Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mongoose from 6.9.1 to 6.12.2 #388

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

gptkrsh
Copy link
Owner

@gptkrsh gptkrsh commented Nov 22, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongoose from 6.9.1 to 6.12.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 18 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-10-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-FASTXMLPARSER-3325616
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-FASTXMLPARSER-5668858
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-MONGOOSE-5777721
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Information Exposure
SNYK-JS-MONGODB-5871303
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 6.12.2 - 2023-10-25

    chore: release 6.12.2

  • 6.12.1 - 2023-10-12

    chore: release 6.12.1

  • 6.12.0 - 2023-08-24
  • 6.11.6 - 2023-08-21
  • 6.11.5 - 2023-08-01
  • 6.11.4 - 2023-07-17
  • 6.11.3 - 2023-07-11
  • 6.11.2 - 2023-06-08
  • 6.11.1 - 2023-05-08
  • 6.11.0 - 2023-05-01
  • 6.10.5 - 2023-04-06
  • 6.10.4 - 2023-03-21
  • 6.10.3 - 2023-03-13
  • 6.10.2 - 2023-03-07
  • 6.10.1 - 2023-03-03
  • 6.10.0 - 2023-02-22
  • 6.9.3 - 2023-02-22
  • 6.9.2 - 2023-02-16
  • 6.9.1 - 2023-02-06
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • fbb1f5d chore: release 6.12.2
  • 7c9eb3c Add fullPath to ValidatorProps
  • 6586bf2 chore: release 6.12.1
  • 29b09d3 Merge pull request #13945 from hasezoey/backport-13911-6x
  • 4dcc0d8 Merge pull request #13940 from k-chop/backport-to-6-ismodified-acccept-string-of-keys
  • ea85361 fix(mongoose): correctly handle global applyPluginsToChildSchemas option
  • 0ae97d1 format
  • cb668b1 fix: document.isModified support for list of keys as a string
  • 917f2ff Merge pull request #13936 from ronjouch/patch-1
  • 5822732 6.x populate.md: fix edit whoopsie scrapping a line a setting half of the document in an unclosed code tag
  • eb34bd3 chore: release 6.12.0
  • ec74347 feat: use mongodb driver v4.17.1
  • 4f79ce2 Merge pull request #13770 from Automattic/vkarpov15/gh-13664-2
  • 17c31b7 fix(model): make Model.bulkWrite() with empty array and ordered false not throw an error
  • 0229ffd Merge pull request #13763 from Automattic/vkarpov15/gh-13720
  • 44f3f0d fix(document): correctly handle inclusive/exclusive projections when applying subdocument defaults
  • 0604133 chore: release 6.11.6
  • c1109ac Merge pull request #13723 from Automattic/IslandRhythms/backport-13515
  • 557a472 Update mongo.test.ts
  • bab0e9e Update package.json
  • 0ae1367 backport pull 13515
  • d4a1080 Merge pull request #13701 from JavaScriptBach/backport-bulkwrite
  • 6f5adfb lint
  • c520587 Backport empty bulkwrite fix #13684 to Mongoose v6

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@reviewpad reviewpad bot added the large Pull request with more than 30 changed lines label Nov 22, 2023
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's great having you contribute to this project

Welcome to the community 🤓

If you would like to continue contributing to open source and would like to do it with an awesome inclusive community, you should join our Discord chat and our GitHub Organisation - we help and encourage each other to contribute to open source little and often 🤓 . Any questions let us know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
large Pull request with more than 30 changed lines
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants