bump version of mongoose

[poppypiney]

I've noticed warnings such Accessing non-existent property 'count' of module exports inside circular dependency while starting the app and then found that these warnings come from using mongoose 5 with an old MongoDB driver.

I am not so sure, Is there any reason to keep mongoose 5 as a dependency?

Also, I did a little test bumping to v6 and edited index.js by removing these mongoose.connect options { useNewUrlParser: true, useCreateIndex: true } as they mention here https://mongoosejs.com/docs/migrating_to_6.html#no-more-deprecation-warning-options

the result seems to be ok, no warning/no error threw up on the terminal but still not so sure

[Beacon24]

mongoose 5 is what we used in the online bootcamp I followed to get started on this, but there's probably no reason to stick with the old version. I have just been afraid that switching might screw something up, but now is probably the time to try and see.

[poppypiney]

I noticed that your package-lock.json is different from mine, May I ask which node/npm version do you use for this project? I will try to use the same version which I believe can help us the chance to have different warnings/errors

[Beacon24]

It looks like I'm using npm version 6.14.4 Which are you using?

[poppypiney]

I normally use node 16.x.x and npm 8.x.x the LTS version

[Beacon24]

I am going to make a copy of the app and try updating mongoose, node and npm to see if all still works fine.

Edit: I made a first attempt at updating and am realizing, if I update node and npm then I update them for my entire machine, not just the app I am currently working in, correct?

[poppypiney]

usually, when working with node, we will install it with node version manager such as nvm (https://github.com/nvm-sh/nvm) or n (https://github.com/tj/n) which can help us switch to a different version of node easier, because of the point you said it would change to the entire machine.

[Beacon24]

Ok, I have updated node with nvm, thanks for the tip. Do I need to do anything further to update the app as well?

Thanks! I will also try to upgrade to Mongoose 6 today or tomorrow.

After everything is upgraded, I will begin working on deployment for some early beta-testing while I work on building out our database search and filter capabilities.

[Beacon24]

I am confused about how to upgrade mongoose, and about upgrading node modules in general.

I ran npm update which seemed to work, but the modules listed in my package.json are still the same old versions. How do I get that info to update? Do I have to do it manually? Or do I re-run npm init or something similar?

Also, because of the info returned on npm update, I am concerned about breakages. Those terminal returns are copies and pasted below, in case they are relevant.

npm update returned:

npm WARN deprecated multer@1.4.4: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.

added 88 packages, removed 26 packages, changed 122 packages, and audited 420 packages in 13s

42 packages are looking for funding
  run `npm fund` for details

11 vulnerabilities (6 moderate, 3 high, 2 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

npm audit returned:

# npm audit report

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    multer  <=2.0.0-rc.3
    Depends on vulnerable versions of busboy
    node_modules/multer

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix --force`
Will install ejs-mate@4.0.0, which is a breaking change
node_modules/ejs-mate/node_modules/ejs
  ejs-mate  <=3.0.0
  Depends on vulnerable versions of ejs
  node_modules/ejs-mate

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodemon@1.3.3, which is a breaking change
node_modules/got
node_modules/package-json/node_modules/got
  @mapbox/mapbox-sdk  *
  Depends on vulnerable versions of got
  node_modules/@mapbox/mapbox-sdk
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  >=0.2.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        nodemon  >=1.3.5
        Depends on vulnerable versions of update-notifier
        node_modules/nodemon

11 vulnerabilities (6 moderate, 3 high, 2 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

[lukebelliveau]

npm update will update versions only if indicated it should do so in package.json. this behavior is determined by the caret and tilde notation, which you can read about here. this is because automatic upgrades to minor/major versions of packages can cause compatibility issues, so for good reason, npm makes you upgrade manually. if you want to upgrade mongoose, manually change the version indicated in your package.json file and run npm install.

resources: npm update, caret & tilde notation: https://docs.npmjs.com/cli/v6/commands/npm-update semantic versioning in npm: https://docs.npmjs.com/about-semantic-versioning

[Beacon24]

excellent, this makes sense now, thank you!