Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mongoose from 8.2.0 to 8.6.3 #280

Closed

Conversation

arenault-pass
Copy link

Snyk has created this PR to upgrade mongoose from 8.2.0 to 8.6.3.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 26 versions ahead of your current version.
  • The recommended version was released 25 days ago, on 2024-09-17.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-FASTXMLPARSER-7573289
559/1000
Why? Has a fix available, CVSS 6.9
No Known Exploit
Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
559/1000
Why? Has a fix available, CVSS 6.9
Proof of Concept
Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
559/1000
Why? Has a fix available, CVSS 6.9
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 8.6.3 - 2024-09-17

    8.6.3 / 2024-09-17

    • fix: make getters convert uuid to string when calling toObject() and toJSON() #14890 #14869
    • fix: fix missing Aggregate re-exports for ESM #14886 wongsean
    • types(document): add generic param to depopulate() to allow updating properties #14891 #14876
  • 8.6.2 - 2024-09-11

    8.6.2 / 2024-09-11

  • 8.6.1 - 2024-09-03

    8.6.1 / 2024-09-03

    • fix(document): avoid unnecessary clone() in applyGetters() that was preventing getters from running on 3-level deep subdocuments #14844 #14840 #14835
    • fix(model): throw error if bulkSave() did not insert or update any documents #14837 #14763
    • fix(cursor): throw error in ChangeStream constructor if changeStreamThunk() throws a sync error #14846
    • types(query): add $expr to RootQuerySelector #14845
    • docs: update populate.md to fix missing match: { } #14847 makhoulshbeeb
  • 8.6.0 - 2024-08-28
  • 8.5.5 - 2024-08-28
  • 8.5.4 - 2024-08-23
  • 8.5.3 - 2024-08-13
  • 8.5.2 - 2024-07-30
  • 8.5.1 - 2024-07-12
  • 8.5.0 - 2024-07-08
  • 8.4.5 - 2024-07-05
  • 8.4.4 - 2024-06-25
  • 8.4.3 - 2024-06-17
  • 8.4.2 - 2024-06-17
  • 8.4.1 - 2024-05-31
  • 8.4.0 - 2024-05-17
  • 8.3.5 - 2024-05-15
  • 8.3.4 - 2024-05-06
  • 8.3.3 - 2024-04-29
  • 8.3.2 - 2024-04-16
  • 8.3.1 - 2024-04-08
  • 8.3.0 - 2024-04-03
  • 8.2.4 - 2024-03-28
  • 8.2.3 - 2024-03-21
  • 8.2.2 - 2024-03-15
  • 8.2.1 - 2024-03-04
  • 8.2.0 - 2024-02-22
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 8330f1e chore: release 8.6.3
  • 3902283 Merge pull request #14890 from Automattic/vkarpov15/gh-14869
  • 90f8af3 Merge pull request #14891 from Automattic/vkarpov15/gh-14876
  • 02162ff Update lib/schema/uuid.js
  • 499582a Update lib/schema/uuid.js
  • 78623ba types(document): add generic param to depopulate() to allow updating properties
  • 5b5f3d8 style: fix lint
  • 762d063 fix: make getters convert uuid to string when calling toObject() and toJSON()
  • 1b18d5b Merge pull request #14886 from wongsean/patch-1
  • 8d424a3 Fix missing `Aggregate` re-exports
  • a50264b chore: release 8.6.2
  • dd7e75e Merge pull request #14881 from Automattic/vkarpov15/gh-14879
  • 36fa0c0 Merge pull request #14882 from Automattic/vkarpov15/gh-14839
  • 60541e7 types: add function args to setters property
  • 180f5d9 type(inferrawdoctype): infer Date types as JS dates rather than Mongoose SchemaType Date
  • c7f7273 types: make SchemaType static `setters` property accessible in TypeScript
  • 286ab98 Merge pull request #14875 from Automattic/vkarpov15/gh-14848
  • e4e1d66 Merge pull request #14874 from Automattic/vkarpov15/revert-14764
  • e13fc38 fix lint
  • 599dc13 fix(transaction): avoid unnecessarily updating initial state in between transactions
  • c6af5ec types: allow arbitrary keys in query filters again
  • d533e9f Merge pull request #14870 from ianHeydoc/gh-14861
  • 8cfeb59 Merge pull request #14866 from aletorrado/eachAsync-typing-abortSignal
  • c8f61d8 set merges deeply nested objects

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants