[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JS-BSON-561052	Yes	No Known Exploit

Commit messages

Package name: mongodb

The new version differs by 250 commits.

• 79da11f 3.1.3
• 337cb79 feat(core): update to mongodb-core 3.1.2
• ff5fafc refactor(topology-base): `getServer` => `selectServer`
• b33fc74 3.1.2
• 78f6977 fix(mongo_client): translate options for connectWithUrl
• 36e92f1 fix(db_ops): call collection.find() with correct parameters (#1795)
• 759dd85 fix(buffer): replace deprecated Buffer constructor
• cb9d915 docs(connect): remove references to MongoClient.connect
• b8d2f1d fix(teardown): properly destroy a topology when initial connect fails
• 64027e8 refactor(export): expose CommandCursor
• 6ef85c4 refactor(export): expose AggregationCursor
• 13d776f fix(cursor): set readPreference for cursor.count
• a5d0f1d feat(deprecation): wrap deprecated functions
• 4f907a0 feat(deprecation): create deprecation function
• 666b8fa refactor(bulk): Unify bulk operations
• a0d84f6 test(evergreen): adding evergreen config to native driver
• b8471f1 fix(collection): isCapped returns false instead of undefined
• 86344f4 fix(collection): ensure findAndModify always use readPreference primary
• c25c519 test(countDocuments): full test coverage for countDocuments
• 25ca557 docs(contributing): fix link to HISTORY.md
• 4395110 chore(MongoClient): add missing legacy option name on warning message
• 297d843 docs(sessions): updating docs for sessions
• 15dc808 fix(db_ops): fix two incorrectly named variables
• fca1185 fix(count-documents): return callback on error case

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 76fae6d chore: release 5.3.9
• 40d4177 Merge pull request #7213 from NewEraCracker/master
• 751397c fix(document): run setter only once when doing `.set()` underneath a single nested subdoc
• 10837d4 test(document): repro #7196
• 10a63a9 Bump version of bson dependency to match mongodb-core
• d10274e docs(transactions): add example of aborting a transaction
• d245847 Merge branch 'master' of github.com:Automattic/mongoose
• 551a75b chore: add cpc to some pages that were missing it
• 1ca3514 Merge pull request #7210 from gfranco93/patch-1
• c1606b6 Merge pull request #7207 from lineus/fix-7098
• e9d538e Merge pull request #7203 from lineus/fix-7202
• 8f16b67 fix(document): surface errors in subdoc pre validate
• 87005a1 test(document): repro #7187
• 5b1d81c Documentation fix: fixed anchor link
• eebfb36 docs(query): add note re: cursor()
• c1e2617 docs(query): improve find() docs re: #7188
• 526f82d fix(query): run default functions after hydrating the loaded document
• 320d5f8 test(query): repro #7182
• 64c6d15 if our update schema path is a nested array do not skip query casting.
• 5d122e8 test for #7098
• 5ba13a7 refactor(test): move strictQuery tests to query.test.js since they do not use findOneAndUpdate()
• 4121629 chore: refer to correct issue #7178
• 22ed5d2 fix(query): handle strictQuery: 'throw' with nested path correctly
• 8c16354 test(query): repro #7152

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic