Bump mongoose from 5.2.7 to 5.2.12

[dependabot-preview[bot]]

Bumps mongoose from 5.2.7 to 5.2.12.

Changelog

*Sourced from [mongoose's changelog](https://github.com/Automattic/mongoose/blob/master/History.md).* > 5.2.12 / 2018-08-30 > =================== > * fix(document): disallow setting `constructor` and `prototype` if strict mode false > > 4.13.17 / 2018-08-30 > ==================== > * fix(document): disallow setting `constructor` and `prototype` if strict mode false > > 5.2.11 / 2018-08-30 > =================== > * fix(document): disallow setting __proto__ if strict mode false > * fix(document): run document middleware on docs embedded in maps [#6945](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6945) [#6938](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6938) [Fonger](https://github.com/Fonger) > * fix(query): make castForQuery return a CastError [#6943](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6943) [#6927](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6927) [lineus](https://github.com/lineus) > * fix(query): use correct `this` scope when casting query with legacy 2dsphere pairs defined in schema [#6939](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6939) [#6937](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6937) [Fonger](https://github.com/Fonger) > * fix(document): avoid crash when calling `get()` on deeply nested subdocs [#6929](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6929) [#6925](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6925) [jakemccloskey](https://github.com/jakemccloskey) > * fix(plugins): make saveSubdocs execute child post save hooks _after_ the actual save [#6926](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6926) > * docs: add dbName to api docs for .connect() [#6923](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6923) [p722](https://github.com/p722) > * fix(populate): convert to array when schema specifies array, even if doc doesn't have an array [#6908](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6908) > * fix(populate): handle `justOne` virtual populate underneath array [#6867](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6867) > * fix(model): dont set versionKey on upsert if it is already `$set` [#5973](https://github-redirect.dependabot.com/Automattic/mongoose/issues/5973) > > 4.13.16 / 2018-08-30 > ==================== > * fix(document): disallow setting __proto__ if strict mode false > * feat(error): backport adding modified paths to VersionError [#6928](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6928) [freewil](https://github.com/freewil) > > 5.2.10 / 2018-08-27 > =================== > * fix: bump mongodb driver -> 3.1.4 [#6920](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6920) [#6903](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6903) [#6884](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6884) [#6799](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6799) [#6741](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6741) [Fonger](https://github.com/Fonger) > * fix(model): track `session` option for `save()` as the document's `$session()` [#6909](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6909) > * fix(query): add Query.getOptions() helper [#6907](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6907) [Fonger](https://github.com/Fonger) > * fix(document): ensure array atomics get cleared after save() [#6900](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6900) > * fix(aggregate): add missing redact and readConcern helpers [#6895](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6895) [Fonger](https://github.com/Fonger) > * fix: add global option `mongoose.set('useCreateIndex', true)` to avoid ensureIndex deprecation warning [#6890](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6890) > * fix(query): use `projection` option to avoid deprecation warnings [#6888](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6888) [#6880](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6880) [Fonger](https://github.com/Fonger) > * fix(query): use `findOneAndReplace()` internally if using `overwrite: true` with `findOneAndUpdate()` [#6888](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6888) [Fonger](https://github.com/Fonger) > * fix(document): ensure required cache gets cleared correctly between subsequent saves [#6892](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6892) > * fix(aggregate): support session chaining correctly [#6886](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6886) [#6885](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6885) [Fonger](https://github.com/Fonger) > * fix(query): use `projection` instead of `fields` internally for `find()` and `findOne()` to avoid deprecation warning [#6880](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6880) > * fix(populate): add `getters` option to opt in to calling getters on populate [#6844](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6844) > > 5.2.9 / 2018-08-17 > ================== > * fix(document): correctly propagate write concern options in save() [#6877](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6877) [Fonger](https://github.com/Fonger) > * fix: upgrade mongodb driver -> 3.1.3 for numerous fixes [#6869](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6869) [#6843](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6843) [#6692](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6692) [#6670](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6670) [simllll](https://github.com/simllll) > * fix: correct `this` scope of default functions for DocumentArray and Array [#6868](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6868) [#6840](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6840) [Fonger](https://github.com/Fonger) > * fix(types): support casting JSON form of buffers [#6866](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6866) [#6863](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6863) [Fonger](https://github.com/Fonger) > * fix(query): get global runValidators option correctly [#6865](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6865) [#6578](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6578) > * fix(query): add Query.prototype.setQuery() analogous to `getQuery()` [#6855](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6855) [#6854](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6854) > * docs(connections): add note about the `family` option for IPv4 vs IPv6 and add port to example URIs [#6784](https://github-redirect.dependabot.com/Automattic/mongoose/issues/6784) > ... (truncated)

Commits

- [`36850b6`](https://github.com/Automattic/mongoose/commit/36850b6960e4a807a83195edbe723dfa50c5b282) chore: release 5.2.12 - [`29fefa9`](https://github.com/Automattic/mongoose/commit/29fefa93697e60e1035ce94ad1ff6067ba7bcc28) Merge branch '4.x' - [`4545d44`](https://github.com/Automattic/mongoose/commit/4545d44c56a1fe62fa21d783b70bb3a8ff1734cd) chore: release 4.13.17 - [`fb8b644`](https://github.com/Automattic/mongoose/commit/fb8b644b7ffdd2799f23bb2d8dd1ba875ec8323a) fix(document): disallow setting constructor and prototype if strict mode false - [`73399e9`](https://github.com/Automattic/mongoose/commit/73399e9f80f0c61296596b91cf0032ef337b08d6) chore: release 5.2.11 - [`346d1f5`](https://github.com/Automattic/mongoose/commit/346d1f55959ef2d6ee6560ce1f43d71776bf0506) chore: add cpc - [`a9962c7`](https://github.com/Automattic/mongoose/commit/a9962c7ffb66632987da299a90fd776ff3c8278a) style: fix lint - [`8565d4d`](https://github.com/Automattic/mongoose/commit/8565d4d5c459cab5c727c6cbf215d695a1398ce4) Merge branch '4.x' - [`b33d8c2`](https://github.com/Automattic/mongoose/commit/b33d8c2fd0deafcf8da487a18a4fdbbc93db6ad1) style: fix lint - [`efcce8f`](https://github.com/Automattic/mongoose/commit/efcce8f211edcb3ca8cd0c85a49bc04eaa68e9be) Merge branch '4.x' - Additional commits viewable in [compare view](https://github.com/Automattic/mongoose/compare/5.2.7...5.2.12)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #66.