - name: compile-driver-typescript-current-node-types-20.14.10
+  - name: compile-driver-typescript-current-node-types-22.4.1
     tags:
       - compile-driver-typescript-current
       - typescript-compilation
@@ -3609,7 +3609,7 @@ tasks:
             - {key: NODE_LTS_VERSION, value: '16'}
             - {key: NPM_VERSION, value: '9'}
             - {key: TS_VERSION, value: current}
-            - {key: TYPES_VERSION, value: 20.14.10}
+            - {key: TYPES_VERSION, value: 22.4.1}
       - func: install dependencies
       - func: compile driver
   - name: download-and-merge-coverage

.evergreen/install-mongodb-client-encryption.sh

@@ -1,5 +1,5 @@
 #! /usr/bin/env bash
-set +o xtrace # Do not write AWS credentials to stderr
+set +o xtrace
 
 # Initial checks for running these tests
 if [ -z ${PROJECT_DIRECTORY+omitted} ]; then echo "PROJECT_DIRECTORY is unset" && exit 1; fi
@@ -9,20 +9,19 @@ source "${PROJECT_DIRECTORY}/.evergreen/init-node-and-npm-env.sh"
 set -o xtrace   # Write all commands first to stderr
 set -o errexit  # Exit the script with error if any of the commands fail
 
-rm -rf $INSTALL_DIR
+rm -rf mongodb-client-encryption
 git clone https://github.com/mongodb-js/mongodb-client-encryption.git
 pushd mongodb-client-encryption
 
 if [ -n "${LIBMONGOCRYPT_VERSION}" ]; then
 	# nightly tests test with `latest` to test against the laster FLE build.
-    npm run install:libmongocrypt -- --libVersion $LIBMONGOCRYPT_VERSION
+    npm run install:libmongocrypt -- --build --libVersion $LIBMONGOCRYPT_VERSION
 else
 	# otherwise use whatever is specified in the package.json.
     npm run install:libmongocrypt
 fi
 
 echo "finished installing libmongocrypt"
-BINDINGS_DIR=$(pwd)
 
 popd
 

.github/dependabot.yml

@@ -0,0 +1,38 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "monthly"
+    ignore:
+      # chai is esmodule only.
+      - dependency-name: "chai"
+        versions: [">=5.0.0"]
+      # sinon-chai 4.x+ supports chai 5.x+.
+      - dependency-name: "sinon-chai"
+        versions: [">=4.0.0"]
+      # nyc is Node18+ only starting on nyc@16.x.
+      - dependency-name: "nyc"
+        versions: [">=16.0.0"]
+      # we ignore TS as a part of quarterly dependency updates.
+      - dependency-name: "typescript"
+      # stay on the supported major version of gcp-metadata
+      - dependency-name: "gcp-metadata"
+        versions: [">=6.0.0"]
+
+    versioning-strategy: increase
+    allow:
+      - dependency-type: "development"
+
+    groups:
+      development-dependencies:
+        dependency-type: "development"
+        applies-to: version-updates
+        update-types:
+        - "minor"
+        - "patch"

.github/workflows/release-6.8.yml

@@ -0,0 +1,109 @@
+on:
+  push:
+    branches: [6.8]
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+name: release-68
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          target-branch: 6.8
+
+  build:
+    needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+        with:
+          ignore_install_scripts: false
+
+      - name: Load version and package info
+        uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+        with:
+          npm_package_name: mongodb
+
+      - name: actions/compress_sign_and_upload
+        uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: us-east-1
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          npm_package_name: mongodb
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+      - name: Copy sbom file to release assets
+        shell: bash
+        if: ${{ '' == '' }}
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ '' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v2
+        with:
+          silk_asset_group: ''
+          sbom_file_name: sbom.json
+
+      - name: Generate authorized pub report
+        uses: mongodb-labs/drivers-github-tools/full-report@v2
+        with:
+          release_version: ${{ env.package_version }}
+          product_name: mongodb
+          sarif_report_target_ref: 6.8
+          third_party_dependency_tool: n/a
+          dist_filenames: artifacts/*
+          token: ${{ github.token }}
+          sbom_file_name: sbom.json
+          evergreen_project: mongo-node-driver-next
+          evergreen_commit: ${{ env.commit }}
+
+      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+        with:
+          version: ${{ env.package_version }}
+          product_name: mongodb
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+  publish:
+    needs: [release_please, ssdlc, build]
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+
+        # Just picking a string to put here so that releases from this branch are not marked "latest",
+        # we should go and rm-dist-tag after this is published, no reason to keep it tagged.
+      - run: |
+          npm publish --provenance --tag=tag-for-publishing-older-releases
+          npm dist-tag rm mongodb tag-for-publishing-older-releases
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}