[Snyk] Upgrade mongoose from 7.3.1 to 7.3.4

[pSakowski]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 7.3.1 to 7.3.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-07-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.3.4 - 2023-07-12
  

  7.3.4 / 2023-07-12

  • chore: release 7.4.4 to overwrite accidental publish of 5.13.20 to latest tag
• 7.3.3 - 2023-07-11
  

  7.3.3 / 2023-07-10

  • fix: avoid prototype pollution on init
  • fix(document): clean up all array subdocument modified paths on save() #13589 #13582
  • types: avoid unnecessary MergeType<> if TOverrides not set, clean up statics and insertMany() type issues #13577 #13529
• 7.3.2 - 2023-07-06
  

  7.3.2 / 2023-07-06

  • fix(model): avoid TypeError if insertMany() fails with error that does not have writeErrors property #13579 #13531
  • fix(query): convert findOneAndUpdate to findOneAndReplace when overwrite set for backwards compat with Mongoose 6 #13572 #13550
  • fix(query): throw readable error when executing a Query instance without an associated model #13571 #13570
  • types: support mongoose.Schema.ObjectId as alias for mongoose.Schema.Types.ObjectId #13543 #13534
  • docs(connections): clarify that socketTimeoutMS now defaults to 0 #13576 #13537
  • docs(migrating_to_7): add mapReduce() removal to migration guide #13568 #13548
  • docs(schemas): fix typo in schemas.md #13540 Metehan-Altuntekin
• 7.3.1 - 2023-06-21

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 0cb0757 chore: release 7.3.4
• aef309e Merge branch '6.x'
• e9eb8ab chore: release 6.11.3
• 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
• 4f264a8 test: fix tests re: #13317
• 9616af7 fix(schema): correctly handle uuids with populate()
• 305ce4f fix: avoid prototype pollution on init
• 90d84fd chore: release 7.3.3
• 82b9c3c style: fix lint
• 02699fa Merge branch 'vkarpov15/avoid-prototype-pollution'
• 2188458 Merge pull request #13577 from Automattic/vkarpov15/gh-13529
• e94ca23 Merge pull request #13589 from Automattic/vkarpov15/gh-13582
• 1a998e2 Merge pull request #13588 from Automattic/vkarpov15/gh-13575
• cc722a1 test: add coverage for constructor properties
• e29578d fix: avoid prototype pollution on init
• 422dff4 perf: avoid adding all doc array subpaths when 1 path is modified
• eb9a4f7 fix(document): clean up all array subdocument modified paths on save()
• 8b8f37b types: apply suggested alternative handling for TOverrides = any
• 79a4bda Merge branch 'master' into vkarpov15/gh-13529
• 22b1e25 fix(populate): correctly set `populatedModelSymbol` on documents populated using `Model.populate()`
• b336ed8 chore: release 7.3.2
• 7ad5eef Merge pull request #13579 from Automattic/vkarpov15/gh-13531
• c01cff6 Merge pull request #13581 from hasezoey/updateDev
• 7b3b027 chore(dev-deps): bump mkdirp from 2.1.3 to 3.0.1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs