@mongodb-js/devtools-connect - npm Package Compare versions

Comparing version 2.3.0 to 2.3.1

lib/connect.js

@@ -30,2 +30,3 @@ "use strict";
 exports.isHumanOidcFlow = exports.connectMongoClient = exports.DevtoolsConnectionState = exports.MongoAutoencryptionUnavailable = void 0;
+const dns_1 = __importDefault(require("dns"));
 const fast_failure_connect_1 = require("./fast-failure-connect");
@@ -231,2 +232,8 @@ const system_ca_1 = require("system-ca");
     detectAndLogMissingOptionalDependencies(logger);
+    const shouldAddOidcCallbacks = isHumanOidcFlow(uri, clientOptions);
+    const state = clientOptions.parentState ?? new DevtoolsConnectionState(clientOptions, logger);
+    const mongoClientOptions = (0, lodash_merge_1.default)({}, clientOptions, shouldAddOidcCallbacks ? state.oidcPlugin.mongoClientOptions : {});
+    mongoClientOptions.lookup = (hostname, options, callback) => {
+        return dns_1.default.lookup(hostname, { verbatim: false, ...options }, callback);
+    };
     if (clientOptions.useSystemCA) {
@@ -239,10 +246,4 @@ const systemCAOpts = { includeNodeCertificates: true };
         });
-        clientOptions = {
-            ...clientOptions,
-            ca: ca.join('\n')
-        };
+        mongoClientOptions.ca = ca.join('\n');
     }
-    const shouldAddOidcCallbacks = isHumanOidcFlow(uri, clientOptions);
-    const state = clientOptions.parentState ?? new DevtoolsConnectionState(clientOptions, logger);
-    const mongoClientOptions = (0, lodash_merge_1.default)({}, clientOptions, shouldAddOidcCallbacks ? state.oidcPlugin.mongoClientOptions : {});
     delete mongoClientOptions.useSystemCA;
@@ -249,0 +250,0 @@ delete mongoClientOptions.productDocsLink;

lib/oidc/handler.js

@@ -9,2 +9,7 @@ "use strict";
     res.statusCode = status;
+    if (result === 'redirecting') {
+        res.setHeader('Location', info.location);
+        res.end();
+        return;
+    }
     res.setHeader('Content-Security-Policy', "default-src 'self'; style-src 'unsafe-inline'");
@@ -11,0 +16,0 @@ res.setHeader('Content-Type', 'text/html; charset=utf-8');

package.json

 {
   "name": "@mongodb-js/devtools-connect",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "description": "A connection establishment utility for MongoDB developer tools",
@@ -39,13 +39,13 @@ "homepage": "https://github.com/mongodb-js/devtools-connect",
     "lodash.merge": "^4.6.2",
-    "system-ca": "^1.0.2",
-    "mongodb-connection-string-url": "^2.6.0"
+    "mongodb-connection-string-url": "^2.6.0",
+    "system-ca": "^1.0.2"
   },
   "peerDependencies": {
+    "@mongodb-js/oidc-plugin": "^0.3.0",
     "mongodb": "^5.4.0",
-    "mongodb-log-writer": "^1.2.0",
-    "@mongodb-js/oidc-plugin": "^0.2.4"
+    "mongodb-log-writer": "^1.2.0"
   },
   "devDependencies": {
     "@mongodb-js/compass-components": "^1.6.0",
-    "@mongodb-js/oidc-plugin": "^0.2.4",
+    "@mongodb-js/oidc-plugin": "^0.3.0",
     "@types/lodash.merge": "^4.6.7",
@@ -52,0 +52,0 @@ "@types/mocha": "^9.0.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

119268

increased by0.5%

Lines of code

1261

increased by0.48%

No dependency changes