Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongoose from 5.13.17 to 5.13.22 #37

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mongoose from 5.13.17 to 5.13.22 #37

wants to merge 1 commit into from

Conversation

MikeTeddyOmondi
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongoose from 5.13.17 to 5.13.22.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2024-01-02.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MONGOOSE-5777721		 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 5.13.22 - 2024-01-02

    chore: release 5.13.22

  • 5.13.21 - 2023-10-19
  • 5.13.20 - 2023-07-12
  • 5.13.19 - 2023-06-22
  • 5.13.18 - 2023-06-22
  • 5.13.17 - 2023-04-04
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 2642bb5 chore: release 5.13.22
  • e894fe8 types: add `skipValidation`, `strict`, `timestamps` as options for bulkWrite()
  • c5fa9b4 fix: also allow setting nested field to undefined re: #14205
  • 66e5c1b fix: fix some merge issues with #14226 re: #14205
  • a96164e fix(document): allow setting nested path to `null`
  • 7ff7e33 perf(schema): remove unnecessary lookahead in numeric subpath check
  • 09c55b3 pin another version for node 4 build
  • a1c9fb1 chore: fix typo
  • 7bd07d9 try pinning @ types/babylon dep to fix build issues
  • 21639c8 chore: release 5.13.21
  • 78257e2 Merge pull request #13670 from Automattic/IslandRhythms/backport-pull-12954
  • 443092a add back `uniqueDocs`
  • e7ff415 fix: lint
  • deedb88 backport GeoNear to 5.x
  • 11bb2c4 Merge pull request #13655 from Automattic/IslandRhythms/backport-npm
  • 702b4a0 Update .npmignore
  • 0f3997a chore: release 5.13.20
  • f1efabf fix: avoid prototype pollution on init
  • 98e0762 chore: release 5.13.19
  • 7e36d21 chore: release 5.13.18
  • 6759c60 undo accidental changes and actually pin @ types/json-schema
  • 4ed4a89 chore: pin version of @ types/json-schema because of install issues on node v4 and v6
  • 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
  • 26424d5 5.x - bump mongodb driver to 3.7.4

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MikeTeddyOmondi @snyk-bot