[Snyk] Upgrade mongoose from 6.2.2 to 6.5.3

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 6.2.2 to 6.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 31 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2022-08-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.5.3 - 2022-08-25
  

  6.5.3 / 2022-08-24

  • fix(document): handle maps when applying defaults to nested paths #12322
  • fix(schema): make ArraySubdocuments apply _id defaults on init #12264
  • fix(populate): handle specifying recursive populate as a string with discriminators #12266
  • perf(types): remove extends Query in Schema.pre() and Schema.post(), loosen discriminator() generic #10349
  • perf(types): some more micro-optimizations re: #10349, remove extra type checking on $ne, etc.
  • fix(types): infer schema on connection.model() #12298 #12125 hasezoey
  • fix(types): add missing findById() type definitions #12309 lpizzinidev
  • fix(types): allow $search in $lookup pipeline stages for MongoDB v6.x support #12278 AbdelrahmanHafez
  • fix(types): add parameter "options" to "Model.remove" #12258 hasezoey
  • fix(types): sync single-generic-no-constraint "model" between "index.d.ts" and "connection.d.ts" #12299 hasezoey
  • fix(types): update isDirectModified typing #12290 gabrielDonnantuoni
  • docs: update links on api docs #12293 eatmoarrice
  • docs: add note about language_override option #12310 IslandRhythms
  • docs(document): add "String[]" to Document.depopulate as jsdoc parameter type #12300 hasezoey
  • docs: update Node.js EventEmitter url #12303 rainrisa
• 6.5.2 - 2022-08-10
  

  6.5.2 / 2022-08-09

  • fix(aggregate): avoid throwing error when disconnecting with change stream open #12201 ramos-ph
  • fix(query): overwrite top-level key if using Query.prototype.set() to set to undefined #12155
  • fix(query): shallow clone options before modifying #12176
  • fix(types): auto schema type inference on Connection.prototype.model() #12240 hasezoey
  • fix(types): better typescript support for schema plugins #12139 emiljanitzek
  • fix(types): make bulkWrite() type param optional #12221 #12212
  • docs: misc cleanup #12199 hasezoey
  • docs: highlight current top-most visible header in navbar #12222 hasezoey
  • docs(populate): improve examples for Document.prototype.populate() #12111
  • docs(middleware): clarify document vs model in middleware docs #12113
• 6.5.1 - 2022-08-03
  

  6.5.1 / 2022-08-03

  • fix(timestamps): set timestamps on child schema when child schema has timestamps: true but parent schema does not #12119
  • fix(schema+timestamps): handle insertMany() with timestamps and discriminators #12150
  • fix(model+query): handle populate with lean transform that deletes _id #12143
  • fix(types): allow $pull with _id #12142
  • fix(types): add schema plugin option inference #12196 hasezoey
  • fix(types): pass type to mongodb bulk write operation #12167 emiljanitzek
  • fix(types): map correct generics from model to schema #12125 emiljanitzek
  • fix(types): avoid baffling circular reference when using PopulatedDoc with a bidirectional reference #12136
  • fix(types): allow using path with $count #12149
  • docs(compatibility): change to use a table #12200 hasezoey
  • docs(api_split.pug): add "code" to sidebar entries #12153 hasezoey
  • docs: add "code" to Headers (and index list) #12152 hasezoey
• 6.5.0 - 2022-07-26
  

  6.5.0 / 2022-07-26

  • perf(document): avoid creating unnecessary empty objects when creating a state machine #11988
  • feat: upgrade mongodb driver -> 4.8.1 #12103 AbdelrahmanHafez
  • feat(model): allow passing timestamps option to Model.bulkSave(...) #12082 AbdelrahmanHafez
  • feat(model): add castObject() function that casts a POJO to the model's schema #11945
  • feat(document): add $inc() helper that increments numeric paths #12115
  • feat(schema): add schema level lean option IslandRhythms
  • feat(schema): add global id option to disable id on schemas #12067 IslandRhythms
  • fix(connection): re-run Model.init() if re-connecting after explicitly closing a connection #12130
  • feat(model): add applyDefaults() helper that allows applying defaults to document or POJO #11945
  • feat(model): allow calling hydrate() with { setters: true } #11653
  • feat(model): add hydrate option to Model.watch() to automatically hydrate fullDocument #12121
  • feat(types): add support for automatically typed virtuals in schemas #11908 mohammad0-0ahmad
• 6.4.7 - 2022-07-25
  Read more
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• d914a94 chore: release 6.5.3
• 9734768 Merge pull request #12322 from Automattic/vkarpov15/gh-12220
• be41ea5 Merge pull request #12321 from Automattic/vkarpov15/gh-12264
• 1788628 test: address comment
• ff965da Documentation: typo fix (#12324)
• 90aa098 fix(document): handle maps when applying defaults to nested paths
• 4a946ff fix(schema): make ArraySubdocuments apply `_id` defaults on init
• 8c0800a Merge pull request #12310 from Automattic/language-override-docs
• 8e49fa6 Merge pull request #12266 from Automattic/vkarpov15/fix-discriminator-subpopulate-string
• 2de1a86 Merge pull request #12314 from Automattic/revert-12313-vkarpov15/gh-9056
• 0453a91 Revert "Use setPrototypeOf() instead of __proto__ to allow running on Deno"
• ca5cc2c Merge pull request #12258 from hasezoey/addTypesModelRemove
• 3a14bef Merge branch 'master' into addTypesModelRemove
• 1284e68 fix types test for findById
• 18b1e78 fix type test for findById
• 32bb9a2 test(types): add type test re #12286 #12309
• 59dd6af Merge pull request #12309 from lpizzinidev/fix-findbyid-type
• 18d8227 Merge pull request #12313 from Automattic/vkarpov15/gh-9056
• 39d76e8 test: remove __proto__ usage in tests
• 27130ac feat: use setPrototypeOf() instead of __proto__ to allow running on Deno
• 5ed1c38 language_override option mention
• 56ce8f7 docs: add 5.13.15 release to changelog
• 8736cf6 Added findById type definitions
• e8dfde6 Merge pull request #12284 from Automattic/vkarpov15/gh-10349-202208

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication