[Snyk] Upgrade mongoose from 5.11.18 to 5.13.9

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.18 to 5.13.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-09-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.13.9 - 2021-09-06
  

  chore: release v5.13.9

• 5.13.8 - 2021-08-23
• 5.13.7 - 2021-08-11
• 5.13.6 - 2021-08-09
• 5.13.5 - 2021-07-30
• 5.13.4 - 2021-07-28
• 5.13.3 - 2021-07-16
• 5.13.2 - 2021-07-03
• 5.13.1 - 2021-07-02
• 5.13.0 - 2021-06-28
• 5.12.15 - 2021-06-25
• 5.12.14 - 2021-06-15
• 5.12.13 - 2021-06-04
• 5.12.12 - 2021-05-28
• 5.12.11 - 2021-05-24
• 5.12.10 - 2021-05-18
• 5.12.9 - 2021-05-13
• 5.12.8 - 2021-05-10
• 5.12.7 - 2021-04-29
• 5.12.6 - 2021-04-27
• 5.12.5 - 2021-04-19
• 5.12.4 - 2021-04-15
• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 07946be chore: release v5.13.9
• 264554f fix: upgrade to mpath v0.8.4 re: security issue
• fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
• 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
• 1dc9b45 style: fix lint
• 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
• b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 2a3399e docs: another layout fix for 5.x docs
• 5bf3c29 chore: update makefile again
• 191678c chore: update makefile re: #10607
• 776fae9 docs: fix up 5.x docs navbar
• a803885 test(typescript): add coverage for #10590
• bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
• cb1e787 chore: release 5.13.8
• 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
• 6122f4b docs(api): add `Document#$where` to API docs
• 2871c1b style: fix lint
• 8d00f62 Merge pull request #10587 from osmanakol/master
• 57e729b allow QueryOptions populate parameter use PopulateOptions
• 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
• e90aab1 docs(History): make a note about #10555
• fca0627 style: fix lint
• 6b92599 fix(populate): handle populating subdoc array virtual with sort
• 283d43f test(populate): repro #10552

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs