Skip to content

[Snyk] Security upgrade mongoose from 4.13.21 to 5.2.9 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade mongoose from 4.13.21 to 5.2.9 #9

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 630/1000
Why? Has a fix available, CVSS 8.1		 Internal Property Tampering
SNYK-JS-BSON-561052		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • 7875d53 Merge branch 'master' of github.com:Automattic/mongoose
  • 3a8d8cf chore: release 5.2.9
  • 9eb4dc6 chore: add cpc ads to more guides
  • 942a54d Merge pull request #6877 from Fonger/patch-write-concern
  • 4abdf8e chore: fix typo
  • fb447d0 fix(model): correctly propagate writeConcern options in save()
  • e7b6f0d test(model): repro #6862
  • 7e8e7f0 Merge pull request #6866 from Fonger/buffer-json-cast
  • c7e291f Merge pull request #6868 from Fonger/gh-6840-fix
  • dcbd790 test(connection): increase delay in reconnectFailed test
  • 068f584 docs(faq): add question about localhost being slow if no IPv6
  • 25196b2 Merge pull request #6869 from simllll/patch-4
  • d907dc2 test: work around Fix error handler in topology.connect mongodb/node-mongodb-native#1812
  • 0b5803b fix(query): get global runValidators option correctly
  • 24d1f6b test(mongoose): repro #6578
  • 9233491 Chore: mongodb to 3.1.3, mongodb-core to 3.1.2
  • a85c402 fix(schema): fix `this` scope of default function for DocumentArray and Array
  • 7512100 test(model): repro #6840
  • 3fa4485 feat(types): support casting JSON form of buffer
  • 9785cb9 test(types): cast JSON form of buffer
  • d78357b chore: now working on 5.2.9
  • 4ee9c9c chore: go back to 5.2.8 for website
  • 607c13d Merge pull request #6860 from Fonger/https-improve
  • bdc1324 docs(website): fix mixed content warning on https://mongoosejs.com

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
ceae699 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BSON-561052
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot