mongodb 6.8.2 → 6.9.0-dev.20240917.sha.20396e1b

package/src/client-side-encryption/client_encryption.ts

@@ -5,14 +5,22 @@ import type {
   MongoCryptOptions
 } from 'mongodb-client-encryption';
 
-import { type Binary, deserialize, type Document, type Long, serialize, type UUID } from '../bson';
+import {
+  type Binary,
+  deserialize,
+  type Document,
+  type Int32,
+  type Long,
+  serialize,
+  type UUID
+} from '../bson';
 import { type AnyBulkWriteOperation, type BulkWriteResult } from '../bulk/common';
 import { type ProxyOptions } from '../cmap/connection';
 import { type Collection } from '../collection';
 import { type FindCursor } from '../cursor/find_cursor';
 import { type Db } from '../db';
 import { getMongoDBClientEncryption } from '../deps';
-import { type MongoClient } from '../mongo_client';
+import { type MongoClient, type MongoClientOptions } from '../mongo_client';
 import { type Filter, type WithId } from '../mongo_types';
 import { type CreateCollectionOptions } from '../operations/create_collection';
 import { type DeleteResult } from '../operations/delete';
@@ -28,7 +36,11 @@ import {
   type KMSProviders,
   refreshKMSCredentials
 } from './providers/index';
-import { type CSFLEKMSTlsOptions, StateMachine } from './state_machine';
+import {
+  type ClientEncryptionSocketOptions,
+  type CSFLEKMSTlsOptions,
+  StateMachine
+} from './state_machine';
 
 /**
  * @public
@@ -199,7 +211,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const dataKey = deserialize(await stateMachine.execute(this, context)) as DataKey;
@@ -256,7 +269,8 @@ export class ClientEncryption {
     const context = this._mongoCrypt.makeRewrapManyDataKeyContext(filterBson, keyEncryptionKeyBson);
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const { v: dataKeys } = deserialize(await stateMachine.execute(this, context));
@@ -595,9 +609,7 @@ export class ClientEncryption {
   /**
    * Encrypts a Match Expression or Aggregate Expression to query a range index.
    *
-   * Only supported when queryType is "rangePreview" and algorithm is "RangePreview".
-   *
-   * @experimental The Range algorithm is experimental only. It is not intended for production use. It is subject to breaking changes.
+   * Only supported when queryType is "range" and algorithm is "Range".
    *
    * @param expression - a BSON document of one of the following forms:
    *  1. A Match Expression of this form:
@@ -637,7 +649,8 @@ export class ClientEncryption {
 
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
 
     const { v } = deserialize(await stateMachine.execute(this, context));
@@ -715,7 +728,8 @@ export class ClientEncryption {
     const valueBuffer = serialize({ v: value });
     const stateMachine = new StateMachine({
       proxyOptions: this._proxyOptions,
-      tlsOptions: this._tlsOptions
+      tlsOptions: this._tlsOptions,
+      socketOptions: autoSelectSocketOptions(this._client.options)
     });
     const context = this._mongoCrypt.makeExplicitEncryptionContext(valueBuffer, contextOptions);
 
@@ -737,7 +751,7 @@ export interface ClientEncryptionEncryptOptions {
     | 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'
     | 'Indexed'
     | 'Unindexed'
-    | 'RangePreview';
+    | 'Range';
 
   /**
    * The id of the Binary dataKey to use for encryption
@@ -753,13 +767,11 @@ export interface ClientEncryptionEncryptOptions {
   contentionFactor?: bigint | number;
 
   /**
-   * The query type supported.  Only the queryType `equality` is stable.
-   *
-   * @experimental Public Technical Preview: The queryType `rangePreview` is experimental.
+   * The query type.
    */
-  queryType?: 'equality' | 'rangePreview';
+  queryType?: 'equality' | 'range';
 
-  /** @experimental Public Technical Preview: The index options for a Queryable Encryption field supporting "rangePreview" queries.*/
+  /** The index options for a Queryable Encryption field supporting "range" queries.*/
   rangeOptions?: RangeOptions;
 }
 
@@ -947,52 +959,37 @@ export interface ClientEncryptionRewrapManyDataKeyResult {
 
 /**
  * @public
- * RangeOptions specifies index options for a Queryable Encryption field supporting "rangePreview" queries.
- * min, max, sparsity, and range must match the values set in the encryptedFields of the destination collection.
+ * RangeOptions specifies index options for a Queryable Encryption field supporting "range" queries.
+ * min, max, sparsity, trimFactor and range must match the values set in the encryptedFields of the destination collection.
  * For double and decimal128, min/max/precision must all be set, or all be unset.
  */
 export interface RangeOptions {
+  /** min is the minimum value for the encrypted index. Required if precision is set. */
   min?: any;
+  /** max is the minimum value for the encrypted index. Required if precision is set. */
   max?: any;
-  sparsity: Long;
+  /** sparsity may be used to tune performance. must be non-negative. When omitted, a default value is used. */
+  sparsity?: Long | bigint;
+  /** trimFactor may be used to tune performance. must be non-negative. When omitted, a default value is used. */
+  trimFactor?: Int32 | number;
+  /* precision determines the number of significant digits after the decimal point. May only be set for double or decimal128. */
   precision?: number;
 }
 
 /**
- * @public
- * Options to provide when encrypting data.
+ * Get the socket options from the client.
+ * @param baseOptions - The mongo client options.
+ * @returns ClientEncryptionSocketOptions
  */
-export interface ClientEncryptionEncryptOptions {
-  /**
-   * The algorithm to use for encryption.
-   */
-  algorithm:
-    | 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
-    | 'AEAD_AES_256_CBC_HMAC_SHA_512-Random'
-    | 'Indexed'
-    | 'Unindexed'
-    | 'RangePreview';
-
-  /**
-   * The id of the Binary dataKey to use for encryption
-   */
-  keyId?: Binary;
-
-  /**
-   * A unique string name corresponding to an already existing dataKey.
-   */
-  keyAltName?: string;
-
-  /** The contention factor. */
-  contentionFactor?: bigint | number;
-
-  /**
-   * The query type supported.  Only the queryType `equality` is stable.
-   *
-   * @experimental Public Technical Preview: The queryType `rangePreview` is experimental.
-   */
-  queryType?: 'equality' | 'rangePreview';
-
-  /** @experimental Public Technical Preview: The index options for a Queryable Encryption field supporting "rangePreview" queries.*/
-  rangeOptions?: RangeOptions;
+export function autoSelectSocketOptions(
+  baseOptions: MongoClientOptions
+): ClientEncryptionSocketOptions {
+  const options: ClientEncryptionSocketOptions = { autoSelectFamily: true };
+  if ('autoSelectFamily' in baseOptions) {
+    options.autoSelectFamily = baseOptions.autoSelectFamily;
+  }
+  if ('autoSelectFamilyAttemptTimeout' in baseOptions) {
+    options.autoSelectFamilyAttemptTimeout = baseOptions.autoSelectFamilyAttemptTimeout;
+  }
+  return options;
 }

package/src/client-side-encryption/mongocryptd_manager.ts

@@ -12,8 +12,8 @@ export class MongocryptdManager {
 
   uri: string;
   bypassSpawn: boolean;
-  spawnPath: string;
-  spawnArgs: Array<string>;
+  spawnPath = '';
+  spawnArgs: Array<string> = [];
   _child?: ChildProcess;
 
   constructor(extraOptions: AutoEncryptionExtraOptions = {}) {
@@ -24,9 +24,13 @@ export class MongocryptdManager {
 
     this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
 
-    this.spawnPath = extraOptions.mongocryptdSpawnPath || '';
-    this.spawnArgs = [];
-    if (Array.isArray(extraOptions.mongocryptdSpawnArgs)) {
+    if (Object.hasOwn(extraOptions, 'mongocryptdSpawnPath') && extraOptions.mongocryptdSpawnPath) {
+      this.spawnPath = extraOptions.mongocryptdSpawnPath;
+    }
+    if (
+      Object.hasOwn(extraOptions, 'mongocryptdSpawnArgs') &&
+      Array.isArray(extraOptions.mongocryptdSpawnArgs)
+    ) {
       this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
     }
     if (
@@ -45,7 +49,7 @@ export class MongocryptdManager {
   async spawn(): Promise<void> {
     const cmdName = this.spawnPath || 'mongocryptd';
 
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
     const { spawn } = require('child_process') as typeof import('child_process');
 
     // Spawned with stdio: ignore and detached: true

package/src/client-side-encryption/state_machine.ts

@@ -14,7 +14,7 @@ import { type ProxyOptions } from '../cmap/connection';
 import { getSocks, type SocksLib } from '../deps';
 import { type MongoClient, type MongoClientOptions } from '../mongo_client';
 import { BufferPool, MongoDBCollectionNamespace, promiseWithResolvers } from '../utils';
-import { type DataKey } from './client_encryption';
+import { autoSelectSocketOptions, type DataKey } from './client_encryption';
 import { MongoCryptError } from './errors';
 import { type MongocryptdManager } from './mongocryptd_manager';
 import { type KMSProviders } from './providers';
@@ -114,6 +114,16 @@ export type CSFLEKMSTlsOptions = {
   [key: string]: ClientEncryptionTlsOptions | undefined;
 };
 
+/**
+ * @public
+ *
+ * Socket options to use for KMS requests.
+ */
+export type ClientEncryptionSocketOptions = Pick<
+  MongoClientOptions,
+  'autoSelectFamily' | 'autoSelectFamilyAttemptTimeout'
+>;
+
 /**
  * This is kind of a hack.  For `rewrapManyDataKey`, we have tests that
  * guarantee that when there are no matching keys, `rewrapManyDataKey` returns
@@ -153,6 +163,9 @@ export type StateMachineOptions = {
 
   /** TLS options for KMS requests, if set. */
   tlsOptions: CSFLEKMSTlsOptions;
+
+  /** Socket specific options we support. */
+  socketOptions: ClientEncryptionSocketOptions;
 } & Pick<BSONSerializeOptions, 'promoteLongs' | 'promoteValues'>;
 
 /**
@@ -289,10 +302,17 @@ export class StateMachine {
   async kmsRequest(request: MongoCryptKMSRequest): Promise<void> {
     const parsedUrl = request.endpoint.split(':');
     const port = parsedUrl[1] != null ? Number.parseInt(parsedUrl[1], 10) : HTTPS_PORT;
-    const options: tls.ConnectionOptions & { host: string; port: number } = {
+    const socketOptions = autoSelectSocketOptions(this.options.socketOptions || {});
+    const options: tls.ConnectionOptions & {
+      host: string;
+      port: number;
+      autoSelectFamily?: boolean;
+      autoSelectFamilyAttemptTimeout?: number;
+    } = {
       host: parsedUrl[0],
       servername: parsedUrl[0],
-      port
+      port,
+      ...socketOptions
     };
     const message = request.message;
     const buffer = new BufferPool();
@@ -351,10 +371,12 @@ export class StateMachine {
 
     try {
       if (this.options.proxyOptions && this.options.proxyOptions.proxyHost) {
-        netSocket.connect({
+        const netSocketOptions = {
           host: this.options.proxyOptions.proxyHost,
-          port: this.options.proxyOptions.proxyPort || 1080
-        });
+          port: this.options.proxyOptions.proxyPort || 1080,
+          ...socketOptions
+        };
+        netSocket.connect(netSocketOptions);
         await willConnect;
 
         try {

package/src/cmap/auth/gssapi.ts

@@ -168,7 +168,7 @@ export async function performGSSAPICanonicalizeHostName(
       const results = await dns.promises.resolvePtr(address);
       // If the ptr did not error but had no results, return the host.
       return results.length > 0 ? results[0] : host;
-    } catch (error) {
+    } catch {
       // This can error as ptr records may not exist for all ips. In this case
       // fallback to a cname lookup as dns.lookup() does not return the
       // cname.

package/src/cmap/auth/mongo_credentials.ts

@@ -20,15 +20,10 @@ function getDefaultAuthMechanism(hello: Document | null): AuthMechanism {
         ? AuthMechanism.MONGODB_SCRAM_SHA256
         : AuthMechanism.MONGODB_SCRAM_SHA1;
     }
-
-    // Fallback to legacy selection method. If wire version >= 3, use scram-sha-1
-    if (hello.maxWireVersion >= 3) {
-      return AuthMechanism.MONGODB_SCRAM_SHA1;
-    }
   }
 
-  // Default for wireprotocol < 3
-  return AuthMechanism.MONGODB_CR;
+  // Default auth mechanism for 4.0 and higher.
+  return AuthMechanism.MONGODB_SCRAM_SHA256;
 }
 
 const ALLOWED_ENVIRONMENT_NAMES: AuthMechanismProperties['ENVIRONMENT'][] = [
@@ -173,7 +168,6 @@ export class MongoCredentials {
   validate(): void {
     if (
       (this.mechanism === AuthMechanism.MONGODB_GSSAPI ||
-        this.mechanism === AuthMechanism.MONGODB_CR ||
         this.mechanism === AuthMechanism.MONGODB_PLAIN ||
         this.mechanism === AuthMechanism.MONGODB_SCRAM_SHA1 ||
         this.mechanism === AuthMechanism.MONGODB_SCRAM_SHA256) &&

package/src/cmap/auth/mongodb_aws.ts

@@ -78,8 +78,8 @@ export class MongoDBAWS extends AuthProvider {
       accessKeyId && secretAccessKey && sessionToken
         ? { accessKeyId, secretAccessKey, sessionToken }
         : accessKeyId && secretAccessKey
-        ? { accessKeyId, secretAccessKey }
-        : undefined;
+          ? { accessKeyId, secretAccessKey }
+          : undefined;
 
     const db = credentials.source;
     const nonce = await randomBytes(32);

package/src/cmap/auth/mongodb_oidc/callback_workflow.ts

@@ -160,9 +160,9 @@ export abstract class CallbackWorkflow implements Workflow {
       // previous lock, only the current callback's value would get returned.
       await lock;
       lock = lock
-        // eslint-disable-next-line github/no-then
+
         .catch(() => null)
-        // eslint-disable-next-line github/no-then
+
         .then(async () => {
           const difference = Date.now() - this.lastExecutionTime;
           if (difference <= THROTTLE_MS) {

package/src/cmap/auth/mongodb_oidc/machine_workflow.ts

@@ -115,9 +115,9 @@ export abstract class MachineWorkflow implements Workflow {
       // previous lock, only the current callback's value would get returned.
       await lock;
       lock = lock
-        // eslint-disable-next-line github/no-then
+
         .catch(() => null)
-        // eslint-disable-next-line github/no-then
+
         .then(async () => {
           const difference = Date.now() - this.lastExecutionTime;
           if (difference <= THROTTLE_MS) {

package/src/cmap/commands.ts

@@ -30,6 +30,8 @@ const QUERY_FAILURE = 2;
 const SHARD_CONFIG_STALE = 4;
 const AWAIT_CAPABLE = 8;
 
+const encodeUTF8Into = BSON.BSON.onDemand.ByteUtils.encodeUTF8Into;
+
 /** @internal */
 export type WriteProtocolMessageType = OpQueryRequest | OpMsgRequest;
 
@@ -73,7 +75,11 @@ export class OpQueryRequest {
   exhaust: boolean;
   partial: boolean;
 
-  constructor(public databaseName: string, public query: Document, options: OpQueryOptions) {
+  constructor(
+    public databaseName: string,
+    public query: Document,
+    options: OpQueryOptions
+  ) {
     // Basic options needed to be passed in
     // TODO(NODE-3483): Replace with MongoCommandError
     const ns = `${databaseName}.$cmd`;
@@ -411,6 +417,15 @@ export interface OpMsgOptions {
   readPreference: ReadPreference;
 }
 
+/** @internal */
+export class DocumentSequence {
+  documents: Document[];
+
+  constructor(documents: Document[]) {
+    this.documents = documents;
+  }
+}
+
 /** @internal */
 export class OpMsgRequest {
   requestId: number;
@@ -480,7 +495,7 @@ export class OpMsgRequest {
 
     let totalLength = header.length;
     const command = this.command;
-    totalLength += this.makeDocumentSegment(buffers, command);
+    totalLength += this.makeSections(buffers, command);
 
     header.writeInt32LE(totalLength, 0); // messageLength
     header.writeInt32LE(this.requestId, 4); // requestID
@@ -490,15 +505,65 @@ export class OpMsgRequest {
     return buffers;
   }
 
-  makeDocumentSegment(buffers: Uint8Array[], document: Document): number {
-    const payloadTypeBuffer = Buffer.alloc(1);
+  /**
+   * Add the sections to the OP_MSG request's buffers and returns the length.
+   */
+  makeSections(buffers: Uint8Array[], document: Document): number {
+    const sequencesBuffer = this.extractDocumentSequences(document);
+    const payloadTypeBuffer = Buffer.allocUnsafe(1);
     payloadTypeBuffer[0] = 0;
 
     const documentBuffer = this.serializeBson(document);
+    // First section, type 0
     buffers.push(payloadTypeBuffer);
     buffers.push(documentBuffer);
+    // Subsequent sections, type 1
+    buffers.push(sequencesBuffer);
+
+    return payloadTypeBuffer.length + documentBuffer.length + sequencesBuffer.length;
+  }
 
-    return payloadTypeBuffer.length + documentBuffer.length;
+  /**
+   * Extracts the document sequences from the command document and returns
+   * a buffer to be added as multiple sections after the initial type 0
+   * section in the message.
+   */
+  extractDocumentSequences(document: Document): Uint8Array {
+    // Pull out any field in the command document that's value is a document sequence.
+    const chunks = [];
+    for (const [key, value] of Object.entries(document)) {
+      if (value instanceof DocumentSequence) {
+        // Document sequences starts with type 1 at the first byte.
+        const buffer = Buffer.allocUnsafe(1 + 4 + key.length);
+        buffer[0] = 1;
+        // Third part is the field name at offset 5.
+        encodeUTF8Into(buffer, key, 5);
+        chunks.push(buffer);
+        // Fourth part are the documents' bytes.
+        let docsLength = 0;
+        for (const doc of value.documents) {
+          const docBson = this.serializeBson(doc);
+          docsLength += docBson.length;
+          chunks.push(docBson);
+        }
+        // Second part of the sequence is the length at offset 1;
+        buffer.writeInt32LE(key.length + docsLength, 1);
+        // Why are we removing the field from the command? This is because it needs to be
+        // removed in the OP_MSG request first section, and DocumentSequence is not a
+        // BSON type and is specific to the MongoDB wire protocol so there's nothing
+        // our BSON serializer can do about this. Since DocumentSequence is not exposed
+        // in the public API and only used internally, we are never mutating an original
+        // command provided by the user, just our own, and it's cheaper to delete from
+        // our own command than copying it.
+        delete document[key];
+      }
+    }
+    if (chunks.length > 0) {
+      return Buffer.concat(chunks);
+    }
+    // If we have no document sequences we return an empty buffer for nothing to add
+    // to the payload.
+    return Buffer.alloc(0);
   }
 
   serializeBson(document: Document): Uint8Array {

package/src/cmap/connect.ts

@@ -164,7 +164,7 @@ export async function performInitialHandshake(
     } catch (error) {
       if (error instanceof MongoError) {
         error.addErrorLabel(MongoErrorLabel.HandshakeError);
-        if (needsRetryableWriteLabel(error, response.maxWireVersion)) {
+        if (needsRetryableWriteLabel(error, response.maxWireVersion, conn.description.type)) {
           error.addErrorLabel(MongoErrorLabel.RetryableWriteError);
         }
       }
@@ -249,6 +249,7 @@ export async function prepareHandshakeDocument(
 
 /** @public */
 export const LEGAL_TLS_SOCKET_OPTIONS = [
+  'allowPartialTrustChain',
   'ALPNProtocols',
   'ca',
   'cert',
@@ -269,6 +270,8 @@ export const LEGAL_TLS_SOCKET_OPTIONS = [
 
 /** @public */
 export const LEGAL_TCP_SOCKET_OPTIONS = [
+  'autoSelectFamily',
+  'autoSelectFamilyAttemptTimeout',
   'family',
   'hints',
   'localAddress',

package/src/cmap/connection.ts

@@ -333,7 +333,7 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
 
     this.socket.destroy();
     this.error = error;
-    // eslint-disable-next-line github/no-then
+
     this.dataEvents?.throw(error).then(undefined, squashError);
     this.closed = true;
     this.emit(Connection.CLOSE);
@@ -603,7 +603,7 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
       }
       throw new MongoUnexpectedServerResponseError('Server ended moreToCome unexpectedly');
     };
-    // eslint-disable-next-line github/no-then
+
     exhaustLoop().then(undefined, replyListener);
   }
 

package/src/cmap/connection_pool.ts

@@ -27,7 +27,7 @@ import {
 import { CancellationToken, TypedEventEmitter } from '../mongo_types';
 import type { Server } from '../sdam/server';
 import { Timeout, TimeoutError } from '../timeout';
-import { type Callback, List, makeCounter, promiseWithResolvers } from '../utils';
+import { type Callback, List, makeCounter, now, promiseWithResolvers } from '../utils';
 import { connect } from './connect';
 import { Connection, type ConnectionEvents, type ConnectionOptions } from './connection';
 import {
@@ -104,6 +104,7 @@ export interface WaitQueueMember {
   reject: (err: AnyError) => void;
   timeout: Timeout;
   [kCancelled]?: boolean;
+  checkoutTime: number;
 }
 
 /** @internal */
@@ -355,6 +356,7 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
    * explicitly destroyed by the new owner.
    */
   async checkOut(): Promise<Connection> {
+    const checkoutTime = now();
     this.emitAndLog(
       ConnectionPool.CONNECTION_CHECK_OUT_STARTED,
       new ConnectionCheckOutStartedEvent(this)
@@ -369,7 +371,8 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
     const waitQueueMember: WaitQueueMember = {
       resolve,
       reject,
-      timeout
+      timeout,
+      checkoutTime
     };
 
     this[kWaitQueue].push(waitQueueMember);
@@ -385,7 +388,7 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
 
         this.emitAndLog(
           ConnectionPool.CONNECTION_CHECK_OUT_FAILED,
-          new ConnectionCheckOutFailedEvent(this, 'timeout')
+          new ConnectionCheckOutFailedEvent(this, 'timeout', waitQueueMember.checkoutTime)
         );
         const timeoutError = new WaitQueueTimeoutError(
           this.loadBalanced
@@ -629,12 +632,12 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
 
     this[kPending]++;
     // This is our version of a "virtual" no-I/O connection as the spec requires
+    const connectionCreatedTime = now();
     this.emitAndLog(
       ConnectionPool.CONNECTION_CREATED,
       new ConnectionCreatedEvent(this, { id: connectOptions.id })
     );
 
-    // eslint-disable-next-line github/no-then
     connect(connectOptions).then(
       connection => {
         // The pool might have closed since we started trying to create a connection
@@ -670,7 +673,7 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
         connection.markAvailable();
         this.emitAndLog(
           ConnectionPool.CONNECTION_READY,
-          new ConnectionReadyEvent(this, connection)
+          new ConnectionReadyEvent(this, connection, connectionCreatedTime)
         );
 
         this[kPending]--;
@@ -759,7 +762,7 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
         const error = this.closed ? new PoolClosedError(this) : new PoolClearedError(this);
         this.emitAndLog(
           ConnectionPool.CONNECTION_CHECK_OUT_FAILED,
-          new ConnectionCheckOutFailedEvent(this, reason, error)
+          new ConnectionCheckOutFailedEvent(this, reason, waitQueueMember.checkoutTime, error)
         );
         waitQueueMember.timeout.clear();
         this[kWaitQueue].shift();
@@ -780,7 +783,7 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
         this[kCheckedOut].add(connection);
         this.emitAndLog(
           ConnectionPool.CONNECTION_CHECKED_OUT,
-          new ConnectionCheckedOutEvent(this, connection)
+          new ConnectionCheckedOutEvent(this, connection, waitQueueMember.checkoutTime)
         );
         waitQueueMember.timeout.clear();
 
@@ -809,14 +812,19 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
             this.emitAndLog(
               ConnectionPool.CONNECTION_CHECK_OUT_FAILED,
               // TODO(NODE-5192): Remove this cast
-              new ConnectionCheckOutFailedEvent(this, 'connectionError', err as MongoError)
+              new ConnectionCheckOutFailedEvent(
+                this,
+                'connectionError',
+                waitQueueMember.checkoutTime,
+                err as MongoError
+              )
             );
             waitQueueMember.reject(err);
           } else if (connection) {
             this[kCheckedOut].add(connection);
             this.emitAndLog(
               ConnectionPool.CONNECTION_CHECKED_OUT,
-              new ConnectionCheckedOutEvent(this, connection)
+              new ConnectionCheckedOutEvent(this, connection, waitQueueMember.checkoutTime)
             );
             waitQueueMember.resolve(connection);
           }