Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency mongoose to v6.13.5 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency mongoose to v6.13.5 #7

wants to merge 1 commit into from

Conversation

ibm-mend-app[bot]
Copy link

@ibm-mend-app ibm-mend-app bot commented Sep 7, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
mongoose (source) dependencies minor 6.12.7 -> 6.13.5

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Critical Critical 9.1 CVE-2024-53900
High High 7.5 CVE-2024-41818

Release Notes

Automattic/mongoose (mongoose)

v6.13.5

Compare Source

===================

  • fix: disallow using $where in match

v6.13.4

Compare Source

===================

v6.13.3

Compare Source

===================

  • docs(migrating_to_6): document that Lodash _.isEmpty() with ObjectId() as a parameter returns true in Mongoose 6 #​11152

v6.13.2

Compare Source

===================

  • fix(document): make set() respect merge option on deeply nested objects #​14870 #​14878

v6.13.1

Compare Source

===================

v6.13.0

Compare Source

===================

  • feat(model): add throwOnValidationError option for opting into getting MongooseBulkWriteError if all valid operations succeed in bulkWrite() and insertMany() #​14599 #​14587 #​14572 #​13410

v6.12.9

Compare Source

===================

v6.12.8

Compare Source

===================

  • fix(document): handle virtuals that are stored as objects but getter returns string with toJSON #​14468 #​14446
  • fix(schematype): consistently set wasPopulated to object with value property rather than boolean #​14418
  • docs(model): add extra note about lean option for insertMany() skipping casting #​14415 #​14376
  • If you want to rebase/retry this PR, check this box

@ibm-mend-app ibm-mend-app bot added the security fix Security fix generated by Mend label Sep 7, 2024
@ibm-mend-app ibm-mend-app bot changed the title Update dependency mongoose to v6.12.8 Update dependency mongoose to v6.12.8 - autoclosed Dec 3, 2024
@ibm-mend-app ibm-mend-app bot closed this Dec 3, 2024
@ibm-mend-app ibm-mend-app bot deleted the whitesource-remediate/mongoose-6.x-lockfile branch December 3, 2024 12:03
@ibm-mend-app ibm-mend-app bot changed the title Update dependency mongoose to v6.12.8 - autoclosed Update dependency mongoose to v6.12.8 Dec 6, 2024
@ibm-mend-app ibm-mend-app bot reopened this Dec 6, 2024
@ibm-mend-app ibm-mend-app bot restored the whitesource-remediate/mongoose-6.x-lockfile branch December 6, 2024 18:09
@ibm-mend-app ibm-mend-app bot force-pushed the whitesource-remediate/mongoose-6.x-lockfile branch from 7e1815b to bcd8d9f Compare December 10, 2024 12:07
@ibm-mend-app ibm-mend-app bot changed the title Update dependency mongoose to v6.12.8 Update dependency mongoose to v6.13.5 Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants