chore(deps): bump bson from 6.10.4 to 7.2.0

[dependabot]

Bumps bson from 6.10.4 to 7.2.0.

Release notes

Sourced from bson's releases.

v7.2.0

7.2.0 (2026-01-29)

The MongoDB Node.js team is pleased to announce version 7.2.0 of the bson package!

Release Notes

EJSON now supports ignoreUndefined

serialize supports an option, ignoreUndefined, which instructs the serializer to skip any keys whose values are undefined.

This option has been added to EJSON:

> EJSON.stringify({ a: undefined }, { ignoreUndefined: true });
'{}'
> EJSON.stringify({ a: undefined }, { ignoreUndefined: false });
'{"a":null}'
> EJSON.serialize({ a: undefined }, { ignoreUndefined: true });
{}
> EJSON.serialize({ a: undefined }, { ignoreUndefined: false });
{ a: null }

This option defaults to false.

Buffer.copy() now present in ByteUtils

ByteUtils now contains a copy() method, we behaves identically to Nodejs' Buffer.copy() method.

Features

• NODE-7328: Add ignoreUndefined option to EJSON APIs (#853) (5cf00c2)
• NODE-7414: add copy method to ByteUtils (#867) (ffa77c6)

Documentation

• API
• Changelog

We invite you to try the bson library immediately, and report any issues to the NODE project.

v7.1.1

7.1.1 (2026-01-17)

The MongoDB Node.js team is pleased to announce version 7.1.1 of the bson package!

Release Notes

... (truncated)

Changelog

Sourced from bson's changelog.

7.2.0 (2026-01-29)

Features

• NODE-7328: Add ignoreUndefined option to EJSON APIs (#853) (5cf00c2)

Bug Fixes

• NODE-7414: add copy method to ByteUtils (#867) (ffa77c6)

7.1.1 (2026-01-17)

Bug Fixes

• NODE-7399: revert bson PR 859 / NODE-7334 (#861) (6511e0d)

7.1.0 (2026-01-16)

Features

• NODE-7314: export byteUtils & add missing methods (#852) (a31c90e)
• NODE-7316: export number utils (#850) (a23e788)
• NODE-7334: remove ByteUtils and NumberUtils from the onDemand ns (#859) (92bbc34)

Bug Fixes

• NODE-7397: Use type predicate for isUint8Array (#860) (89b3a2b)

7.0.0 (2025-11-05)

Miscellaneous Chores

• prerelease false (#847) (b925f26)

7.0.0-alpha.2 (2025-10-24)

Bug Fixes

• NODE-7271: revert private property usage in ObjectId (#835) (79faf75)

7.0.0-alpha.1 (2025-10-21)

... (truncated)

Commits

• 0712bb1 chore(main): release 7.2.0 (#866)
• ffa77c6 fix(NODE-7414): add copy method to ByteUtils (#867)
• 5cf00c2 feat(NODE-7328): Add ignoreUndefined option to EJSON APIs (#853)
• 51f86bc chore(main): release 7.1.1 (#862)
• 6511e0d fix(NODE-7399): revert bson PR 859 / NODE-7334 (#861)
• 4375ec6 chore(main): release 7.1.0 (#851)
• 89b3a2b fix(NODE-7397): Use type predicate for isUint8Array (#860)
• 92bbc34 feat(NODE-7334): remove ByteUtils and NumberUtils from the onDemand ns (#859)
• a31c90e feat(NODE-7314): export byteUtils & add missing methods (#852)
• a23e788 feat(NODE-7316): export number utils (#850)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Medium Risk
Major-version bson upgrade affects BSON encode/decode on the PowerSync sync path; verify sync middleware and tests still pass despite no code changes in the PR.

Overview
Bumps the direct bson dependency in package.json from 6.10.4 to 7.2.0 (major version). No application source changes are included in this diff; lockfile updates may follow separately.

This is a Dependabot dependency-only change. bson is used at runtime (e.g. lazy import in TransformableBucketStorage) to deserialize and re-serialize PowerSync PROCESS_BSON_LINE sync payloads in the sync middleware pipeline.

^{Reviewed by Cursor Bugbot for commit cbb5a76. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit cbb5a76. Configure here.}

[cursor]

Lockfile not updated, bson upgrade is ineffective

High Severity

package.json declares bson ^7.2.0 but bun.lock still pins bson@6.10.4 with the old specifier ^6.10.4. Since the lockfile takes precedence during bun install, the major version bump is effectively a no-op — builds will continue installing bson v6. The lockfile needs to be regenerated to actually pick up bson v7.

 

^{Reviewed by Cursor Bugbot for commit cbb5a76. Configure here.}