[Snyk] Upgrade mongoose from 8.0.0 to 8.9.3

[axqqt]

Snyk has created this PR to upgrade mongoose from 8.0.0 to 8.9.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 49 versions ahead of your current version.

• The recommended version was released 23 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Neutralization of Special Elements in Data Query Logic SNYK-JS-MONGOOSE-8446504	649	No Known Exploit

Release notes

Package name: mongoose

• 8.9.3 - 2024-12-30
  

  8.9.3 / 2024-12-30

  • fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109
  • fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075
  • fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071
  • fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126
  • perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449
  • types: make BufferToBinary avoid Document instances #15123 #15122
  • types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111
  • types(schema): add missing removeIndex #15134
  • types: add cleanIndexes() to IndexManager interface #15127
  • docs: move search endpoint to netlify #15119
• 8.9.2 - 2024-12-19
  

  8.9.2 / 2024-12-19

  • fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109
  • fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108
  • fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI
  • types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057
  • types: add UUID to RefType #15115 #15101
  • docs: remove link to Mongoose 5.x docs from dropdown #15116
  • docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107
• 8.9.1 - 2024-12-16
  

  8.9.1 / 2024-12-16

  • fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812
  • fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092
  • fix(model): handle discriminators in castObject() #15096 #15075
  • fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056
  • fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048
  • fix(document+schema): improve error message for get() on invalid path #15098 #15071
  • docs: remove more callback doc references & some small other changes #15095
• 8.9.0 - 2024-12-13
  

  8.9.0 / 2024-12-13

  • feat: upgrade mongodb -> 6.12
  • feat: add int32 schematype #15054 aditi-khare-mongoDB
  • feat: add double schematype #15061 aditi-khare-mongoDB
  • feat: allow specifying error message override for duplicate key errors unique: true #15059 #12844
  • feat(connection): add support for Connection.prototype.bulkWrite() with MongoDB server 8.0 #15058 #15028
  • feat: add forceRepopulate option for populate() to allow avoiding repopulating already populated docs #15044 #14979
  • fix(connection): remove heartbeat check in load balanced mode #15089 #15042
  • fix(query): clone PopulateOptions when setting _localModel to avoid state leaking between subpopulate instances #15082 #15026
  • types: add splice() to DocumentArray to allow adding partial objects with splice() #15085 #15041
  • types(aggregate): add $firstN, $lastN, $bottom, $bottomN, $minN and $maxN operators #15087 mlomnicki
  • docs: Remove merge conflict markers #15090 sponrad
• 8.8.4 - 2024-12-05
• 8.8.3 - 2024-11-26
• 8.8.2 - 2024-11-18
• 8.8.1 - 2024-11-08
• 8.8.0 - 2024-10-31
• 8.7.3 - 2024-10-25
• 8.7.2 - 2024-10-17
• 8.7.1 - 2024-10-09
• 8.7.0 - 2024-09-27
• 8.6.4 - 2024-09-26
• 8.6.3 - 2024-09-17
• 8.6.2 - 2024-09-11
• 8.6.1 - 2024-09-03
• 8.6.0 - 2024-08-28
• 8.5.5 - 2024-08-28
• 8.5.4 - 2024-08-23
• 8.5.3 - 2024-08-13
• 8.5.2 - 2024-07-30
• 8.5.1 - 2024-07-12
• 8.5.0 - 2024-07-08
• 8.4.5 - 2024-07-05
• 8.4.4 - 2024-06-25
• 8.4.3 - 2024-06-17
• 8.4.2 - 2024-06-17
• 8.4.1 - 2024-05-31
• 8.4.0 - 2024-05-17
• 8.3.5 - 2024-05-15
• 8.3.4 - 2024-05-06
• 8.3.3 - 2024-04-29
• 8.3.2 - 2024-04-16
• 8.3.1 - 2024-04-08
• 8.3.0 - 2024-04-03
• 8.2.4 - 2024-03-28
• 8.2.3 - 2024-03-21
• 8.2.2 - 2024-03-15
• 8.2.1 - 2024-03-04
• 8.2.0 - 2024-02-22
• 8.1.3 - 2024-02-16
• 8.1.2 - 2024-02-11
• 8.1.1 - 2024-01-24
• 8.1.0 - 2024-01-16
• 8.0.4 - 2024-01-09
• 8.0.3 - 2023-12-07
• 8.0.2 - 2023-11-28
• 8.0.1 - 2023-11-15
• 8.0.0 - 2023-10-31

from mongoose GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs