[Snyk] Fix for 1 vulnerabilities

[giuseppealbrizio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	496/1000 Why? Recently disclosed, Has a fix available, CVSS 4.2	Information Exposure SNYK-JS-MONGODB-5871303	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongodb

The new version differs by 15 commits.

• 43673fa chore(5.x): release 5.8.0 [skip-ci] (#3825)
• 4b2fc79 docs: fix cutoff sentence on CommandStartedEvent (#3828)
• 39ff81d feat(NODE-5465,NODE-5538): lower `@ aws-sdk/credential-providers` version to 3.188.0 and `zstd` to `^1.0.0` (#3821)
• e1af343 chore: update release automation scripts 5.x (#3823)
• c0d3927 feat(NODE-5399): use mongodb-js/saslprep instead of saslprep (#3818)
• 4cf1e96 fix(NODE-5537): remove credentials from ConnectionPoolCreatedEvent options (#3813)
• e81d4a2 fix(NODE-5495): do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810)
• c3b35b3 fix(NODE-5489): set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803)
• cc3069d Revert "feat(NODE-5489): update kerberos dependency"
• 8c25d6d feat(NODE-5489): update kerberos dependency
• 9bb0d95 feat(NODE-5429): deprecate the `AutoEncrypter` interface (#3764)
• cd923c8 chore(NODE-5426): move FLE code into driver (#3761)
• 77a2709 refactor(NODE-5360): refactor CommandOperation to use async (#3749)
• eb99291 ci(NODE-4615): bump flaky operation count tests threshold (#3753)
• 8649221 docs(5.7.0) (#3758)

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 20162c6 chore: release 7.5.0
• 1cd9384 Merge pull request #13796 from Automattic/7.5
• 419c64d docs: add comment about top-level dollar keys re: #13796 code review comments
• a92e8e8 Merge branch 'master' into 7.5
• d9a4bc4 Merge pull request #13793 from Automattic/vkarpov15/gh-13774
• 29de9c4 Merge pull request #13786 from Automattic/vkarpov15/handle-top-level-dollar-keys
• 84e79b9 Merge pull request #13787 from Automattic/vkarpov15/gh-13780
• a9db5ea types: handle Schema.Types.BigInt in schema definition re: #13780
• 90fc4d2 Merge pull request #13792 from mreouven/patch-1
• 41e63bd fix(document): avoid double-calling array getters when using `.get('arr.0')`
• c1d5b76 Merge pull request #13774 from Automattic/vkarpov15/gh-13748
• 0d956ce test: fix tests
• f44e169 Update pipelinestage.d.ts
• 9f1c24c Update pipelinestage.d.ts
• 7ec92a7 types(schematypes): add missing BigInt SchemaType
• fe7f80b test: add tests
• 40146c8 feat: allow top level dollar keys with findOneAndUpdate(), update()
• fafa5d5 Merge branch 'master' into 7.5
• e36fc48 docs: fix link
• 65245a4 style: fix lint
• 069651e Merge branch 'master' into 7.5
• 6eeb875 Merge branch 'master' into vkarpov15/gh-13748
• e12ae3f chore: release 7.4.5
• 13c2ad0 fix(model): fix merge issue

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.