[Snyk] Upgrade mongoose from 6.2.2 to 6.13.3

[DanneelsSophie]

Snyk has created this PR to upgrade mongoose from 6.2.2 to 6.13.3.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 83 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2024-09-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.13.3 - 2024-09-23
  

  chore: release 6.13.3

• 6.13.2 - 2024-09-12
  

  chore: release 6.13.2

• 6.13.1 - 2024-09-06
  

  try fixing deno test

• 6.13.0 - 2024-06-06
• 6.12.9 - 2024-05-24
• 6.12.8 - 2024-04-10
• 6.12.7 - 2024-03-01
• 6.12.6 - 2024-01-22
• 6.12.5 - 2024-01-03
• 6.12.4 - 2023-12-27
• 6.12.3 - 2023-11-07
• 6.12.2 - 2023-10-25
• 6.12.1 - 2023-10-12
• 6.12.0 - 2023-08-24
• 6.11.6 - 2023-08-21
• 6.11.5 - 2023-08-01
• 6.11.4 - 2023-07-17
• 6.11.3 - 2023-07-11
• 6.11.2 - 2023-06-08
• 6.11.1 - 2023-05-08
• 6.11.0 - 2023-05-01
• 6.10.5 - 2023-04-06
• 6.10.4 - 2023-03-21
• 6.10.3 - 2023-03-13
• 6.10.2 - 2023-03-07
• 6.10.1 - 2023-03-03
• 6.10.0 - 2023-02-22
• 6.9.3 - 2023-02-22
• 6.9.2 - 2023-02-16
• 6.9.1 - 2023-02-06
• 6.9.0 - 2023-01-25
• 6.8.4 - 2023-01-17
• 6.8.3 - 2023-01-06
• 6.8.2 - 2022-12-28
• 6.8.1 - 2022-12-19
• 6.8.0 - 2022-12-05
• 6.7.5 - 2022-11-30
• 6.7.4 - 2022-11-28
• 6.7.3 - 2022-11-22
• 6.7.2 - 2022-11-07
• 6.7.1 - 2022-11-02
• 6.7.0 - 2022-10-24
• 6.6.7 - 2022-10-21
• 6.6.6 - 2022-10-20
• 6.6.5 - 2022-10-05
• 6.6.4 - 2022-10-03
• 6.6.3 - 2022-09-30
• 6.6.2 - 2022-09-26
• 6.6.1 - 2022-09-14
• 6.6.0 - 2022-09-08
• 6.5.5 - 2022-09-07
• 6.5.4 - 2022-08-30
• 6.5.3 - 2022-08-25
• 6.5.2 - 2022-08-10
• 6.5.1 - 2022-08-03
• 6.5.0 - 2022-07-26
• 6.4.7 - 2022-07-25
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 25da2ca chore: release 6.13.3
• ed79a5a Merge pull request #14901 from Automattic/IslandRhythms/docs-fix
• f86bda7 quick clarification
• f45e28c formatting
• 003246f Update migrating_to_6.md
• becd799 chore: release 6.13.2
• abedf3c Merge pull request #14878 from Automattic/vkarpov15/gh-14861
• 3910527 fix lint
• 9178805 fix: backport #14870 to 6.x
• fe17056 try fixing deno test
• 2c4b0d5 pin @ sinonjs/fake-timers version for node 12
• b6ab66f chore: release 6.13.1
• 91612bb Revert "Update cast.js"
• 6308686 style: fix lint
• 97dadf0 Merge pull request #14749 from 0x0a0d/improve_fix_cast_empty_query
• e3a9e65 Update cast.js
• 19d694a Update cast.test.js
• e5eb234 only remove object if it becomes empty because of casting
• 01dd471 Reapply "fix(cast): remove empty conditions after strict applied"
• 53d382b chore: release 6.13.0
• 37e73b8 Merge pull request #14599 from Automattic/vkarpov15/gh-14572-3
• c3b4bdb chore: release 6.12.9
• f4cfe1e feat(model): add throwOnValidationError option for opting into getting MongooseBulkWriteError if all valid operations succeed in bulkWrite() and insertMany()
• eb61572 Merge pull request #14590 from Automattic/vkarpov15/gh-14576

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs