Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mongoose from 5.11.16 to 5.13.5 #85

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.13.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 26 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-07-30.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MQUERY-1089718
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Proof of Concept
Prototype Pollution
SNYK-JS-MONGOOSE-1086688
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 5.13.5 - 2021-07-30

    chore: release 5.13.5

  • 5.13.4 - 2021-07-28

    chore: release 5.13.4

  • 5.13.3 - 2021-07-16

    chore: release 5.13.3

  • 5.13.2 - 2021-07-03

    chore: release 5.13.2

  • 5.13.1 - 2021-07-02

    chore: release 5.13.1

  • 5.13.0 - 2021-06-28

    chore: release 5.13.0

  • 5.12.15 - 2021-06-25

    chore: release 5.12.15

  • 5.12.14 - 2021-06-15

    chore: release 5.12.14

  • 5.12.13 - 2021-06-04
  • 5.12.12 - 2021-05-28
  • 5.12.11 - 2021-05-24
  • 5.12.10 - 2021-05-18
  • 5.12.9 - 2021-05-13
  • 5.12.8 - 2021-05-10
  • 5.12.7 - 2021-04-29
  • 5.12.6 - 2021-04-27
  • 5.12.5 - 2021-04-19
  • 5.12.4 - 2021-04-15
  • 5.12.3 - 2021-03-31
  • 5.12.2 - 2021-03-22
  • 5.12.1 - 2021-03-18
  • 5.12.0 - 2021-03-11
  • 5.11.20 - 2021-03-11
  • 5.11.19 - 2021-03-05
  • 5.11.18 - 2021-02-23
  • 5.11.17 - 2021-02-17
  • 5.11.16 - 2021-02-12
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • c36bd64 chore: release 5.13.5
  • b33599c Merge pull request #10510 from thiagokisaki/gh-10504
  • d88f981 Merge pull request #10515 from andreialecu/perf-types
  • 9c41c19 perf: improve typescript type checking performance
  • f1e0de1 Merge pull request #10501 from gfrancz/patch-1
  • ae819cc fix(index.d.ts): fix `debug` type in `MongooseOptions`
  • 28b1aa3 fix: get rid of hardcoding of @ types/node re: node: Make Buffer mergeable DefinitelyTyped/DefinitelyTyped#54479
  • b82aa37 Update depopulate documentation for document.js
  • 6b33a7b chore: release 5.13.4
  • 060039d fix(index.d.ts): improve autocomplete for `new Model()` by making `doc` an object with correct keys
  • 2066180 fix(map): correctly clone subdocs when calling `toObject()` on a map
  • 7793065 test(map): repro #10486
  • 1be924d style: fix lint
  • c05e7f6 Merge branch 'master' of github.com:Automattic/mongoose
  • b6beb3e fix(update): support overwriting nested map paths
  • 926533f test: repro #10485
  • fcbadbc Merge pull request #10494 from juhdanad/lean-populated
  • 0afa2ba Merge branch 'master' of github.com:Automattic/mongoose
  • e2d94cb docs(mongoose+connection): correct default value for bufferTimeoutMS
  • 0ff1c8a Merge pull request #10464 from AbdelrahmanHafez/gh-10437
  • fa4094a chore: peg optional-require to v1.0.x re: restore compatibility with node v4 and v5 jchip/optional-require#6
  • 257adc4 fix(update): apply timestamps to subdocs that would be newly created by `$setOnInsert`
  • 1589af2 fix(cursor): cap parallel batchSize for populate at 5000
  • 4640bee style: fix lint

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant