search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade mongoose from 5.13.10 to 5.13.14 #116

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade mongoose from 5.13.10 to 5.13.14.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Directory Traversal
SNYK-JS-MOMENT-2440688		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 5.13.14 - 2021-12-27
  • 5.13.13 - 2021-11-02
  • 5.13.12 - 2021-10-19
  • 5.13.11 - 2021-10-12
  • 5.13.10 - 2021-10-05
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • d2b846f chore: release 5.13.14
  • 69c1f6c docs(models): fix up nModified example for 5.x
  • 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
  • a738440 chore: release 5.13.13
  • 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
  • c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
  • ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
  • d205c4d make value optional
  • c6fd7f7 Fix ts types for query set
  • 22e9b3b [gh-10902 v5] Add node major version to utils
  • 5468642 [gh-10902 v5] Emit end event in before close
  • 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
  • b7ebeec Update mongodb driver to 3.7.3
  • ec4f07e chore: release 5.13.12
  • 7b4e4e7 test: hopefully fix Node v4 tests on 5.x branch
  • 92bfcb7 Merge pull request #10897 from iovanom/gh-10875-1
  • 46165d6 [gh-10875] Use stream destroy method on close to prevent emit 'close' event twice
  • f1376f3 fix(index.d.ts): backport streamlining of FilterQuery and DocumentDefinition to avoid "excessively deep and possibly infinite" TS errors
  • 4b8e0d1 chore: release 5.13.11
  • f516c7f Merge pull request #10871 from winstonralph/fix/mongodb-security
  • 8dd66ca chore: undo mistaken version bump
  • 1192162 fix(security): updated mongodb dependency due to vulnerabilities
  • 30efc39 fix(connection): call `setMaxListeners(0)` on MongoClient to avoid event emitter memory leak warnings with `useDb()`
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs