Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[Snyk] Upgrade mongoose from 6.0.3 to 6.0.4 #15

Closed
wants to merge 10 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade mongoose from 6.0.3 to 6.0.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-09-01.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MPATH-1577289
673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 8d37fe5 chore: release 6.0.4
  • 0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
  • 09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
  • d278258 Merge pull request #10645 from theonlydaleking/patch-1
  • bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
  • 36d23ce fix(schema): handle maps of maps
  • d21d2b1 test(schema): repro #10644
  • 57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
  • 1a1a2f2 test: repro #10605
  • e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
  • e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
  • 3ee32b1 fix: upgrade mpath -> 0.8.4 re: Security Fix for Prototype Pollution mongoosejs/mpath#13
  • 8fc256c fix(schema): throw error if `versionKey` is not a string
  • 3401881 chore: update opencollective sponsors
  • 0305c3b update TS docs to reflect connect Opts
  • c4b0e86 get rid of co
  • d1ffe7c refactor more tests to async/await
  • 48badcd refactor more tests to async/await
  • 3089342 refactor more tests to async/await
  • 72cdab0 refactor more tests to async/await
  • ab07251 use await delay instead of yield callback
  • 720f0cc refactor more tests to async/await
  • cd64a06 refacot more tests to async/await
  • 7537bbf refactor more tests to async/await

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@netlify
Copy link

netlify bot commented Sep 22, 2021

✔️ Deploy Preview for just-plan-it canceled.

🔨 Explore the source changes: c9d5d7a

🔍 Inspect the deploy log: https://app.netlify.com/sites/just-plan-it/deploys/614e229ea092a20007c41f73

@KaunainKarmali KaunainKarmali deleted the snyk-upgrade-1f7adee309479f10bab35a1af0bdd4d5 branch September 24, 2021 19:11
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants