[Snyk] Upgrade mongoose from 6.0.13 to 6.5.0

[0xGodson]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 6.0.13 to 6.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 44 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2022-07-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.5.0 - 2022-07-26
  

  6.5.0 / 2022-07-26

  • perf(document): avoid creating unnecessary empty objects when creating a state machine #11988
  • feat: upgrade mongodb driver -> 4.8.1 #12103 AbdelrahmanHafez
  • feat(model): allow passing timestamps option to Model.bulkSave(...) #12082 AbdelrahmanHafez
  • feat(model): add castObject() function that casts a POJO to the model's schema #11945
  • feat(document): add $inc() helper that increments numeric paths #12115
  • feat(schema): add schema level lean option IslandRhythms
  • feat(schema): add global id option to disable id on schemas #12067 IslandRhythms
  • fix(connection): re-run Model.init() if re-connecting after explicitly closing a connection #12130
  • feat(model): add applyDefaults() helper that allows applying defaults to document or POJO #11945
  • feat(model): allow calling hydrate() with { setters: true } #11653
  • feat(model): add hydrate option to Model.watch() to automatically hydrate fullDocument #12121
  • feat(types): add support for automatically typed virtuals in schemas #11908 mohammad0-0ahmad
• 6.4.7 - 2022-07-25
  

  6.4.7 / 2022-07-25

  • fix(virtualtype): use $locals for default virtual getter/setter rather than top-level doc #12124
  • fix(document): call subdocument getters if child schema has getters: true #12105
  • fix(schematype): actually always return "this" where specified #12141 hasezoey
  • fix(types): correct return value for Model.exists() #12094
  • docs(guides): add link to advanced schemas doc #12073
  • docs: handle @ see in jsdoc #12144 hasezoey
  • docs: make use of the deprecated tag available in jsdoc for documentation #12080 hasezoey
  • docs(api_split): add basic DEPRECATED output #12146 hasezoey
  • docs: various jsdoc cleanup #12140 hasezoey
  • docs(api_split.pug): add "code" to parameter name #12145 hasezoey
• 6.4.6 - 2022-07-20
  

  6.4.6 / 2022-07-20

  • fix(schema): disallow setting proto when creating schema with dotted properties #12085
  • fix(document): avoid mutating original object passed to $set() when applying defaults to nested properties #12102
  • fix(query): apply lean transform option to top-level document #12093
  • docs(migrating_to_6): correct example for isObjectIdOrHexString() #12123 LokeshKanumoori
• 6.4.5 - 2022-07-18
  

  6.4.5 / 2022-07-18

  • fix(model+timestamps): set timestamps on subdocuments in insertMany() #12060
  • fix: correct isAtlas check #12110 skrtheboss
  • fix(types): fix various issues with auto typed schemas #12042 mohammad0-0ahmad
  • fix(types): allow any value for AddFields #12096
  • fix(types): allow arbitrary expressions for ConcatArrays #12058
  • fix(types): make $addToSet fields mutable to allow programatically constructing $addToSet #12091
  • fix(types): add $let as a possible expression to $addFields #12087 AbdelrahmanHafez
  • fix(types): fix $switch expression type #12088 AbdelrahmanHafez
  • fix(types): correct options type for syncIndexes() #12101 lpizzinidev
  • fix(types): avoid treating | undefined types as any in Require_id to better support _id: String with auto-typed schemas #12070
  • docs: fix up various jsdoc issues #12086 hasezoey
  • docs: add sanitizeFilter to mongoose.set() options #12112 pathei-kosmos
• 6.4.4 - 2022-07-08
  

  6.4.4 / 2022-07-08

  • fix(types): allow using an object to configure timestamps #12061 lantw44
  • fix(types): support findOneAndReplace with rawResult #12062 lantw44
  • docs: upgrade API documentation parser #12078 #12072 #12071 #12024 hasezoey
  • docs(document): add more info on $isNew #11990
  • docs: add SchemaType doValidate() to docs #12068
• 6.4.3 - 2022-07-05
  

  6.4.3 / 2022-07-05

  • fix(document): handle validating deeply nested subdocuments underneath nested paths with required: false #12021
  • fix(types): infer schematype type from schema paths when calling SchemaType.path() #11987
  • fix(types): add $top and $topN aggregation operators #12053
  • fix(types): clean up a couple of issues with $add and $ifNull #12017
  • fix(types): allow $cond with $in #12028
  • docs: add path level descending index example in docs #12023 MitchellCash
  • docs: add Buffer, Decimal128, Map to docs #11971
• 6.4.2 - 2022-07-01
  Read more
• 6.4.1 - 2022-06-27
  Read more
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16
• 6.2.1 - 2022-02-07
• 6.2.0 - 2022-02-02
• 6.1.10 - 2022-02-01
• 6.1.9 - 2022-01-31
• 6.1.8 - 2022-01-24
• 6.1.7 - 2022-01-17
• 6.1.6 - 2022-01-10
• 6.1.5 - 2022-01-04
• 6.1.4 - 2021-12-27
• 6.1.3 - 2021-12-21
• 6.1.2 - 2021-12-15
• 6.1.1 - 2021-12-09
• 6.1.0 - 2021-12-07
• 6.0.15 - 2021-12-06
• 6.0.14 - 2021-11-29
• 6.0.13 - 2021-11-15

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• f5ee642 chore: release 6.5.0
• 204bef9 chore: run tests on pushes to branches other than pmaster
• 547e5fc fix: bump mongodb -> 4.8.1, bump bson to match
• a774148 Merge branch 'master' into 6.5
• a935534 Merge pull request #12120 from Automattic/vkarpov15/castobject
• 47c3231 Merge pull request #12130 from Automattic/vkarpov15/gh-12047
• f62cf52 Merge pull request #12121 from Automattic/vkarpov15/gh-11936
• 62f5c33 chore: release 6.4.7
• 83f55cb fix(virtualtype): use `$locals` for default virtual getter/setter rather than top-level doc
• abb3563 fix(document): call subdocument getters if child schema has getters: true
• edcf468 fix(types): correct return value for `Model.exists()`
• e2db583 docs(guides): add link to advanced schemas doc
• 8f73e06 Merge pull request #12147 from mohammad0-0ahmad-forks/ts-benchmark-1.1.10
• 7ff925b Merge pull request #12140 from hasezoey/jsdoc
• 2b0c5e1 Merge pull request #12141 from hasezoey/fixSchemaTypeReturn
• cacdc02 Merge pull request #12144 from hasezoey/addSee
• a1c63ba Merge pull request #12145 from hasezoey/addCodeToParameters
• 4c596ac Merge pull request #12146 from hasezoey/docsDeprecated
• 6ec14c9 Refactor benchmark.yml
• fb368ee Change ts-benchmark version
• 5f86151 docs(api_split): add basic DEPRECATED output
• a156af0 docs(api_split.pug): add "code" to parameter name
• 21b4818 docs(api_split.pug): add ":" to "Parameters" to be consistent with other h5
• f8674b4 docs(api_split.pug): add "See:" section if "prop.see" is defined

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs