Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongoose from 7.3.1 to 7.4.0 #39

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mongoose from 7.3.1 to 7.4.0 #39

wants to merge 1 commit into from

Conversation

pSakowski
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongoose from 7.3.1 to 7.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2023-07-18.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MONGOOSE-5777721		 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 7.4.0 - 2023-07-18

    7.4.0 / 2023-07-18

    • perf: speed up mapOfSubdocs benchmark by 4x by avoiding unnecessary O(n^2) loop in getPathsToValidate() #13614
    • feat: upgrade to MongoDB Node.js driver 5.7.0 #13591
    • feat: support generating custom cast error message with a function #13608 #3162
    • feat(query): support MongoDB driver's includeResultMetadata option for findOneAndUpdate #13584 #13539
    • feat(connection): add Connection.prototype.removeDb() for removing a related connection #13580 #11821
    • feat(query): delay converting documents into POJOs until query execution, allow querying subdocuments with defaults disabled #13522
    • feat(model): add option "aggregateErrors" for create() #13544 hasezoey
    • feat(schema): add collectionOptions option to schemas #13513
    • fix: move all MongoDB-specific connection logic into driver layer, add createClient() method to handle creating MongoClient #13542
    • fix(document): allow setting keys with dots in mixed paths underneath nested paths #13536
    • types: augment bson.ObjectId instead of adding on own type #13515 #12537 hasezoey
    • docs(guide): fix md lint #13593 hasezoey
    • docs: changed the code from 'await author.save()' to 'await story1.save()' #13596 SomSingh23
  • 7.3.4 - 2023-07-12

    7.3.4 / 2023-07-12

    • chore: release 7.4.4 to overwrite accidental publish of 5.13.20 to latest tag
  • 7.3.3 - 2023-07-11

    7.3.3 / 2023-07-10

    • fix: avoid prototype pollution on init
    • fix(document): clean up all array subdocument modified paths on save() #13589 #13582
    • types: avoid unnecessary MergeType<> if TOverrides not set, clean up statics and insertMany() type issues #13577 #13529
  • 7.3.2 - 2023-07-06

    7.3.2 / 2023-07-06

    • fix(model): avoid TypeError if insertMany() fails with error that does not have writeErrors property #13579 #13531
    • fix(query): convert findOneAndUpdate to findOneAndReplace when overwrite set for backwards compat with Mongoose 6 #13572 #13550
    • fix(query): throw readable error when executing a Query instance without an associated model #13571 #13570
    • types: support mongoose.Schema.ObjectId as alias for mongoose.Schema.Types.ObjectId #13543 #13534
    • docs(connections): clarify that socketTimeoutMS now defaults to 0 #13576 #13537
    • docs(migrating_to_7): add mapReduce() removal to migration guide #13568 #13548
    • docs(schemas): fix typo in schemas.md #13540 Metehan-Altuntekin
  • 7.3.1 - 2023-06-21
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 587983e chore: release 7.4.0
  • 52a6485 Merge pull request #13613 from Automattic/7.4
  • 8378c82 types: allow any value for $meta because MongoDB now supports values other than "textScore" for $meta
  • 7e47266 Merge branch 'master' into 7.4
  • 8c17b91 Merge branch '6.x'
  • 20b030e chore: release 6.11.4
  • 895bc32 Merge pull request #13614 from Automattic/vkarpov15/gh-13191-2
  • b8ebe80 perf: speed up mapOfSubdocs benchmark by 4x by avoiding unnecessary O(n^2) loop in getPathsToValidate()
  • dcc4c9a perf: some more small optimizations
  • 69405b2 Merge branch '6.x' into vkarpov15/gh-13191-2
  • c9e8861 Merge pull request #13608 from Automattic/vkarpov15/gh-3162
  • 5db1d0d test: fix #3162 tests
  • 96ff8ab fix lint, try fixing ts benchmark blowup
  • d6cf0a0 docs: explain how to overwrite cast error messages in validation docs
  • 57a5db5 feat: support generating custom cast error message with a function
  • c1c0dcc Merge branch 'master' into 7.4
  • eeefdd2 Merge pull request #13596 from SomSingh23/populate
  • 0cb0757 chore: release 7.3.4
  • ed901d9 Merge branch 'Automattic:master' into populate
  • aef309e Merge branch '6.x'
  • e9eb8ab chore: release 6.11.3
  • 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
  • 4f264a8 test: fix tests re: #13317
  • fe9f43c text formatting off , no change in code

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pSakowski @snyk-bot