This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 6.7.5 to 6.8.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version.
- The recommended version was released **22 days ago**, on 2022-12-28.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **372/1000** **Why?** Proof of Concept exploit, CVSS 5.3 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: mongoose
1d71187 Merge branch 'master' into vkarpov15/gh-12420-2
2bf15d5 Merge pull request #12827 from Automattic/vkarpov15/gh-12796
9f05147 Merge pull request #12828 from Automattic/vkarpov15/gh-12643
b311b33 Merge pull request #12829 from hasezoey/addWriteConcern
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/m0cah/project/1be368a2-afd2-40c2-ba18-8d9754f25511?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/m0cah/project/1be368a2-afd2-40c2-ba18-8d9754f25511/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/m0cah/project/1be368a2-afd2-40c2-ba18-8d9754f25511/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 6.7.5 to 6.8.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2022-12-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **372/1000**
**Why?** Proof of Concept exploit, CVSS 5.3 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
-
6.8.2 - 2022-12-28
- fix(schema): propagate strictQuery to implicitly created schemas for embedded discriminators #12827 #12796
- fix(model): respect discriminators with Model.validate() #12824 #12621
- fix(query): fix unexpected validation error when doing findOneAndReplace() with a nullish value #12826 #12821
- fix(discriminator): apply built-in plugins to discriminator schema even if mergeHooks and mergePlugins are both false #12833 #12696
- fix(types): add option "overwriteModels" as a schema option #12817 #12816 hasezoey
- fix(types): add property "defaultOptions" #12818 hasezoey
- docs: make search bar respect documentation version, so you can search 5.x docs #12548
- docs(typescript): make note about recommending strict mode when using auto typed schemas #12825 #12420
- docs: add section on sorting to query docs #12588 IslandRhythms
- test(query.test): add write-concern option #12829 hasezoey
-
6.8.1 - 2022-12-19
- fix(query): avoid throwing circular dependency error if same object is used in multiple properties #12774 orgads
- fix(map): return value from super.delete() #12777 danbrud
- fix(populate): handle virtual populate underneath document array with justOne=true and sort set where 1 element has only 1 result #12815 #12730
- fix(update): handle embedded discriminators when casting array filters #12802 #12565
- fix(populate): avoid calling transform if there's no populate results and using lean #12804 #12739
- fix(model): prevent index creation on syncIndexes if not necessary #12785 #12250 lpizzinidev
- fix(types): correctly infer this when using pre('updateOne') with { document: true, query: false } #12778
- fix(types): make InferSchemaType: consider { required: boolean } required if it isn't explicitly false #12784 JavaScriptBach
- docs: replace many occurrences of "localhost" with "127.0.0.1" #12811 #12741 hasezoey SadiqOnGithub
- docs(mongoose): Added missing options to set #12810 lpizzinidev
- docs: add info on
- docs: make Document.prototype.$clone() public #12803
- docs(query): updated explanation for slice #12776 #12474 lpizzinidev
- docs(middleware): fix broken links #12787 lpizzinidev
- docs(queries): fixed broken links #12790 lpizzinidev
-
6.8.0 - 2022-12-05
- feat: add alpha support for Deno #12397 #9056
- feat: add deprecation warning for default strictQuery #12666
- feat: upgrade to MongoDB driver 4.12.1
- feat(schema): add doc as second params to validation message function #12564 #12651 IslandRhythms
- feat(document): add $clone method #12549 #11849 lpizzinidev
- feat(populate): allow overriding
- feat(schema+types): add { errorHandler: true } option to Schema post() for better TypeScript support #12723 #12583
- feat(debug): allow setting debug on a per-connection basis #12704 #12700 lpizzinidev
- feat: add rewind function to QueryCursor #12710 passabilities
- feat(types): infer timestamps option from schema #12731 #12069
- docs: change links to not link to api.html anymore #12644 hasezoey
-
6.7.5 - 2022-11-30 Read more
from mongoose GitHub release notes6.8.2 / 2022-12-28
6.8.1 / 2022-12-19
$localsparameters to getters/setters tutorial #12814 #12550 IslandRhythms6.8.0 / 2022-12-05
localFieldandforeignFieldfor virtual populate #12657 #6963 IslandRhythmsCommit messages
Package name: mongoose
- cd20f82 chore: release 6.8.2
- d9ae2dc Merge pull request #12838 from Automattic/vkarpov15/gh-12770
- 2aa009b Merge pull request #12841 from hasezoey/addNavBarDefaultVersion
- a46ee18 docs(navbar-search): add missing variables
- a145f2c Merge branch '5.x'
- aef4c7b docs: quick fix for search re: #12830
- 4fa07d9 Merge branch '5.x'
- 48179b4 chore: search fixes
- bcb3d66 Merge branch '5.x'
- c3384bc docs: fix search re: #12830
- fd1fa9d docs: backport #12830 to 5.x
- e3472fa Merge pull request #12830 from Automattic/vkarpov15/gh-12548
- 2796185 Merge pull request #12825 from Automattic/vkarpov15/gh-12420-2
- 6a8aee9 chore: use parseInt for tsc diagnostics check re: code review comments
- 2ad5c3c Merge branch 'master' into vkarpov15/gh-12770
- dc1d82f Merge pull request #12824 from Automattic/vkarpov15/gh-12621
- f140bf2 test: try clearing models before and after
- 1a8bf29 Merge branch 'vkarpov15/gh-12621' of github.com:Automattic/mongoose into vkarpov15/gh-12621
- 61c09b8 Merge branch 'master' into vkarpov15/gh-12621
- 532b452 docs: make not about strictNullChecks
- 1d71187 Merge branch 'master' into vkarpov15/gh-12420-2
- 2bf15d5 Merge pull request #12827 from Automattic/vkarpov15/gh-12796
- 9f05147 Merge pull request #12828 from Automattic/vkarpov15/gh-12643
- b311b33 Merge pull request #12829 from hasezoey/addWriteConcern
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: