mongodb 6.8.1 → 6.9.0-dev.20240913.sha.8b0f3541

package/src/bulk/common.ts

@@ -1,6 +1,6 @@
 import { promisify } from 'util';
 
-import { type BSONSerializeOptions, type Document, resolveBSONOptions } from '../bson';
+import { type BSONSerializeOptions, type Document, EJSON, resolveBSONOptions } from '../bson';
 import type { Collection } from '../collection';
 import {
   type AnyError,
@@ -20,12 +20,12 @@ import { makeUpdateStatement, UpdateOperation, type UpdateStatement } from '../o
 import type { Server } from '../sdam/server';
 import type { Topology } from '../sdam/topology';
 import type { ClientSession } from '../sessions';
-import { maybeAddIdToDocuments } from '../utils';
 import {
   applyRetryableWrites,
   type Callback,
   getTopology,
   hasAtomicOperators,
+  maybeAddIdToDocuments,
   type MongoDBNamespace,
   resolveOptions
 } from '../utils';
@@ -294,7 +294,7 @@ export class BulkWriteResult {
   }
 
   toString(): string {
-    return `BulkWriteResult(${this.result})`;
+    return `BulkWriteResult(${EJSON.stringify(this.result)})`;
   }
 
   isOk(): boolean {
@@ -583,13 +583,12 @@ function executeCommands(
     const operation = isInsertBatch(batch)
       ? new InsertOperation(bulkOperation.s.namespace, batch.operations, finalOptions)
       : isUpdateBatch(batch)
-      ? new UpdateOperation(bulkOperation.s.namespace, batch.operations, finalOptions)
-      : isDeleteBatch(batch)
-      ? new DeleteOperation(bulkOperation.s.namespace, batch.operations, finalOptions)
-      : null;
+        ? new UpdateOperation(bulkOperation.s.namespace, batch.operations, finalOptions)
+        : isDeleteBatch(batch)
+          ? new DeleteOperation(bulkOperation.s.namespace, batch.operations, finalOptions)
+          : null;
 
     if (operation != null) {
-      // eslint-disable-next-line github/no-then
       executeOperation(bulkOperation.s.collection.client, operation).then(
         result => resultHandler(undefined, result),
         error => resultHandler(error)
@@ -616,8 +615,8 @@ function handleMongoWriteConcernError(
   callback(
     new MongoBulkWriteError(
       {
-        message: err.result?.writeConcernError.errmsg,
-        code: err.result?.writeConcernError.result
+        message: err.result.writeConcernError.errmsg,
+        code: err.result.writeConcernError.code
       },
       new BulkWriteResult(bulkResult, isOrdered)
     )
@@ -919,7 +918,11 @@ export abstract class BulkOperationBase {
    * Create a new OrderedBulkOperation or UnorderedBulkOperation instance
    * @internal
    */
-  constructor(private collection: Collection, options: BulkWriteOptions, isOrdered: boolean) {
+  constructor(
+    private collection: Collection,
+    options: BulkWriteOptions,
+    isOrdered: boolean
+  ) {
     // determine whether bulkOperation is ordered or unordered
     this.isOrdered = isOrdered;
 
@@ -1178,6 +1181,10 @@ export abstract class BulkOperationBase {
     );
   }
 
+  get length(): number {
+    return this.s.currentIndex;
+  }
+
   get bsonOptions(): BSONSerializeOptions {
     return this.s.bsonOptions;
   }
@@ -1274,13 +1281,6 @@ export abstract class BulkOperationBase {
   }
 }
 
-Object.defineProperty(BulkOperationBase.prototype, 'length', {
-  enumerable: true,
-  get() {
-    return this.s.currentIndex;
-  }
-});
-
 function isInsertBatch(batch: Batch): boolean {
   return batch.batchType === BatchType.INSERT;
 }

package/src/change_stream.ts

@@ -18,6 +18,7 @@ import { type InferIdType, TypedEventEmitter } from './mongo_types';
 import type { AggregateOptions } from './operations/aggregate';
 import type { CollationOptions, OperationParent } from './operations/command';
 import type { ReadPreference } from './read_preference';
+import { type AsyncDisposable, configureResourceManagement } from './resource_management';
 import type { ServerSessionId } from './sessions';
 import { filterOptions, getTopology, type MongoDBNamespace, squashError } from './utils';
 
@@ -43,7 +44,7 @@ const CHANGE_DOMAIN_TYPES = {
   CLUSTER: Symbol('Cluster')
 };
 
-const CHANGE_STREAM_EVENTS = [RESUME_TOKEN_CHANGED, END, CLOSE];
+const CHANGE_STREAM_EVENTS = [RESUME_TOKEN_CHANGED, END, CLOSE] as const;
 
 const NO_RESUME_TOKEN_ERROR =
   'A change stream document has been received that lacks a resume token (_id).';
@@ -544,9 +545,23 @@ export type ChangeStreamEvents<
  * @public
  */
 export class ChangeStream<
-  TSchema extends Document = Document,
-  TChange extends Document = ChangeStreamDocument<TSchema>
-> extends TypedEventEmitter<ChangeStreamEvents<TSchema, TChange>> {
+    TSchema extends Document = Document,
+    TChange extends Document = ChangeStreamDocument<TSchema>
+  >
+  extends TypedEventEmitter<ChangeStreamEvents<TSchema, TChange>>
+  implements AsyncDisposable
+{
+  /**
+   * @beta
+   * @experimental
+   * An alias for {@link ChangeStream.close|ChangeStream.close()}.
+   */
+  declare [Symbol.asyncDispose]: () => Promise<void>;
+  /** @internal */
+  async asyncDispose() {
+    await this.close();
+  }
+
   pipeline: Document[];
   /**
    * @remarks WriteConcern can still be present on the options because
@@ -665,7 +680,7 @@ export class ChangeStream<
     // Change streams must resume indefinitely while each resume event succeeds.
     // This loop continues until either a change event is received or until a resume attempt
     // fails.
-    // eslint-disable-next-line no-constant-condition
+
     while (true) {
       try {
         const hasNext = await this.cursor.hasNext();
@@ -691,7 +706,7 @@ export class ChangeStream<
     // Change streams must resume indefinitely while each resume event succeeds.
     // This loop continues until either a change event is received or until a resume attempt
     // fails.
-    // eslint-disable-next-line no-constant-condition
+
     while (true) {
       try {
         const change = await this.cursor.next();
@@ -720,7 +735,7 @@ export class ChangeStream<
     // Change streams must resume indefinitely while each resume event succeeds.
     // This loop continues until either a change event is received or until a resume attempt
     // fails.
-    // eslint-disable-next-line no-constant-condition
+
     while (true) {
       try {
         const change = await this.cursor.tryNext();
@@ -765,7 +780,9 @@ export class ChangeStream<
     return this[kClosed] || this.cursor.closed;
   }
 
-  /** Close the Change Stream */
+  /**
+   * Frees the internal resources used by the change stream.
+   */
   async close(): Promise<void> {
     this[kClosed] = true;
 
@@ -833,10 +850,10 @@ export class ChangeStream<
       this.type === CHANGE_DOMAIN_TYPES.CLUSTER
         ? (this.parent as MongoClient)
         : this.type === CHANGE_DOMAIN_TYPES.DATABASE
-        ? (this.parent as Db).client
-        : this.type === CHANGE_DOMAIN_TYPES.COLLECTION
-        ? (this.parent as Collection).client
-        : null;
+          ? (this.parent as Db).client
+          : this.type === CHANGE_DOMAIN_TYPES.COLLECTION
+            ? (this.parent as Collection).client
+            : null;
 
     if (client == null) {
       // This should never happen because of the assertion in the constructor
@@ -867,7 +884,6 @@ export class ChangeStream<
   private _closeEmitterModeWithError(error: AnyError): void {
     this.emit(ChangeStream.ERROR, error);
 
-    // eslint-disable-next-line github/no-then
     this.close().then(undefined, squashError);
   }
 
@@ -932,7 +948,7 @@ export class ChangeStream<
 
     if (isResumableError(changeStreamError, this.cursor.maxWireVersion)) {
       this._endStream();
-      // eslint-disable-next-line github/no-then
+
       this.cursor.close().then(undefined, squashError);
 
       const topology = getTopology(this.parent);
@@ -940,7 +956,7 @@ export class ChangeStream<
         .selectServer(this.cursor.readPreference, {
           operationName: 'reconnect topology in change stream'
         })
-        // eslint-disable-next-line github/no-then
+
         .then(
           () => {
             this.cursor = this._createChangeStreamCursor(this.cursor.resumeOptions);
@@ -986,3 +1002,5 @@ export class ChangeStream<
     }
   }
 }
+
+configureResourceManagement(ChangeStream.prototype);

package/src/client-side-encryption/auto_encrypter.ts

@@ -3,6 +3,7 @@ import {
   type MongoCryptConstructor,
   type MongoCryptOptions
 } from 'mongodb-client-encryption';
+import * as net from 'net';
 
 import { deserialize, type Document, serialize } from '../bson';
 import { type CommandOptions, type ProxyOptions } from '../cmap/connection';
@@ -11,6 +12,7 @@ import { getMongoDBClientEncryption } from '../deps';
 import { MongoRuntimeError } from '../error';
 import { MongoClient, type MongoClientOptions } from '../mongo_client';
 import { MongoDBCollectionNamespace } from '../utils';
+import { autoSelectSocketOptions } from './client_encryption';
 import * as cryptoCallbacks from './crypto_callbacks';
 import { MongoCryptInvalidArgumentError } from './errors';
 import { MongocryptdManager } from './mongocryptd_manager';
@@ -26,85 +28,7 @@ export interface AutoEncryptionOptions {
   /** The namespace where keys are stored in the key vault */
   keyVaultNamespace?: string;
   /** Configuration options that are used by specific KMS providers during key generation, encryption, and decryption. */
-  kmsProviders?: {
-    /** Configuration options for using 'aws' as your KMS provider */
-    aws?:
-      | {
-          /** The access key used for the AWS KMS provider */
-          accessKeyId: string;
-          /** The secret access key used for the AWS KMS provider */
-          secretAccessKey: string;
-          /**
-           * An optional AWS session token that will be used as the
-           * X-Amz-Security-Token header for AWS requests.
-           */
-          sessionToken?: string;
-        }
-      | Record<string, never>;
-    /** Configuration options for using 'local' as your KMS provider */
-    local?: {
-      /**
-       * The master key used to encrypt/decrypt data keys.
-       * A 96-byte long Buffer or base64 encoded string.
-       */
-      key: Buffer | string;
-    };
-    /** Configuration options for using 'azure' as your KMS provider */
-    azure?:
-      | {
-          /** The tenant ID identifies the organization for the account */
-          tenantId: string;
-          /** The client ID to authenticate a registered application */
-          clientId: string;
-          /** The client secret to authenticate a registered application */
-          clientSecret: string;
-          /**
-           * If present, a host with optional port. E.g. "example.com" or "example.com:443".
-           * This is optional, and only needed if customer is using a non-commercial Azure instance
-           * (e.g. a government or China account, which use different URLs).
-           * Defaults to "login.microsoftonline.com"
-           */
-          identityPlatformEndpoint?: string | undefined;
-        }
-      | {
-          /**
-           * If present, an access token to authenticate with Azure.
-           */
-          accessToken: string;
-        }
-      | Record<string, never>;
-    /** Configuration options for using 'gcp' as your KMS provider */
-    gcp?:
-      | {
-          /** The service account email to authenticate */
-          email: string;
-          /** A PKCS#8 encrypted key. This can either be a base64 string or a binary representation */
-          privateKey: string | Buffer;
-          /**
-           * If present, a host with optional port. E.g. "example.com" or "example.com:443".
-           * Defaults to "oauth2.googleapis.com"
-           */
-          endpoint?: string | undefined;
-        }
-      | {
-          /**
-           * If present, an access token to authenticate with GCP.
-           */
-          accessToken: string;
-        }
-      | Record<string, never>;
-    /**
-     * Configuration options for using 'kmip' as your KMS provider
-     */
-    kmip?: {
-      /**
-       * The output endpoint string.
-       * The endpoint consists of a hostname and port separated by a colon.
-       * E.g. "example.com:123". A port is always present.
-       */
-      endpoint?: string;
-    };
-  };
+  kmsProviders?: KMSProviders;
   /**
    * A map of namespaces to a local JSON schema for encryption
    *
@@ -375,10 +299,20 @@ export class AutoEncrypter {
         serverSelectionTimeoutMS: 10000
       };
 
-      if (options.extraOptions == null || typeof options.extraOptions.mongocryptdURI !== 'string') {
+      if (
+        (options.extraOptions == null || typeof options.extraOptions.mongocryptdURI !== 'string') &&
+        !net.getDefaultAutoSelectFamily
+      ) {
+        // Only set family if autoSelectFamily options are not supported.
         clientOptions.family = 4;
       }
 
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore: TS complains as this always returns true on versions where it is present.
+      if (net.getDefaultAutoSelectFamily) {
+        Object.assign(clientOptions, autoSelectSocketOptions(this._client.options));
+      }
+
       this._mongocryptdClient = new MongoClient(this._mongocryptdManager.uri, clientOptions);
     }
   }
@@ -457,7 +391,8 @@ export class AutoEncrypter {
       promoteValues: false,
       promoteLongs: false,
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     return deserialize(await stateMachine.execute(this, context), {
@@ -477,7 +412,8 @@ export class AutoEncrypter {
     const stateMachine = new StateMachine({
       ...options,
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     return await stateMachine.execute(this, context);

package/src/client-side-encryption/client_encryption.ts

@@ -5,14 +5,22 @@ import type {
   MongoCryptOptions
 } from 'mongodb-client-encryption';
 
-import { type Binary, deserialize, type Document, type Long, serialize, type UUID } from '../bson';
+import {
+  type Binary,
+  deserialize,
+  type Document,
+  type Int32,
+  type Long,
+  serialize,
+  type UUID
+} from '../bson';
 import { type AnyBulkWriteOperation, type BulkWriteResult } from '../bulk/common';
 import { type ProxyOptions } from '../cmap/connection';
 import { type Collection } from '../collection';
 import { type FindCursor } from '../cursor/find_cursor';
 import { type Db } from '../db';
 import { getMongoDBClientEncryption } from '../deps';
-import { type MongoClient } from '../mongo_client';
+import { type MongoClient, type MongoClientOptions } from '../mongo_client';
 import { type Filter, type WithId } from '../mongo_types';
 import { type CreateCollectionOptions } from '../operations/create_collection';
 import { type DeleteResult } from '../operations/delete';
@@ -28,7 +36,11 @@ import {
   type KMSProviders,
   refreshKMSCredentials
 } from './providers/index';
-import { type CSFLEKMSTlsOptions, StateMachine } from './state_machine';
+import {
+  type ClientEncryptionSocketOptions,
+  type CSFLEKMSTlsOptions,
+  StateMachine
+} from './state_machine';
 
 /**
  * @public
@@ -199,7 +211,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const dataKey = deserialize(await stateMachine.execute(this, context)) as DataKey;
@@ -256,7 +269,8 @@ export class ClientEncryption {
     const context = this._mongoCrypt.makeRewrapManyDataKeyContext(filterBson, keyEncryptionKeyBson);
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const { v: dataKeys } = deserialize(await stateMachine.execute(this, context));
@@ -595,9 +609,7 @@ export class ClientEncryption {
   /**
    * Encrypts a Match Expression or Aggregate Expression to query a range index.
    *
-   * Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
-   *
-   * @experimental The Range algorithm is experimental only. It is not intended for production use. It is subject to breaking changes.
+   * Only supported when queryType is "range" and algorithm is "Range".
    *
    * @param expression - a BSON document of one of the following forms:
    *  1. A Match Expression of this form:
@@ -637,7 +649,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const { v } = deserialize(await stateMachine.execute(this, context));
@@ -715,7 +728,8 @@ export class ClientEncryption {
     const valueBuffer = serialize({ v: value });
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
     const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);
 
@@ -737,7 +751,7 @@ export interface ClientEncryptionEncryptOptions {
     | 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'
     | 'Indexed'
     | 'Unindexed'
-    | 'RangePreview';
+    | 'Range';
 
   /**
    * The id of the Binary dataKey to use for encryption
@@ -753,13 +767,11 @@ export interface ClientEncryptionEncryptOptions {
   contentionFactor?: bigint | number;
 
   /**
-   * The query type supported.  Only the queryType `equality` is stable.
-   *
-   * @experimental Public Technical Preview: The queryType `rangePreview` is experimental.
+   * The query type.
    */
-  queryType?: 'equality' | 'rangePreview';
+  queryType?: 'equality' | 'range';
 
-  /** @experimental Public Technical Preview: The index options for a Queryable Encryption field supporting "rangePreview" queries.*/
+  /** The index options for a Queryable Encryption field supporting "range" queries.*/
   rangeOptions?: RangeOptions;
 }
 
@@ -947,52 +959,37 @@ export interface ClientEncryptionRewrapManyDataKeyResult {
 
 /**
  * @public
- * RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
- * min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
+ * RangeOptions specifies index options for a Queryable Encryption field supporting "range" queries.
+ * min, max, sparsity, trimFactor and range must match the values set in the encryptedFields of the destination collection.
  * For double and decimal128, min/max/precision must all be set, or all be unset.
  */
 export interface RangeOptions {
+  /** min is the minimum value for the encrypted index. Required if precision is set. */
   min?: any;
+  /** max is the minimum value for the encrypted index. Required if precision is set. */
   max?: any;
-  sparsity: Long;
+  /** sparsity may be used to tune performance. must be non-negative. When omitted, a default value is used. */
+  sparsity?: Long | bigint;
+  /** trimFactor may be used to tune performance. must be non-negative. When omitted, a default value is used. */
+  trimFactor?: Int32 | number;
+  /* precision determines the number of significant digits after the decimal point. May only be set for double or decimal128. */
   precision?: number;
 }
 
 /**
- * @public
- * Options to provide when encrypting data.
+ * Get the socket options from the client.
+ * @param baseOptions - The mongo client options.
+ * @returns ClientEncryptionSocketOptions
  */
-export interface ClientEncryptionEncryptOptions {
-  /**
-   * The algorithm to use for encryption.
-   */
-  algorithm:
-    | 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
-    | 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'
-    | 'Indexed'
-    | 'Unindexed'
-    | 'RangePreview';
-
-  /**
-   * The id of the Binary dataKey to use for encryption
-   */
-  keyId?: Binary;
-
-  /**
-   * A unique string name corresponding to an already existing dataKey.
-   */
-  keyAltName?: string;
-
-  /** The contention factor. */
-  contentionFactor?: bigint | number;
-
-  /**
-   * The query type supported.  Only the queryType `equality` is stable.
-   *
-   * @experimental Public Technical Preview: The queryType `rangePreview` is experimental.
-   */
-  queryType?: 'equality' | 'rangePreview';
-
-  /** @experimental Public Technical Preview: The index options for a Queryable Encryption field supporting "rangePreview" queries.*/
-  rangeOptions?: RangeOptions;
+export function autoSelectSocketOptions(
+  baseOptions: MongoClientOptions
+): ClientEncryptionSocketOptions {
+  const options: ClientEncryptionSocketOptions = { autoSelectFamily: true };
+  if ('autoSelectFamily' in baseOptions) {
+    options.autoSelectFamily = baseOptions.autoSelectFamily;
+  }
+  if ('autoSelectFamilyAttemptTimeout' in baseOptions) {
+    options.autoSelectFamilyAttemptTimeout = baseOptions.autoSelectFamilyAttemptTimeout;
+  }
+  return options;
 }

package/src/client-side-encryption/mongocryptd_manager.ts

@@ -12,8 +12,8 @@ export class MongocryptdManager {
 
   uri: string;
   bypassSpawn: boolean;
-  spawnPath: string;
-  spawnArgs: Array<string>;
+  spawnPath = '';
+  spawnArgs: Array<string> = [];
   _child?: ChildProcess;
 
   constructor(extraOptions: AutoEncryptionExtraOptions = {}) {
@@ -24,9 +24,13 @@ export class MongocryptdManager {
 
     this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
 
-    this.spawnPath = extraOptions.mongocryptdSpawnPath || '';
-    this.spawnArgs = [];
-    if (Array.isArray(extraOptions.mongocryptdSpawnArgs)) {
+    if (Object.hasOwn(extraOptions, 'mongocryptdSpawnPath') && extraOptions.mongocryptdSpawnPath) {
+      this.spawnPath = extraOptions.mongocryptdSpawnPath;
+    }
+    if (
+      Object.hasOwn(extraOptions, 'mongocryptdSpawnArgs') &&
+      Array.isArray(extraOptions.mongocryptdSpawnArgs)
+    ) {
       this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
     }
     if (
@@ -45,7 +49,7 @@ export class MongocryptdManager {
   async spawn(): Promise<void> {
     const cmdName = this.spawnPath || 'mongocryptd';
 
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
     const { spawn } = require('child_process') as typeof import('child_process');
 
     // Spawned with stdio: ignore and detached: true

package/src/client-side-encryption/state_machine.ts

@@ -14,7 +14,7 @@ import { type ProxyOptions } from '../cmap/connection';
 import { getSocks, type SocksLib } from '../deps';
 import { type MongoClient, type MongoClientOptions } from '../mongo_client';
 import { BufferPool, MongoDBCollectionNamespace, promiseWithResolvers } from '../utils';
-import { type DataKey } from './client_encryption';
+import { autoSelectSocketOptions, type DataKey } from './client_encryption';
 import { MongoCryptError } from './errors';
 import { type MongocryptdManager } from './mongocryptd_manager';
 import { type KMSProviders } from './providers';
@@ -114,6 +114,16 @@ export type CSFLEKMSTlsOptions = {
   [key: string]: ClientEncryptionTlsOptions | undefined;
 };
 
+/**
+ * @public
+ *
+ * Socket options to use for KMS requests.
+ */
+export type ClientEncryptionSocketOptions = Pick<
+  MongoClientOptions,
+  'autoSelectFamily' | 'autoSelectFamilyAttemptTimeout'
+>;
+
 /**
  * This is kind of a hack.  For `rewrapManyDataKey`, we have tests that
  * guarantee that when there are no matching keys, `rewrapManyDataKey` returns
@@ -153,6 +163,9 @@ export type StateMachineOptions = {
 
   /** TLS options for KMS requests, if set. */
   tlsOptions: CSFLEKMSTlsOptions;
+
+  /** Socket specific options we support. */
+  socketOptions: ClientEncryptionSocketOptions;
 } & Pick<BSONSerializeOptions, 'promoteLongs' | 'promoteValues'>;
 
 /**
@@ -289,10 +302,17 @@ export class StateMachine {
   async kmsRequest(request: MongoCryptKMSRequest): Promise<void> {
     const parsedUrl = request.endpoint.split(':');
     const port = parsedUrl[1] != null ? Number.parseInt(parsedUrl[1], 10) : HTTPS_PORT;
-    const options: tls.ConnectionOptions & { host: string; port: number } = {
+    const socketOptions = autoSelectSocketOptions(this.options.socketOptions || {});
+    const options: tls.ConnectionOptions & {
+      host: string;
+      port: number;
+      autoSelectFamily?: boolean;
+      autoSelectFamilyAttemptTimeout?: number;
+    } = {
       host: parsedUrl[0],
       servername: parsedUrl[0],
-      port
+      port,
+      ...socketOptions
     };
     const message = request.message;
     const buffer = new BufferPool();
@@ -351,10 +371,12 @@ export class StateMachine {
 
     try {
       if (this.options.proxyOptions && this.options.proxyOptions.proxyHost) {
-        netSocket.connect({
+        const netSocketOptions = {
           host: this.options.proxyOptions.proxyHost,
-          port: this.options.proxyOptions.proxyPort || 1080
-        });
+          port: this.options.proxyOptions.proxyPort || 1080,
+          ...socketOptions
+        };
+        netSocket.connect(netSocketOptions);
         await willConnect;
 
         try {

package/src/cmap/auth/gssapi.ts

@@ -168,7 +168,7 @@ export async function performGSSAPICanonicalizeHostName(
       const results = await dns.promises.resolvePtr(address);
       // If the ptr did not error but had no results, return the host.
       return results.length > 0 ? results[0] : host;
-    } catch (error) {
+    } catch {
       // This can error as ptr records may not exist for all ips. In this case
       // fallback to a cname lookup as dns.lookup() does not return the
       // cname.

package/src/cmap/auth/mongodb_aws.ts

@@ -78,8 +78,8 @@ export class MongoDBAWS extends AuthProvider {
       accessKeyId && secretAccessKey && sessionToken
         ? { accessKeyId, secretAccessKey, sessionToken }
         : accessKeyId && secretAccessKey
-        ? { accessKeyId, secretAccessKey }
-        : undefined;
+          ? { accessKeyId, secretAccessKey }
+          : undefined;
 
     const db = credentials.source;
     const nonce = await randomBytes(32);