Bump dynamoose from 2.3.0 to 2.7.0

[dependabot]

Bumps dynamoose from 2.3.0 to 2.7.0.

Release notes

Sourced from dynamoose's releases.

v2.7.0

Version 2.7.0

This release patches a 🚨 security vulnerability 🚨.

Please comment or contact me if you have any questions about this release.

General

• Patch for Prototype Pollution (GHSA-rrqm-p222-8ph2)
• Added $DELETE option for Model.update

Bug Fixes

• Fixed a bug related to update setting being true for model with index

v2.6.0

Version 2.6.0

This release adds support for a new constant type along with a bunch of other improvements and fixes.

Please comment or contact me if you have any questions about this release.

General

• Added Constant type
• Added attributes setting for Model.batchGet

Bug Fixes

• Fixed issues with nested arrays with multiple data types
• Fixed issue with array of indexes
• Fixed bugs related to multiple types for attribute
• Fixed internal method bug that had the potential to cause issues throughout codebase (only known issue related to update transactions)

Other

• Added security policy

v2.5.0

Version 2.5.0

This release adds support for the DynamoDB null type, along with some more TypeScript fixes, and some other cool enhancements.

Please comment or contact me if you have any questions about this release.

General

• Added support for the DynamoDB null type
• Added support for Document.save condition setting

... (truncated)

Changelog

Sourced from dynamoose's changelog.

Version 2.7.0

This release patches a 🚨 security vulnerability 🚨.

Please comment or contact me if you have any questions about this release.

General

• Patch for Prototype Pollution (GHSA-rrqm-p222-8ph2)
• Added $DELETE option for Model.update

Bug Fixes

• Fixed a bug related to update setting being true for model with index

---

Version 2.6.0

This release adds support for a new constant type along with a bunch of other improvements and fixes.

Please comment or contact me if you have any questions about this release.

General

• Added Constant type
• Added attributes setting for Model.batchGet

Bug Fixes

• Fixed issues with nested arrays with multiple data types
• Fixed issue with array of indexes
• Fixed bugs related to multiple types for attribute
• Fixed internal method bug that had the potential to cause issues throughout codebase (only known issue related to update transactions)

Other

• Added security policy

---

Version 2.5.0

This release adds support for the DynamoDB null type, along with some more TypeScript fixes, and some other cool enhancements.

Please comment or contact me if you have any questions about this release.

General

• Added support for the DynamoDB null type

... (truncated)

Commits

• e2ec6ea Merge pull request #1117 from dynamoose/version/2.7.0
• 61c5c15 Adding changelog for 2.7.0
• 09090c4 Updating README to 2.7.0
• 9fd0f15 Bumping version to 2.7.0
• 324c62b Merge pull request from GHSA-rrqm-p222-8ph2
• 016703f Fixing prototype pollution
• 329d59d Merge pull request #1113 from dynamoose/indexUpdateFix
• 474518f Merge pull request #1110 from andrewda/set-delete
• ed33287 Fixing lint errors and cleaning up code
• b959fab Adding test for index deletion fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.