Meteor.js v3.1.1 is out! 🎉

Based on your stack trace, the issue happens from the collection2 library, which uses an outdated method for configuring allow/deny rules. The problem isn’t with updateAsync as a Mongo operation or any other, but rather with how these allow/deny rules are set up to let client operations affect the server directly.

Previously, both update and updateAsync could be used within collection.allow({ <here> }). This duplication added no value, as allow/deny rules only need a single validator for client operations, regardless of whether the operations are async or sync.

In 3.1.1 onwards, allow/deny validators are configured solely through insert, update, and remove options, which can include async validation logic. We’ve also made additional fixes in our revision of this feature, as happened on this PR: Tweaks on allow/deny rules by nachocodoner · Pull Request #13499 · meteor/meteor · GitHub

Community packages, like collection2, must stay updated with the latest standards. You can use METEOR_NO_DEPRECATION to ignore warnings, even with a regex to target only allow/deny ones. However, it’s good when seeing them to report these issues or fixes for these packages to address deprecations and prepare for breaking changes in future Meteor minor versions.

Regarding this we have been discussing it on a github issue here, GitHub · Where software is built

We will probably asses to solve this by forking a library used internally that uses deprected way to extend objects.

Thanks for these explanations!

@grubba I think 3.1.1 is not yet the recommended version. Is that right?
I still get “Not updating the release, because this app is at a newer release (METEOR@3.1.1) than the latest recommended release (METEOR@3.0.4)”

No, not yet; we are working in a 3.1.2 as mentioned in the Weekly Update, February 3rd, 2025

Ok, I read the updates as they come but I guess this is the first time I understand how you promote the recommended versions :).