search

bosonprotocol / reference-backend

[DEPRECATED] An example backend application for Boson Protocol
GNU Lesser General Public License v3.0
10 stars 0 forks source link

[Snyk] Upgrade mongoose from 5.11.13 to 5.13.9 #177

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade mongoose from 5.11.13 to 5.13.9.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MQUERY-1089718		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MPATH-1577289		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MONGOOSE-1086688		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 5.13.9 - 2021-09-06
  • 5.13.8 - 2021-08-23
  • 5.13.7 - 2021-08-11
  • 5.13.6 - 2021-08-09
  • 5.13.5 - 2021-07-30
  • 5.13.4 - 2021-07-28
  • 5.13.3 - 2021-07-16
  • 5.13.2 - 2021-07-03
  • 5.13.1 - 2021-07-02
  • 5.13.0 - 2021-06-28
  • 5.12.15 - 2021-06-25
  • 5.12.14 - 2021-06-15
  • 5.12.13 - 2021-06-04
  • 5.12.12 - 2021-05-28
  • 5.12.11 - 2021-05-24
  • 5.12.10 - 2021-05-18
  • 5.12.9 - 2021-05-13
  • 5.12.8 - 2021-05-10
  • 5.12.7 - 2021-04-29
  • 5.12.6 - 2021-04-27
  • 5.12.5 - 2021-04-19
  • 5.12.4 - 2021-04-15
  • 5.12.3 - 2021-03-31
  • 5.12.2 - 2021-03-22
  • 5.12.1 - 2021-03-18
  • 5.12.0 - 2021-03-11
  • 5.11.20 - 2021-03-11
  • 5.11.19 - 2021-03-05
  • 5.11.18 - 2021-02-23
  • 5.11.17 - 2021-02-17
  • 5.11.16 - 2021-02-12
  • 5.11.15 - 2021-02-03
  • 5.11.14 - 2021-01-28
  • 5.11.13 - 2021-01-20
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 07946be chore: release v5.13.9
  • 264554f fix: upgrade to mpath v0.8.4 re: security issue
  • fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
  • 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
  • 1dc9b45 style: fix lint
  • 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
  • b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
  • 2a3399e docs: another layout fix for 5.x docs
  • 5bf3c29 chore: update makefile again
  • 191678c chore: update makefile re: #10607
  • 776fae9 docs: fix up 5.x docs navbar
  • a803885 test(typescript): add coverage for #10590
  • bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
  • cb1e787 chore: release 5.13.8
  • 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
  • 6122f4b docs(api): add `Document#$where` to API docs
  • 2871c1b style: fix lint
  • 8d00f62 Merge pull request #10587 from osmanakol/master
  • 57e729b allow QueryOptions populate parameter use PopulateOptions
  • 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
  • e90aab1 docs(History): make a note about #10555
  • fca0627 style: fix lint
  • 6b92599 fix(populate): handle populating subdoc array virtual with sort
  • 283d43f test(populate): repro #10552
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs