fix(db-mongodb): bump mongoose to 8.8.3 (#9747)

Fixes #9729. The current version has vulnerability https://avd.aquasec.com/nvd/2024/cve-2024-53900/. Technically, Payload doesn't use described in the report [`$where`](https://www.mongodb.com/docs/manual/reference/operator/query/where/#op._S_where) property in its queries at all, but it may affect those who access mongoose via `payload.db.collections` directly
payloadcms · Dec 5, 2024 · 840dde2 · 840dde2
1 parent c2ff9b1
commit 840dde2
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/packages/db-mongodb/package.json b/packages/db-mongodb/package.json
@@ -47,7 +47,7 @@
   },
   "dependencies": {
     "http-status": "1.6.2",
-    "mongoose": "8.8.1",
+    "mongoose": "8.8.3",
     "mongoose-aggregate-paginate-v2": "1.1.2",
     "mongoose-paginate-v2": "1.8.5",
     "prompts": "2.4.2",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/test/package.json b/test/package.json
@@ -68,7 +68,7 @@
     "file-type": "19.3.0",
     "http-status": "1.6.2",
     "jwt-decode": "4.0.0",
-    "mongoose": "8.8.1",
+    "mongoose": "8.8.3",
     "next": "15.0.2",
     "payload": "workspace:*",
     "qs-esm": "7.0.2",