[Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 4.2.4 to 4.13.19.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 136 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2019-07-17.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Remote Memory Exposure npm:mongoose:20160116	Mature
	Arbitrary Code Injection SNYK-JS-MORGAN-72579	Proof of Concept

Release notes

Package name: mongoose

• 4.13.19 - 2019-07-17
• 4.13.18 - 2019-01-22
• 4.13.17 - 2018-08-30
• 4.13.16 - 2018-08-30
• 4.13.15 - 2018-08-14
• 4.13.14 - 2018-05-25
• 4.13.13 - 2018-05-17
• 4.13.12 - 2018-03-14
• 4.13.11 - 2018-02-08
• 4.13.10 - 2018-01-28
• 4.13.9 - 2018-01-07
• 4.13.8 - 2017-12-27
• 4.13.7 - 2017-12-12
• 4.13.6 - 2017-12-02
• 4.13.5 - 2017-11-24
• 4.13.4 - 2017-11-17
• 4.13.3 - 2017-11-16
• 4.13.2 - 2017-11-13
• 4.13.1 - 2017-11-09
• 4.13.0 - 2017-11-03
• 4.12.6 - 2017-11-01
• 4.12.5 - 2017-10-30
• 4.12.4 - 2017-10-21
• 4.12.3 - 2017-10-16
• 4.12.2 - 2017-10-14
• 4.12.1 - 2017-10-08
• 4.12.0 - 2017-10-03
• 4.11.14 - 2017-09-30
• 4.11.13 - 2017-09-25
• 4.11.12 - 2017-09-18
• 4.11.11 - 2017-09-10
• 4.11.10 - 2017-09-04
• 4.11.9 - 2017-08-28
• 4.11.8 - 2017-08-24
• 4.11.7 - 2017-08-14
• 4.11.6 - 2017-08-07
• 4.11.5 - 2017-07-30
• 4.11.4 - 2017-07-23
• 4.11.3 - 2017-07-14
• 4.11.2 - 2017-07-13
• 4.11.1 - 2017-07-03
• 4.11.0 - 2017-06-25
• 4.10.8 - 2017-06-22
• 4.10.7 - 2017-06-18
• 4.10.6 - 2017-06-13
• 4.10.5 - 2017-06-07
• 4.10.4 - 2017-05-29
• 4.10.3 - 2017-05-27
• 4.10.2 - 2017-05-23
• 4.10.1 - 2017-05-22
• 4.10.0 - 2017-05-18
• 4.9.10 - 2017-05-18
• 4.9.9 - 2017-05-13
• 4.9.8 - 2017-05-07
• 4.9.7 - 2017-05-01
• 4.9.6 - 2017-04-24
• 4.9.5 - 2017-04-17
• 4.9.4 - 2017-04-09
• 4.9.3 - 2017-04-02
• 4.9.2 - 2017-03-26
• 4.9.1 - 2017-03-19
• 4.9.0 - 2017-03-13
• 4.8.7 - 2017-03-12
• 4.8.6 - 2017-03-05
• 4.8.5 - 2017-02-26
• 4.8.4 - 2017-02-20
• 4.8.3 - 2017-02-16
• 4.8.2 - 2017-02-11
• 4.8.1 - 2017-01-31
• 4.8.0 - 2017-01-29
• 4.7.9 - 2017-01-27
• 4.7.8 - 2017-01-24
• 4.7.7 - 2017-01-16
• 4.7.6 - 2017-01-03
• 4.7.5 - 2016-12-26
• 4.7.5-pre - 2016-12-26
• 4.7.4 - 2016-12-20
• 4.7.3 - 2016-12-16
• 4.7.2 - 2016-12-08
• 4.7.1 - 2016-12-01
• 4.7.0 - 2016-11-23
• 4.6.8 - 2016-11-15
• 4.6.7 - 2016-11-10
• 4.6.6 - 2016-11-03
• 4.6.5 - 2016-10-24
• 4.6.4 - 2016-10-17
• 4.6.3 - 2016-10-06
• 4.6.2 - 2016-10-01
• 4.6.1 - 2016-09-20
• 4.6.0 - 2016-09-02
• 4.5.10 - 2016-08-23
• 4.5.9 - 2016-08-14
• 4.5.8 - 2016-08-01
• 4.5.7 - 2016-07-25
• 4.5.6 - 2016-07-23
• 4.5.5 - 2016-07-18
• 4.5.4 - 2016-07-11
• 4.5.3 - 2016-07-01
• 4.5.2 - 2016-06-25
• 4.5.1 - 2016-06-18
• 4.5.0 - 2016-06-13
• 4.4.20 - 2016-06-05
• 4.4.19 - 2016-05-21
• 4.4.18 - 2016-05-21
• 4.4.17 - 2016-05-13
• 4.4.16 - 2016-05-09
• 4.4.15 - 2016-05-06
• 4.4.14 - 2016-04-27
• 4.4.13 - 2016-04-21
• 4.4.12 - 2016-04-08
• 4.4.11 - 2016-04-03
• 4.4.10 - 2016-03-24
• 4.4.9 - 2016-03-23
• 4.4.8 - 2016-03-18
• 4.4.7 - 2016-03-11
• 4.4.6 - 2016-03-03
• 4.4.5 - 2016-02-24
• 4.4.4 - 2016-02-17
• 4.4.3 - 2016-02-09
• 4.4.2 - 2016-02-05
• 4.4.1 - 2016-02-03
• 4.4.0 - 2016-02-02
• 4.3.7 - 2016-01-23
• 4.3.6 - 2016-01-15
• 4.3.5 - 2016-01-09
• 4.3.4 - 2015-12-23
• 4.3.3 - 2015-12-18
• 4.3.2 - 2015-12-17
• 4.3.1 - 2015-12-11
• 4.3.0 - 2015-12-09
• 4.2.10 - 2015-12-08
• 4.2.9 - 2015-12-02
• 4.2.8 - 2015-11-25
• 4.2.7 - 2015-11-20
• 4.2.6 - 2015-11-16
• 4.2.5 - 2015-11-09
• 4.2.4 - 2015-11-02

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• f51c4aa chore: release 4.13.19
• 2aeeaa8 Merge pull request #7950 from cdimitroulas/backport-aggregate-options-bugfix
• b10cc98 rename aggregation option test
• d9a2027 fix bug: Using options in aggregates doesn't set anything
• 75daf18 chore: release 4.13.18
• 8c75e9b chore: dont run nsp
• c8b8720 style: fix lint
• edf70e4 fix(cast): backport fix from #7290 to 4.x
• 29f6709 fix(model): handle setting populated path set via `Document#populate()`
• 0e1772f test(document): repro #7302
• 2370f97 chore: now working on 4.13.18
• 4545d44 chore: release 4.13.17
• fb8b644 fix(document): disallow setting constructor and prototype if strict mode false
• b33d8c2 style: fix lint
• df93f5b chore: release 4.13.16
• a3b98f6 fix(document): disallow setting __proto__ if strict mode false
• a738273 Merge pull request #6928 from hellodigit/4.x-modifiedpaths-pr
• 5046cef fix str spacing
• 7ba0068 feat(error): add modified paths to VersionError
• 631f476 chore: release 4.13.15
• 953a846 fix(mongoose): add global `usePushEach` option for easier Mongoose 4.x + MongoDB 3.6
• 754a4e9 chore: add test/files to npmignore+gitignore for 4.x
• 0e8f016 Merge pull request #6853 from Fonger/4.x-ci-improve
• 0e0dba0 Merge pull request #6852 from hellodigit/4.x-version-number-errors

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs