[Snyk] Upgrade mongoose from 6.7.0 to 6.9.2 #28

snyk-bot · 2023-03-12T00:22:05Z

Snyk has created this PR to upgrade mongoose from 6.7.0 to 6.9.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 13 versions ahead of your current version.
The recommended version was released 23 days ago, on 2023-02-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-FASTXMLPARSER-3325616	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

6.9.2 - 2023-02-16
6.9.2 / 2023-02-16
- fix(model): fixed post('save') callback parameter #13030 #13026 lpizzinidev
- fix(UUID): added null check to prevent error on binaryToString conversion #13034 #13032 #13029 lpizzinidev Freezystem
- fix(query): revert breaking changes introduced by #12797 #12999 lpizzinidev
- fix(document): make array $shift() use $pop instead of overwriting array #13004
- docs: update & remove old links #13019 hasezoey
- docs(middleware): describe how to access model from document middleware #13031 AxeOfMen
- docs: update broken & outdated links #13001 hasezoey
- chore: change deno tests to also use MMS #12918 hasezoey
6.9.1 - 2023-02-06
6.9.1 / 2023-02-06
- fix(document): isModified should not be triggered when setting a nested boolean to the same value as previously #12994 lpizzinidev
- fix(document): save newly set defaults underneath single nested subdocuments #13002 #12905
- fix(update): handle custom discriminator model name when casting update #12947 wassil
- fix(connection): handles unique autoincrement ID for connections #12990 lpizzinidev
- fix(types): fix type of options of Model.aggregate #12933 ghost91-
- fix(types): fix "near" aggregation operator input type #12954 Jokero
- fix(types): add missing Top operator to AccumulatorOperator type declaration #12952 lpizzinidev
- docs(transactions): added example for Connection.transaction() method #12943 #12934 lpizzinidev
- docs(populate): fix out of date comment referencing onModel property #13000
- docs(transactions): fix typo in transactions.md #12995 Parth86
6.9.0 - 2023-01-25
6.8.4 - 2023-01-17
6.8.3 - 2023-01-06
6.8.2 - 2022-12-28
6.8.1 - 2022-12-19
6.8.0 - 2022-12-05
6.7.5 - 2022-11-30
6.7.4 - 2022-11-28
6.7.3 - 2022-11-22
6.7.2 - 2022-11-07
6.7.1 - 2022-11-02
6.7.0 - 2022-10-24

from mongoose GitHub release notes

Commit messages

Package name: mongoose

6de7ad3 chore: release 6.9.2
15e0549 Merge pull request #13030 from lpizzinidev/gh-13026
830af77 Merge pull request #13034 from lpizzinidev/gh-13032
5f315c4 Merge branch 'master' into gh-13032
06585a8 Merge pull request #13029 from Freezystem/patch-2
2f9c822 Delete types.uuid.test.js
8e5bbfa Merge pull request #13031 from AxeOfMen/patch-1
0bc7e5e schematype(UUID): added null check to prevent error on binaryToString conversion
77a19dc Update middleware.md
edd977f fix(model): fixed post('save') callback parameter
8a16964 add tests
b3e461a Merge pull request #12918 from hasezoey/denoToMMS
cdb8da0 Merge pull request #13019 from hasezoey/removeOldLinks
3f3840a Merge pull request #13020 from hasezoey/updateSponsorLogo
4a09fab Merge pull request #13013 from emilsivervik/chore/add_strict_populate_error_as_exported_error
acaf76f Merge pull request #12999 from lpizzinidev/gh-12797-revert
158cac6 Prevent casting null or undefined field value
2341852 style(index.pug): update sponsor image
542a20e docs(connections): update "http" link with a "https" link
176dc76 docs(migrating_to_5): update geoNear link
37da9bc style(query): remove links for "snapshot" option
5cf2a71 style(query): update link references for "maxScan" option
37949f8 docs(connections): update link for "atlas-limits - connection limits"
a735ad2 docs(guide): remove reference to removed option "autoIndexId"