This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 6.0.12 to 6.2.9.
![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=mongoose&from_version=6.0.12&to_version=6.2.9&pr_id=89e5fb8e-858b-4a9a-8fd2-d30b9bcfb241&visibility=true&has_feature_flag=false)
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **24 versions** ahead of your current version.
- The recommended version was released **a month ago**, on 2022-03-28.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Directory Traversal [SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
| Prototype Pollution [SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
| Information Exposure [SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept
| Information Exposure [SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: mongoose
5661790 fix(types): make UpdateQuery use partial schema with types
b195ab1 fix(types): allow UpdateQuery to have $set properties on top level
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 6.0.12 to 6.2.9.
![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=mongoose&from_version=6.0.12&to_version=6.2.9&pr_id=89e5fb8e-858b-4a9a-8fd2-d30b9bcfb241&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **24 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-03-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Directory Traversal
[SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
6.2.9 / 2022-03-28
expires
option #11557 boly38refPath
example #11565 chandiwalaaadhar6.2.8 / 2022-03-22
this = any
in middleware #114356.2.7 / 2022-03-16
6.2.6 / 2022-03-11
6.2.5 / 2022-03-09
isValidObjectId()
#11419$set
#11456localField
andforeignField
functions #11321{ field: 'asc'|'ascending'|'desc'|'descending' }
#11479 simonbrunelQuery.prototype.populate()
a string #11475 minhthinhls6.2.4 / 2022-02-28
pick()
#11448 Moisei-ShkilCommit messages
Package name: mongoose
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)