Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mongoose from 5.12.13 to 5.13.14 #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade mongoose from 5.12.13 to 5.13.14.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 17 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-12-27.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MPATH-1577289
601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 5.13.14 - 2021-12-27
  • 5.13.13 - 2021-11-02
  • 5.13.12 - 2021-10-19
  • 5.13.11 - 2021-10-12
  • 5.13.10 - 2021-10-05
  • 5.13.9 - 2021-09-06
  • 5.13.8 - 2021-08-23
  • 5.13.7 - 2021-08-11
  • 5.13.6 - 2021-08-09
  • 5.13.5 - 2021-07-30
  • 5.13.4 - 2021-07-28
  • 5.13.3 - 2021-07-16
  • 5.13.2 - 2021-07-03
  • 5.13.1 - 2021-07-02
  • 5.13.0 - 2021-06-28
  • 5.12.15 - 2021-06-25
  • 5.12.14 - 2021-06-15
  • 5.12.13 - 2021-06-04
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • d2b846f chore: release 5.13.14
  • 69c1f6c docs(models): fix up nModified example for 5.x
  • 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
  • a738440 chore: release 5.13.13
  • 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
  • c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
  • ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
  • d205c4d make value optional
  • c6fd7f7 Fix ts types for query set
  • 22e9b3b [gh-10902 v5] Add node major version to utils
  • 5468642 [gh-10902 v5] Emit end event in before close
  • 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
  • b7ebeec Update mongodb driver to 3.7.3
  • ec4f07e chore: release 5.13.12
  • 7b4e4e7 test: hopefully fix Node v4 tests on 5.x branch
  • 92bfcb7 Merge pull request #10897 from iovanom/gh-10875-1
  • 46165d6 [gh-10875] Use stream destroy method on close to prevent emit 'close' event twice
  • f1376f3 fix(index.d.ts): backport streamlining of FilterQuery and DocumentDefinition to avoid "excessively deep and possibly infinite" TS errors
  • 4b8e0d1 chore: release 5.13.11
  • f516c7f Merge pull request #10871 from winstonralph/fix/mongodb-security
  • 8dd66ca chore: undo mistaken version bump
  • 1192162 fix(security): updated mongodb dependency due to vulnerabilities
  • 30efc39 fix(connection): call `setMaxListeners(0)` on MongoClient to avoid event emitter memory leak warnings with `useDb()`
  • d99f42c chore: release 5.13.10

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant