Bump connect-mongo from 5.1.0 to 6.0.0

[dependabot]

Bumps connect-mongo from 5.1.0 to 6.0.0.

Release notes

Sourced from connect-mongo's releases.

v6.0.0

• Breaking: Requires Node.js 20.8+ (aligns with MongoDB driver 5–7 support).
• Compatibility: Supported/tested matrix: Node 20/22/24 + MongoDB driver 5.x–7.x + MongoDB server 4.4–8.0 (peer range remains >=5.0.0).
• Added: Optional timestamps flag to record createdAt/updatedAt on session documents for auditing while keeping the default schema unchanged.
• Added: Pluggable cryptoAdapter interface with helpers createWebCryptoAdapter (AES-GCM via Web Crypto API) and createKrupteinAdapter; legacy crypto options are auto-wrapped and mutually exclusive with cryptoAdapter to avoid ambiguity.
• Fixed: store.clear() now uses deleteMany({}) instead of collection.drop(), preserving TTL indexes and treating NamespaceNotFound as success so clears are idempotent.
• Fixed: Decryption failures in get() now short-circuit after the first callback, preventing double-callback regressions when the crypto secret is wrong.
• Packaging: npm package now ships dual ESM/CJS bundles via tsdown, with an explicit exports map and cleaned type declarations (.d.mts/.d.cts).
• Types: MongoStore and option hooks are strongly typed to avoid any leaks.

Changelog

Sourced from connect-mongo's changelog.

[6.0.0] - 2025-12-01

• Breaking: Requires Node.js 20.8+ (aligns with MongoDB driver 5–7 support).
• Compatibility: Supported/tested matrix: Node 20/22/24 + MongoDB driver 5.x–7.x + MongoDB server 4.4–8.0 (peer range remains >=5.0.0).
• Added: Optional timestamps flag to record createdAt/updatedAt on session documents for auditing while keeping the default schema unchanged.
• Added: Pluggable cryptoAdapter interface with helpers createWebCryptoAdapter (AES-GCM via Web Crypto API) and createKrupteinAdapter; legacy crypto options are auto-wrapped and mutually exclusive with cryptoAdapter to avoid ambiguity.
• Fixed: store.clear() now uses deleteMany({}) instead of collection.drop(), preserving TTL indexes and treating NamespaceNotFound as success so clears are idempotent.
• Fixed: Decryption failures in get() now short-circuit after the first callback, preventing double-callback regressions when the crypto secret is wrong.
• Packaging: npm package now ships dual ESM/CJS bundles via tsdown, with an explicit exports map and cleaned type declarations (.d.mts/.d.cts).
• Types: MongoStore and option hooks are strongly typed to avoid any leaks.

Commits

• 76818fa chore(release): 6.0.0
• aedeb55 docs: update CHANGELOG to prep 6.0.0 release
• bc3ac9f chore(release): 6.0.0-beta.0
• e45ede2 build: adjust standard-version config
• 169223f chore: various fix and minor typo
• 99ab313 test: fix upgrade test db clean up
• 0bab109 style: prettier is buggy
• 191b268 chore: upgrade minor dependency
• 8041ceb feat: add CryptoAdapter interface to allow custom encryption/decryption strat...
• b74d163 test: add ttl precedence and timestamps opt-in coverage
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)