search

Asgarrrr / Luna

An adorable discord bot fully customizable created in javascript, using Discord.js and mongoDB that is constantly growing !
https://lunadoc.vercel.app/
GNU General Public License v3.0
24 stars 3 forks source link

[Snyk] Security upgrade mongoose from 5.13.8 to 6.0.4 #44

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MPATH-1577289		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • 8d37fe5 chore: release 6.0.4
  • 0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
  • 09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
  • d278258 Merge pull request #10645 from theonlydaleking/patch-1
  • bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
  • 36d23ce fix(schema): handle maps of maps
  • d21d2b1 test(schema): repro #10644
  • 57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
  • 1a1a2f2 test: repro #10605
  • e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
  • e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
  • 3ee32b1 fix: upgrade mpath -> 0.8.4 re: aheckmann/mpath#13
  • 8fc256c fix(schema): throw error if `versionKey` is not a string
  • 3401881 chore: update opencollective sponsors
  • 0305c3b update TS docs to reflect connect Opts
  • 463f2d8 chore: release 6.0.3
  • 953131d Merge pull request #10635 from AbdelrahmanHafez/patch-11
  • c4b0e86 get rid of co
  • d1ffe7c refactor more tests to async/await
  • 48badcd refactor more tests to async/await
  • 3089342 refactor more tests to async/await
  • 72cdab0 refactor more tests to async/await
  • ab07251 use await delay instead of yield callback
  • 720f0cc refactor more tests to async/await
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic