Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongoose from 6.1.2 to 6.9.0 #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade mongoose from 6.1.2 to 6.9.0 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade mongoose from 6.1.2 to 6.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 64 versions ahead of your current version.
  • The recommended version was released 23 days ago, on 2023-01-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MONGOOSE-2961688		 671/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 6.9.0 - 2023-01-25

    6.9.0 / 2023-01-25

  • 6.8.4 - 2023-01-17

    6.8.4 / 2023-01-17

    • fix(collection): handle creating model when connection disconnected with bufferCommands = false #12889
    • fix(populate): merge instead of overwrite when match is on _id #12891
    • fix: add guard to stop loadClass copying Document if Document is used as base of loaded class (same hack as implemented for Model already) #12820 sgpinkus
    • fix(types): correctly infer types on document arrays #12884 #12882 JavaScriptBach
    • fix(types): added omit for ArraySubdocument type in LeanType declaration #12903 piyushk96
    • fix(types): add returnDocument type safety #12906 AbdelrahmanHafez
    • docs(typescript): add notes about virtual context to Mongoose 6 migration and TypeScript virtuals docs #12912 #12806
    • docs(schematypes): removed dead link and fixed formatting #12897 #12885 lpizzinidev
    • docs: fix link to lean api #12910 manniL
    • docs: list all possible strings for schema.pre in one place #12868
    • docs: add list of known incompatible npm packages #12892 IslandRhythms
  • 6.8.3 - 2023-01-06

    6.8.3 / 2023-01-06

    • perf: improve performance of assignRawDocsToIdStructure for faster populate on large docs #12867 Uzlopak
    • fix(model): ensure consistent ordering of validation errors in insertMany() with ordered: false and rawResult: true #12866
    • fix: avoid passing final callback to pre hook, because calling the callback can mess up hook execution #12836
    • fix(types): avoid inferring timestamps if methods, virtuals, or statics set #12871
    • fix(types): correctly infer string enums on const arrays #12870 JavaScriptBach
    • fix(types): allow virtuals to be invoked in the definition of other virtuals #12874 sffc
    • fix(types): add type def for Aggregate#model without arguments #12864 hasezoey
    • docs(discriminators): add section about changing discriminator key #12861
    • docs(typescript): explain that virtuals inferred from schema only show up on Model, not raw document type #12860 #12684
  • 6.8.2 - 2022-12-28

    6.8.2 / 2022-12-28

    • fix(schema): propagate strictQuery to implicitly created schemas for embedded discriminators #12827 #12796
    • fix(model): respect discriminators with Model.validate() #12824 #12621
    • fix(query): fix unexpected validation error when doing findOneAndReplace() with a nullish value #12826 #12821
    • fix(discriminator): apply built-in plugins to discriminator schema even if mergeHooks and mergePlugins are both false #12833 #12696
    • fix(types): add option "overwriteModels" as a schema option #12817 #12816 hasezoey
    • fix(types): add property "defaultOptions" #12818 hasezoey
    • docs: make search bar respect documentation version, so you can search 5.x docs #12548
    • docs(typescript): make note about recommending strict mode when using auto typed schemas #12825 #12420
    • docs: add section on sorting to query docs #12588 IslandRhythms
    • test(query.test): add write-concern option #12829 hasezoey
  • 6.8.1 - 2022-12-19
    Read more
  • 6.8.0 - 2022-12-05
    Read more
  • 6.7.5 - 2022-11-30
    Read more
  • 6.7.4 - 2022-11-28
  • 6.7.3 - 2022-11-22
  • 6.7.2 - 2022-11-07
  • 6.7.1 - 2022-11-02
  • 6.7.0 - 2022-10-24
  • 6.6.7 - 2022-10-21
  • 6.6.6 - 2022-10-20
  • 6.6.5 - 2022-10-05
  • 6.6.4 - 2022-10-03
  • 6.6.3 - 2022-09-30
  • 6.6.2 - 2022-09-26
  • 6.6.1 - 2022-09-14
  • 6.6.0 - 2022-09-08
  • 6.5.5 - 2022-09-07
  • 6.5.4 - 2022-08-30
  • 6.5.3 - 2022-08-25
  • 6.5.2 - 2022-08-10
  • 6.5.1 - 2022-08-03
  • 6.5.0 - 2022-07-26
  • 6.4.7 - 2022-07-25
  • 6.4.6 - 2022-07-20
  • 6.4.5 - 2022-07-18
  • 6.4.4 - 2022-07-08
  • 6.4.3 - 2022-07-05
  • 6.4.2 - 2022-07-01
  • 6.4.1 - 2022-06-27
  • 6.4.0 - 2022-06-17
  • 6.3.9 - 2022-06-17
  • 6.3.8 - 2022-06-13
  • 6.3.7 - 2022-06-13
  • 6.3.6 - 2022-06-07
  • 6.3.5 - 2022-05-30
  • 6.3.4 - 2022-05-19
  • 6.3.3 - 2022-05-09
  • 6.3.2 - 2022-05-02
  • 6.3.1 - 2022-04-21
  • 6.3.0 - 2022-04-14
  • 6.2.11 - 2022-04-13
  • 6.2.10 - 2022-04-04
  • 6.2.9 - 2022-03-28
  • 6.2.8 - 2022-03-23
  • 6.2.7 - 2022-03-16
  • 6.2.6 - 2022-03-11
  • 6.2.5 - 2022-03-09
  • 6.2.4 - 2022-02-28
  • 6.2.3 - 2022-02-21
  • 6.2.2 - 2022-02-16
  • 6.2.1 - 2022-02-07
  • 6.2.0 - 2022-02-02
  • 6.1.10 - 2022-02-01
  • 6.1.9 - 2022-01-31
  • 6.1.8 - 2022-01-24
  • 6.1.7 - 2022-01-17
  • 6.1.6 - 2022-01-10
  • 6.1.5 - 2022-01-04
  • 6.1.4 - 2021-12-27
  • 6.1.3 - 2021-12-21
  • 6.1.2 - 2021-12-15
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 008560f chore: release 6.9.0
  • 97d62ef Merge pull request #12951 from Automattic/revert-12781-infer-null
  • 1e19236 Revert "typescript: Allow null for optional document fields"
  • 0f2f461 Merge pull request #12949 from Automattic/6.9
  • c6c30ed feat: use mongodb driver 4.13.0
  • 5ab7a0f Merge branch '6.9' of github.com:Automattic/mongoose into 6.9
  • 392ae0a Merge branch 'master' into 6.9
  • 3fc7054 Merge pull request #12946 from Gbengstar/patch-2
  • 0a70016 fixed typo
  • c190bd6 chore: release 6.8.5
  • 71d80e4 Merge pull request #12781 from JavaScriptBach/infer-null
  • 90acf2b Merge branch '6.9' into infer-null
  • 32a0d08 Merge branch 'master' into 6.9
  • 59e5338 Merge pull request #12919 from Automattic/vkarpov15/test-cleanup-12890
  • 8752e78 Merge pull request #12937 from hasezoey/increaseTimeoutAggregate
  • 70d47ab Merge pull request #12915 from Automattic/vkarpov15/gh-12902
  • d4433f5 test: clean up db handle in bson size error test
  • 3d5fa20 Merge branch 'vkarpov15/test-cleanup-12890' of github.com:Automattic/mongoose into vkarpov15/test-cleanup-12890
  • e1284a0 Merge branch 'master' into vkarpov15/test-cleanup-12890
  • bf2ad98 Update test/collection.test.js
  • 08f8559 Update test/collection.capped.test.js
  • 57fa99d test: fix global cleanup test on deno re: #12902
  • 48b5edb test: try skipping global strictQuery test to avoid deno test failures
  • 2dd8bf3 test(aggregate): increase timeout for a "beforeEach" hook

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot