search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade mongoose from 5.11.17 to 5.11.18 #70

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade mongoose from 5.11.17 to 5.11.18.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 336/1000
Why? Recently disclosed, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • 811a52a chore: release 5.11.18
  • b69413a chore: remove travis
  • a3c9018 fix(index.d.ts): allow using `Schema.Types.*` for as SchemaDefinitionProperty re: #9958
  • b5c6a50 fix(index.d.ts): add `PopulatedDoc` type to make it easier to define populated docs in interfaces
  • 3d2345f fix(connection): set connection state to `disconnected` if connecting string failed to parse
  • 70bd798 Merge branch 'master' of github.com:Automattic/mongoose
  • 9f6c7ea docs: correctly handle multiple `&gt` in API descriptions
  • a4410b8 Merge pull request #9960 from lantw44/wip/lantw/fix(connection)-fix-promise-chaining-for-openUri
  • 9d396d2 Merge pull request #9958 from ShadiestGoat/master
  • 09c3850 Merge pull request #9959 from btd/master
  • 6a12b6c test(populate): make #9906 test more robust to ordering issues
  • 60f522b fix(index.d.ts): allow explicitly overwriting `toObject()` return type for backwards compatibility
  • ffbf2f7 fix(connection): remove `db` events deprecation warning if `useUnifiedTopology = true`
  • f87da26 fix(index.d.ts): add non-generic versions of `Model.create()` for better autocomplete
  • 6fe7301 fix(connection): fix promise chaining for openUri
  • f02a5ef Enforcing onto SchemaTypeOptions
  • f26939b enforcing onto SchemaTypeOptions
  • e85e478 SchemaTypeOptions now works!
  • 49cc37e Fix result types of update* functions
  • 8193361 Improve types of Model.deleteMany and Model.deleteOne
  • 8a7d33e Silly ol' me forgot about the function type aha
  • d1576a0 no whitespace
  • 73c04ba *style*
  • 65ae5c1 Adds enforcing
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs