[Snyk] Upgrade mongoose from 6.2.2 to 6.8.0

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 6.2.2 to 6.8.0.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 48 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2022-12-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.8.0 - 2022-12-05
  

  6.8.0 / 2022-12-05

  • feat: add alpha support for Deno #12397 #9056
  • feat: add deprecation warning for default strictQuery #12666
  • feat: upgrade to MongoDB driver 4.12.1
  • feat(schema): add doc as second params to validation message function #12564 #12651 IslandRhythms
  • feat(document): add $clone method #12549 #11849 lpizzinidev
  • feat(populate): allow overriding localField and foreignField for virtual populate #12657 #6963 IslandRhythms
  • feat(schema+types): add { errorHandler: true } option to Schema post() for better TypeScript support #12723 #12583
  • feat(debug): allow setting debug on a per-connection basis #12704 #12700 lpizzinidev
  • feat: add rewind function to QueryCursor #12710 passabilities
  • feat(types): infer timestamps option from schema #12731 #12069
  • docs: change links to not link to api.html anymore #12644 hasezoey
• 6.7.5 - 2022-11-30
  

  6.7.5 / 2022-11-30

  • fix(schema): copy indexes when calling add() with schema instance #12737 #12654
  • fix(query): handle deselecting _id when another field has schema-level select: false #12736 #12670
  • fix(types): support using UpdateQuery in bulkWrite() #12742 #12595
  • docs(middleware): added note about execution policy on subdocuments #12735 #12694 lpizzinidev
  • docs(validation): clarify context for update validators in validation docs #12738 #12655 IslandRhythms
• 6.7.4 - 2022-11-28
  

  6.7.4 / 2022-11-28

  • fix: allow setting global strictQuery after Schema creation #12717 #12703 lpizzinidev
  • fix(cursor): make eachAsync() avoid modifying batch when mixing parallel and batchSize #12716
  • fix(types): infer virtuals in query results #12727 #12702 #12684
  • fix(types): correctly infer ReadonlyArray types in schema definitions #12720
  • fix(types): avoid typeof Query with generics for TypeScript 4.6 support #12712 #12688
  • chore: avoid bundling .tgz files when publishing #12725 hasezoey
• 6.7.3 - 2022-11-22
  

  6.7.3 / 2022-11-22

  • fix(document): handle setting array to itself after saving and pushing a new value #12672 #12656
  • fix(types): update replaceWith pipeline stage #12715 coyotte508
  • fix(types): remove incorrect modelName type definition #12682 #12669 lpizzinidev
  • fix(schema): fix setupTimestamps for browser.umd #12683 raphael-papazikas
  • docs: correct justOne description #12686 #12599 tianguangcn
  • docs: make links more consistent #12690 #12645 hasezoey
  • docs(document): explain that $isNew is false in post('save') hooks #12685 #11990
  • docs: fixed line causing a "used before defined" linting error #12707 sgpinkus
• 6.7.2 - 2022-11-07
  Read more
• 6.7.1 - 2022-11-02
  Read more
• 6.7.0 - 2022-10-24
  Read more
• 6.6.7 - 2022-10-21
  

  6.6.7 / 2022-10-21

  • fix: correct browser build and improve isAsyncFunction check for browser #12577 #12576 #12392
  • fix(query): allow overwriting discriminator key with overwriteDiscriminatorKey if strict: 'throw' #12578 #12513
• 6.6.6 - 2022-10-20
  Read more
• 6.6.5 - 2022-10-05
• 6.6.4 - 2022-10-03
• 6.6.3 - 2022-09-30
• 6.6.2 - 2022-09-26
• 6.6.1 - 2022-09-14
• 6.6.0 - 2022-09-08
• 6.5.5 - 2022-09-07
• 6.5.4 - 2022-08-30
• 6.5.3 - 2022-08-25
• 6.5.2 - 2022-08-10
• 6.5.1 - 2022-08-03
• 6.5.0 - 2022-07-26
• 6.4.7 - 2022-07-25
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 82943da chore: release 6.8.0
• 687dfe6 Merge pull request #12768 from Automattic/6.8
• c561459 Merge branch 'master' into 6.8
• 1717e16 Merge pull request #12769 from Automattic/revert-12751-dependabot/npm_and_yarn/master/typescript-4.9.3
• 40dba69 Revert "chore(deps-dev): bump typescript from 4.8.4 to 4.9.3"
• 7676f5c Merge branch 'master' into 6.8
• efed0a4 Merge pull request #12723 from Automattic/vkarpov15/gh-12595
• 170e6df Merge pull request #12750 from Automattic/dependabot/npm_and_yarn/master/sinon-15.0.0
• 52cdf92 Merge pull request #12753 from Automattic/dependabot/npm_and_yarn/master/babel/core-7.20.5
• 51bb927 Merge pull request #12751 from Automattic/dependabot/npm_and_yarn/master/typescript-4.9.3
• 9e8c6f6 Merge pull request #12749 from Automattic/dependabot/npm_and_yarn/master/axios-1.2.0
• 61b5457 chore(deps-dev): bump typescript from 4.8.4 to 4.9.3
• 5f55eac Merge pull request #12754 from Automattic/dependabot/github_actions/master/actions/dependency-review-action-3
• 2a0338e Merge pull request #12756 from Automattic/dependabot/npm_and_yarn/master/webpack-5.75.0
• e61f6ce chore(deps-dev): bump @ babel/core from 7.19.6 to 7.20.5
• 6adebd9 chore(deps-dev): bump webpack from 5.74.0 to 5.75.0
• a168f6f Merge pull request #12757 from Automattic/dependabot/npm_and_yarn/master/marked-4.2.3
• b22861e chore(deps-dev): bump sinon from 14.0.1 to 15.0.0
• 4558b3d chore(deps-dev): bump marked from 4.2.1 to 4.2.3
• 396e102 Merge pull request #12759 from Automattic/dependabot/npm_and_yarn/master/babel/preset-env-7.20.2
• 000eca9 Merge pull request #12760 from Automattic/dependabot/npm_and_yarn/master/tsd-0.25.0
• a8b7914 Merge pull request #12765 from Automattic/dependabot/npm_and_yarn/master/highlight.js-11.7.0
• b316d93 chore(deps-dev): bump @ babel/preset-env from 7.19.4 to 7.20.2
• 4b5eab3 Merge pull request #12755 from Automattic/dependabot/npm_and_yarn/master/typescript-eslint/eslint-plugin-5.45.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs