search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade mongoose from 6.0.12 to 6.2.9 #128

Closed flaviuse closed 2 years ago

flaviuse commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongoose from 6.0.12 to 6.2.9.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=mongoose&from_version=6.0.12&to_version=6.2.9&pr_id=89e5fb8e-858b-4a9a-8fd2-d30b9bcfb241&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **24 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-03-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Directory Traversal
[SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
  • 6.2.9 - 2022-03-28

    6.2.9 / 2022-03-28

    • perf(document+model): make a few small optimizations #11380
    • fix(types): improve populate return type #11560 mohammad0-0ahmad
    • fix(document): avoid marking paths as modified on subdocument defaults #11528
    • docs(schema): add example to index expires option #11557 boly38
    • docs(model): add change stream docs #11275
    • docs(lambda): update Lambda docs for Mongoose 6 #11275
    • docs(connections): add note about connecting with X509 #11333
    • docs(populate): fix incorrect path name in refPath example #11565 chandiwalaaadhar
  • 6.2.8 - 2022-03-23

    6.2.8 / 2022-03-22

    • fix(document): handle casting array of spread docs #11522
    • fix(document): avoid setting nested properties on top-level document when initing with strict: false #11526
    • fix(document): correctly handle deeply nested subdocuments when getting paths to validate #11501
    • fix(types): avoid making TInstanceMethods any by default leading to this = any in middleware #11435
    • fix(types): allow defining array default if using Types.Array<> in document interface #11391
    • docs(migrating_to_6): describe breaking change in Mongoose 6 about default query populate model #11289
    • docs(middleware): fix typo #11537 x1489
  • 6.2.7 - 2022-03-16

    6.2.7 / 2022-03-16

    • perf(document): avoid running validation on every array element if there's no validators to run #11380
    • fix(cursor): correctly populate in batches when batchSize is set #11509
    • fix(connection): avoid setting MongoClient on useDb() connections until after setting on base connection #11445
    • fix(schema): throw more helpful error when using schema from a different version of Mongoose module #10453
    • fix: add missing timeseries expiration handling #11489 #11229 Uzlopak
    • docs: correct Model.findOneAndReplace docs param naming #11524 anatolykopyl
  • 6.2.6 - 2022-03-11

    6.2.6 / 2022-03-11

    • fix(types): correct reference to cursor TypeScript bindings #11513 SimonHausdorf
    • fix(types): allow calling Query.prototype.populate() with array of strings #11518
    • fix(types): export and refactor types of PreMiddlewareFunction, PreSaveMiddlewareFunction, PostMiddlewareFunction, ErrorHandlingMiddlewareFunction #11485 Uzlopak
  • 6.2.5 - 2022-03-09

    6.2.5 / 2022-03-09

    • fix(mongoose): add isObjectIdOrHexString() to better capture the most common use case for isValidObjectId() #11419
    • fix(query): prevent modifying discriminator key in updates using operators other than $set #11456
    • fix(populate+types): call foreignField functions with doc as 1st param, better typings for localField and foreignField functions #11321
    • fix(populate): return an array when using populate count on an array localField #11307
    • fix(query): avoid error when using $not with arrays #11467
    • perf: only deep clone validators if necessary #11412 Uzlopak
    • fix(types): rename definition files to lowercase to avoid typescript bug #11469
    • fix(types): aggregate.sort() accepts a string but also { field: 'asc'|'ascending'|'desc'|'descending' } #11479 simonbrunel
    • fix(types): extract and refactor aggregationcursor and querycursor #11488 Uzlopak
    • fix(types): extract and refactor schemaoptions #11484 Uzlopak
    • fix(types): make first param to Query.prototype.populate() a string #11475 minhthinhls
    • fix(types): improve type checking for doc arrays in schema definitions #11241
    • docs: fix length comparaison in lean.test.js #11493 zazapeta
    • docs(timestamps): fix typo #11481 saibbyweb
    • docs: fix broken link to rawResult #11459 chhiring90
  • 6.2.4 - 2022-02-28

    6.2.4 / 2022-02-28

    • fix(query): correctly return full deleteOne(), deleteMany() result #11211
    • fix(query): handle update validators on deeply nested subdocuments #11455 #11394
    • fix(discriminator): handle modifying multiple nested paths underneath a discriminator #11428
    • perf: improve isAsyncFunction #11408 Uzlopak
    • fix(index.d.ts): add typedefs for Schema pick() #11448 Moisei-Shkil
    • fix(index.d.ts): allow type override for distinct() #11306
    • fix(index.d.ts): allow array of validators in schema definition #11355
    • fix(index.d.ts): improve connection typings #11418 Uzlopak
    • docs: add timestamps docs #11336
    • docs(timestamps): explain how timestamps works under the hood #11336
    • docs(migrating_to_6): add model.exists breaking change returning doument instead of boolean #11407 AbdelrahmanHafez
    • docs(index.d.ts): add docs for FilterQuery, UpdateQuery, and LeanDocument #11457 Moisei-Shkil
  • 6.2.3 - 2022-02-21
  • 6.2.2 - 2022-02-16
  • 6.2.1 - 2022-02-07
  • 6.2.0 - 2022-02-02
  • 6.1.10 - 2022-02-01
  • 6.1.9 - 2022-01-31
  • 6.1.8 - 2022-01-24
  • 6.1.7 - 2022-01-17
  • 6.1.6 - 2022-01-10
  • 6.1.5 - 2022-01-04
  • 6.1.4 - 2021-12-27
  • 6.1.3 - 2021-12-21
  • 6.1.2 - 2021-12-15
  • 6.1.1 - 2021-12-09
  • 6.1.0 - 2021-12-07
  • 6.0.15 - 2021-12-06
  • 6.0.14 - 2021-11-29
  • 6.0.13 - 2021-11-15
  • 6.0.12 - 2021-10-21
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • ec77438 Merge branch 'master' of github.com:Automattic/mongoose
  • 5687f1a chore: release 6.2.9
  • 3f1d23d Merge pull request #11591 from mohammad0-0ahmad-forks/11560
  • dbc99be Refactor rawdoc type returned by populate FN.
  • c2103cb Merge pull request #11560 from mohammad0-0ahmad-forks/#11532
  • a955a08 Merge branch 'master' into #11532
  • 0ee823d Merge pull request #11590 from Automattic/revert-11588-bug/types/update-query
  • dbcf4a0 Revert "Bug/types/update query"
  • bfa65e9 Merge pull request #11588 from Automattic/bug/types/update-query
  • cce977d Merge branch 'master' of github.com:Automattic/mongoose
  • 7d4b53b perf(document): avoid validating paths with no validators
  • 26f9ab2 Merge pull request #11589 from Automattic/lint-ts
  • 9eaa0a9 docs(model): add basic change stream docs re: #11416
  • 13a2598 docs(lambda): couple of quick fixes for Mongoose 6 re: #11275
  • 3a2ec05 Merge pull request #11553 from Automattic/gh-11416
  • 7d28257 fix(query): add missing `slice` option re: #11416
  • c379073 docs(connections): add note about connecting with X509
  • f286273 Refactor UnpackedIntersection type & some tests related to populate FN
  • 4315ff5 Improve RawDocType returned by calling populate FN
  • 3ddeeb1 chore(lint): fix typescript lint issues
  • 781dcb3 fix(types): fix type assertion for update query
  • 8fe3edb chore: lint typescript files
  • 5661790 fix(types): make UpdateQuery use partial schema with types
  • b195ab1 fix(types): allow UpdateQuery to have $set properties on top level
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/flaviuse/project/4f948c0c-2a6e-4fba-8cd5-e5dfa4f57aab/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)