Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency mongoose to v6.11.3 [security] #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 10, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mongoose (source) 6.4.6 -> 6.11.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.


Release Notes

Automattic/mongoose (mongoose)

v6.11.3

Compare Source

===================

  • fix: avoid prototype pollution on init
  • fix(schema): correctly handle uuids with populate() #​13317 #​13595

v6.11.2

Compare Source

===================

v6.11.1

Compare Source

===================

  • fix(query): apply schema-level paths before calculating projection for findOneAndUpdate() #​13348 #​13340
  • fix: add SUPPRESS_JEST_WARNINGS environment variable to hide jest warnings #​13384 #​13373
  • types(model): allow overwriting expected param type for bulkWrite() #​13292 hasezoey

v6.11.0

Compare Source

===================

v6.10.5

Compare Source

===================

  • perf(document): avoid unnecessary loops, conditionals, string manipulation on Document.prototype.get() for 10x speedup on top-level properties #​12953
  • fix(model): execute valid write operations if calling bulkWrite() with ordered: false #​13218 #​13176
  • fix(array): pass-through all parameters #​13202 #​13201 hasezoey
  • fix: improve error message when sorting by empty string #​13249 #​10182
  • docs: add version support and check version docs #​13251 #​13193

v6.10.4

Compare Source

===================

  • fix(document): apply setters on resulting value when calling Document.prototype.$inc() #​13178 #​13158
  • fix(model): add results property to unordered insertMany() to make it easy to identify exactly which documents were inserted #​13163 #​12791
  • docs(guide+schematypes): add UUID to schematypes guide #​13184

v6.10.3

Compare Source

===================

v6.10.2

Compare Source

===================

  • fix(document): avoid setting array default if document array projected out by sibling projection #​13135 #​13043 #​13003
  • fix(documentarray): set correct document array path if making map of document arrays #​13133
  • fix: undo accidental change to engines in package.json #​13124 lorand-horvath
  • docs: quick improvement to Model.init() docs #​13054

v6.10.1

Compare Source

===================

v6.10.0

Compare Source

===================

v6.9.3

Compare Source

==================

v6.9.2

Compare Source

==================

v6.9.1

Compare Source

==================

  • fix(document): isModified should not be triggered when setting a nested boolean to the same value as previously #​12994 lpizzinidev
  • fix(document): save newly set defaults underneath single nested subdocuments #​13002 #​12905
  • fix(update): handle custom discriminator model name when casting update #​12947 wassil
  • fix(connection): handles unique autoincrement ID for connections #​12990 lpizzinidev
  • fix(types): fix type of options of Model.aggregate #​12933 ghost91-
  • fix(types): fix "near" aggregation operator input type #​12954 Jokero
  • fix(types): add missing Top operator to AccumulatorOperator type declaration #​12952 lpizzinidev
  • docs(transactions): added example for Connection.transaction() method #​12943 #​12934 lpizzinidev
  • docs(populate): fix out of date comment referencing onModel property #​13000
  • docs(transactions): fix typo in transactions.md #​12995 Parth86

v6.9.0

Compare Source

==================

v6.8.4

Compare Source

==================

v6.8.3

Compare Source

==================

  • perf: improve performance of assignRawDocsToIdStructure for faster populate on large docs #​12867 Uzlopak
  • fix(model): ensure consistent ordering of validation errors in insertMany() with ordered: false and rawResult: true #​12866
  • fix: avoid passing final callback to pre hook, because calling the callback can mess up hook execution #​12836
  • fix(types): avoid inferring timestamps if methods, virtuals, or statics set #​12871
  • fix(types): correctly infer string enums on const arrays #​12870 JavaScriptBach
  • fix(types): allow virtuals to be invoked in the definition of other virtuals #​12874 sffc
  • fix(types): add type def for Aggregate#model without arguments #​12864 hasezoey
  • docs(discriminators): add section about changing discriminator key #​12861
  • docs(typescript): explain that virtuals inferred from schema only show up on Model, not raw document type #​12860 #​12684

v6.8.2

Compare Source

==================

  • fix(schema): propagate strictQuery to implicitly created schemas for embedded discriminators #​12827 #​12796
  • fix(model): respect discriminators with Model.validate() #​12824 #​12621
  • fix(query): fix unexpected validation error when doing findOneAndReplace() with a nullish value #​12826 #​12821
  • fix(discriminator): apply built-in plugins to discriminator schema even if mergeHooks and mergePlugins are both false #​12833 #​12696
  • fix(types): add option "overwriteModels" as a schema option #​12817 #​12816 hasezoey
  • fix(types): add property "defaultOptions" #​12818 hasezoey
  • docs: make search bar respect documentation version, so you can search 5.x docs #​12548
  • docs(typescript): make note about recommending strict mode when using auto typed schemas #​12825 #​12420
  • docs: add section on sorting to query docs #​12588 IslandRhythms
  • test(query.test): add write-concern option #​12829 hasezoey

v6.8.1

Compare Source

==================

v6.8.0

Compare Source

==================

v6.7.5

Compare Source

==================

v6.7.4

Compare Source

==================

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

==================

v6.7.0

Compare Source

v6.6.7

Compare Source

==================

v6.6.6

Compare Source

==================

v6.6.5

Compare Source

v6.6.4

Compare Source

v6.6.3

Compare Source

==================

v6.6.2

Compare Source

v6.6.1

Compare Source

==================

  • fix: correctly apply defaults after subdoc init #​12328
  • fix(array): avoid using default _id when using pull() #​12294
  • fix: allow null values inside $expr objects #​12429 MartinDrost
  • fix(query): use correct Query constructor when cloning query #​12418
  • docs(website): remove setting "latest38x" which is not used anywhere #​12396 hasezoey

v6.6.0

Compare Source

==================

v6.5.5

Compare Source

==================

  • fix(setDefaultsOnInsert): avoid applying defaults on insert if nested property set #​12279
  • fix(model): make applyHooks() and applyMethods() handle case where custom method is set to Mongoose implementation #​12254
  • fix(types): add string "ascending" and "descending" index-directions #​10269
  • docs: upgrade dox to 1.0.0 #​12403 hasezoey
  • docs: update old mongodb nodejs driver documentation urls #​12387 hasezoey
  • docs: update JSDOC ... (spread) definition #​12388 hasezoey
  • refactor(model): allow optionally passing indexes to createIndexes and cleanIndexes #​12280 AbdelrahmanHafez

v6.5.4

Compare Source

==================

  • fix(document): allow calling $assertPopulated() with values to better support manual population #​12233
  • fix(connection+mongoose): better handling for calling model() with 1 argument #​12359
  • fix(model): allow defining discriminator virtuals and methods using schema options #​12326
  • fix(types): fix MongooseQueryMiddleware missing "findOneAndReplace" and "replaceOne" #​12330 #​12329 Jule- lpizzinidev
  • fix(types): fix replaceOne return type #​12351 lpizzinidev
  • fix(types): use this for return type from $assertPopulated() #​12234
  • docs: highlight how to connect using auth in README #​12354 AntonyOnScript
  • docs: improve jsdoc comments for private methods #​12337 hasezoey
  • docs: fix minor typo in compatibility table header #​12355 skyme5

v6.5.3

Compare Source

==================

v6.5.2

Compare Source

==================

  • fix(aggregate): avoid throwing error when disconnecting with change stream open #​12201 ramos-ph
  • fix(query): overwrite top-level key if using Query.prototype.set() to set to undefined #​12155
  • fix(query): shallow clone options before modifying #​12176
  • fix(types): auto schema type inference on Connection.prototype.model() #​12240 hasezoey
  • fix(types): better typescript support for schema plugins #​12139 emiljanitzek
  • fix(types): make bulkWrite() type param optional #​12221 #​12212
  • docs: misc cleanup #​12199 hasezoey
  • docs: highlight current top-most visible header in navbar #​12222 hasezoey
  • docs(populate): improve examples for Document.prototype.populate() #​12111
  • docs(middleware): clarify document vs model in middleware docs #​12113

v6.5.1

Compare Source

==================

  • fix(timestamps): set timestamps on child schema when child schema has timestamps: true but parent schema does not #​12119
  • fix(schema+timestamps): handle insertMany() with timestamps and discriminators #​12150
  • fix(model+query): handle populate with lean transform that deletes _id #​12143
  • fix(types): allow $pull with _id #​12142
  • fix(types): add schema plugin option inference #​12196 hasezoey
  • fix(types): pass type to mongodb bulk write operation #​12167 emiljanitzek
  • fix(types): map correct generics from model to schema #​12125 emiljanitzek
  • fix(types): avoid baffling circular reference when using PopulatedDoc with a bidirectional reference #​12136
  • fix(types): allow using path with $count #​12149
  • docs(compatibility): change to use a table #​12200 hasezoey
  • docs(api_split.pug): add "code" to sidebar entries #​12153 hasezoey
  • docs: add "code" to Headers (and index list) #​12152 hasezoey

v6.5.0

Compare Source

==================

  • perf(document): avoid creating unnecessary empty objects when creating a state machine #​11988
  • feat: upgrade mongodb driver -> 4.8.1 #​12103 AbdelrahmanHafez
  • feat(model): allow passing timestamps option to Model.bulkSave(...) #​12082 AbdelrahmanHafez
  • feat(model): add castObject() function that casts a POJO to the model's schema #​11945
  • feat(document): add $inc() helper that increments numeric paths #​12115
  • feat(schema): add schema level lean option IslandRhythms
  • feat(schema): add global id option to disable id on schemas #​12067 IslandRhythms
  • fix(connection): re-run Model.init() if re-connecting after explicitly closing a connection #​12130
  • feat(model): add applyDefaults() helper that allows applying defaults to document or POJO #​11945
  • feat(model): allow calling hydrate() with { setters: true } #​11653
  • feat(model): add hydrate option to Model.watch() to automatically hydrate fullDocument #​12121
  • feat(types): add support for automatically typed virtuals in schemas #​11908 mohammad0-0ahmad

v6.4.7

Compare Source

==================


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title fix(deps): update dependency mongoose to v6.11.3 [security] fix(deps): update dependency mongoose to v6.11.3 [security] - autoclosed Mar 21, 2024
@renovate renovate bot closed this Mar 21, 2024
@renovate renovate bot deleted the renovate/npm-mongoose-vulnerability branch March 21, 2024 13:26
@renovate renovate bot changed the title fix(deps): update dependency mongoose to v6.11.3 [security] - autoclosed fix(deps): update dependency mongoose to v6.11.3 [security] Mar 21, 2024
@renovate renovate bot reopened this Mar 21, 2024
@renovate renovate bot restored the renovate/npm-mongoose-vulnerability branch March 21, 2024 15:32
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch from 5324a4c to 1a08112 Compare March 21, 2024 15:35
@renovate renovate bot changed the title fix(deps): update dependency mongoose to v6.11.3 [security] fix(deps): update dependency mongoose to v6.11.3 [security] - autoclosed Apr 5, 2024
@renovate renovate bot closed this Apr 5, 2024
@renovate renovate bot changed the title fix(deps): update dependency mongoose to v6.11.3 [security] - autoclosed fix(deps): update dependency mongoose to v6.11.3 [security] Apr 5, 2024
@renovate renovate bot reopened this Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants