[Snyk] Upgrade mongoose from 6.12.0 to 8.5.1

[lholmquist]

Snyk has created this PR to upgrade mongoose from 6.12.0 to 8.5.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 86 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-5668858	375	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	375	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289	375	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	375	Proof of Concept

Release notes

Package name: mongoose

• 8.5.1 - 2024-07-12
  

  8.5.1 / 2024-07-12

  • perf(model): performance improvements for insertMany() #14724
  • fix(model): avoid leaving subdoc defaults on top-level doc when setting subdocument to same value #14728 #14722
  • fix(model): handle transactionAsyncLocalStorage option with insertMany() #14743
  • types: make _id required on Document type #14735 #14660
  • types: fix ChangeStream.close to return a Promise like the driver #14740 orgads
• 8.5.0 - 2024-07-08
  

  8.5.0 / 2024-07-08

  • perf: memoize toJSON / toObject default options #14672
  • feat(document): add $createModifiedPathsSnapshot(), $restoreModifiedPathsSnapshot(), $clearModifiedPaths() #14699 #14268
  • feat(query): make sanitizeProjection prevent projecting in paths deselected in the schema #14691
  • feat: allow setting array default value to null #14717 #6691
  • feat(mongoose): allow drivers to set global plugins #14682
  • feat(connection): bubble up monitorCommands events to Mongoose connection if monitorCommands option set #14681 #14611
  • fix(document): ensure post('deleteOne') hooks are called when calling save() after subdoc.deleteOne() #14732 #9885
  • fix(query): remove count() and findOneAndRemove() from query chaining #14692 #14689
  • fix: remove default connection if setting createInitialConnection to false after Mongoose instance created #14679 #8302
  • types(models+query): infer return type from schema for 1-level deep nested paths #14632
  • types(connection): make transaction() return type match the executor function #14661 #14656
  • docs: fix docs links in index.md mirasayon
• 8.4.5 - 2024-07-05
  

  8.4.5 / 2024-07-05

  • types: correct this for validate.validator schematype option #14720 #14696
  • docs(model): note that insertMany() with lean skips applying defaults #14723 #14698
• 8.4.4 - 2024-06-25
  

  8.4.4 / 2024-06-25

  • perf: avoid unnecesary get() call and use faster approach for converting to string #14673 #14394
  • fix(projection): handle projections on arrays in Model.hydrate() projection option #14686 #14680
  • fix(document): avoid passing validateModifiedOnly to subdocs so subdocs get fully validating if they're directly modified #14685 #14677
  • fix: handle casting primitive array with $elemMatch in bulkWrite() #14687 #14678
  • fix(query): cast $pull using embedded discriminator schema when discriminator key is set in filter #14676 #14675
  • types(connection): fix return type of withSession() #14690 tt-public
  • types: add $documents pipeline stage and fix $unionWith type #14666 nick-statsig
  • docs(findoneandupdate): improve example that shows findOneAndUpdate() returning doc before updates were applied #14671 #14670
• 8.4.3 - 2024-06-17
  

  8.4.3 / 2024-06-17

  • fix: remove 0x flamegraph files from release
• 8.4.2 - 2024-06-17
  

  8.4.2 / 2024-06-17

  • perf: more toObject() perf improvements #14623 #14606 #14394
  • fix(model): check the value of overwriteModels in options when calling discriminator() #14646 uditha-g
  • fix: avoid throwing TypeError when deleting an null entry on a populated Map #14654 futurliberta
  • fix(connection): fix up some inconsistencies in operation-end event and add to docs #14659 #14648
  • types: avoid inferring Boolean, Buffer, ObjectId as Date in schema definitions under certain circumstances #14667 #14630
  • docs: add note about parallelism in transations #14647 fiws
• 8.4.1 - 2024-05-31
• 8.4.0 - 2024-05-17
• 8.3.5 - 2024-05-15
• 8.3.4 - 2024-05-06
• 8.3.3 - 2024-04-29
• 8.3.2 - 2024-04-16
• 8.3.1 - 2024-04-08
• 8.3.0 - 2024-04-03
• 8.2.4 - 2024-03-28
• 8.2.3 - 2024-03-21
• 8.2.2 - 2024-03-15
• 8.2.1 - 2024-03-04
• 8.2.0 - 2024-02-22
• 8.1.3 - 2024-02-16
• 8.1.2 - 2024-02-11
• 8.1.1 - 2024-01-24
• 8.1.0 - 2024-01-16
• 8.0.4 - 2024-01-09
• 8.0.3 - 2023-12-07
• 8.0.2 - 2023-11-28
• 8.0.1 - 2023-11-15
• 8.0.0 - 2023-10-31
• 8.0.0-rc0 - 2023-10-24
• 7.8.0 - 2024-07-23
  

  chore: release 7.8.0

• 7.7.0 - 2024-06-18
  

  chore: release 7.7.0

• 7.6.13 - 2024-06-05
• 7.6.12 - 2024-05-21
• 7.6.11 - 2024-04-11
• 7.6.10 - 2024-03-13
• 7.6.9 - 2024-02-26
• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29
• 7.4.5 - 2023-08-25
• 7.4.4 - 2023-08-22
• 7.4.3 - 2023-08-11
• 7.4.2 - 2023-08-03
• 7.4.1 - 2023-07-24
• 7.4.0 - 2023-07-18
• 7.3.4 - 2023-07-12
• 7.3.3 - 2023-07-11
• 7.3.2 - 2023-07-06
• 7.3.1 - 2023-06-21
• 7.3.0 - 2023-06-14
• 7.2.4 - 2023-06-12
• 7.2.3 - 2023-06-09
• 7.2.2 - 2023-05-30
• 7.2.1 - 2023-05-24
• 7.2.0 - 2023-05-19
• 7.1.2 - 2023-05-19
• 7.1.1 - 2023-05-10
• 7.1.0 - 2023-04-27
• 7.0.5 - 2023-04-24
• 7.0.4 - 2023-04-17
• 7.0.3 - 2023-03-23
• 7.0.2 - 2023-03-15
• 7.0.1 - 2023-03-06
• 7.0.0 - 2023-02-27
• 7.0.0-rc0 - 2023-02-23
• 6.13.0 - 2024-06-06
  

  chore: release 6.13.0

• 6.12.9 - 2024-05-24
• 6.12.8 - 2024-04-10
• 6.12.7 - 2024-03-01
• 6.12.6 - 2024-01-22
• 6.12.5 - 2024-01-03
• 6.12.4 - 2023-12-27
• 6.12.3 - 2023-11-07
• 6.12.2 - 2023-10-25
• 6.12.1 - 2023-10-12
• 6.12.0 - 2023-08-24

from mongoose GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coveralls]

Pull Request Test Coverage Report for Build 10365302142

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+35.1%) to 35.088%

---

Totals
Change from base Build 10351456985:	35.1%
Covered Lines:	20
Relevant Lines:	51

---

💛 - Coveralls