search

hypersign-protocol / hyperfyre-frontend

A platform to automate the IDO whitelisting process using Hypersign SSI infrastructure.
https://fyre.hypersign.id
Apache License 2.0
3 stars 2 forks source link

[Snyk] Upgrade mongoose from 5.12.14 to 5.13.22 #1941

Open Vishwas1 opened 7 months ago

Vishwas1 commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongoose from 5.12.14 to 5.13.22.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration). :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **24 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2024-01-02. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | **671/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **671/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | Proof of Concept | Information Exposure
[SNYK-JS-MONGODB-5871303](https://snyk.io/vuln/SNYK-JS-MONGODB-5871303) | **671/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | No Known Exploit | Prototype Pollution
[SNYK-JS-MPATH-1577289](https://snyk.io/vuln/SNYK-JS-MPATH-1577289) | **671/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
  • 5.13.22 - 2024-01-02

    chore: release 5.13.22

      </li>
  <li>
    <b>5.13.21</b> - 2023-10-19
  </li>
  <li>
    <b>5.13.20</b> - 2023-07-12
  </li>
  <li>
    <b>5.13.19</b> - 2023-06-22
  </li>
  <li>
    <b>5.13.18</b> - 2023-06-22
  </li>
  <li>
    <b>5.13.17</b> - 2023-04-04
  </li>
  <li>
    <b>5.13.16</b> - 2023-02-20
  </li>
  <li>
    <b>5.13.15</b> - 2022-08-22
  </li>
  <li>
    <b>5.13.14</b> - 2021-12-27
  </li>
  <li>
    <b>5.13.13</b> - 2021-11-02
  </li>
  <li>
    <b>5.13.12</b> - 2021-10-19
  </li>
  <li>
    <b>5.13.11</b> - 2021-10-12
  </li>
  <li>
    <b>5.13.10</b> - 2021-10-05
  </li>
  <li>
    <b>5.13.9</b> - 2021-09-06
  </li>
  <li>
    <b>5.13.8</b> - 2021-08-23
  </li>
  <li>
    <b>5.13.7</b> - 2021-08-11
  </li>
  <li>
    <b>5.13.6</b> - 2021-08-09
  </li>
  <li>
    <b>5.13.5</b> - 2021-07-30
  </li>
  <li>
    <b>5.13.4</b> - 2021-07-28
  </li>
  <li>
    <b>5.13.3</b> - 2021-07-16
  </li>
  <li>
    <b>5.13.2</b> - 2021-07-03
  </li>
  <li>
    <b>5.13.1</b> - 2021-07-02
  </li>
  <li>
    <b>5.13.0</b> - 2021-06-28
  </li>
  <li>
    <b>5.12.15</b> - 2021-06-25
  </li>
  <li>
    <b>5.12.14</b> - 2021-06-15
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/Automattic/mongoose/releases">mongoose GitHub release notes</a>

Commit messages
Package name: mongoose
  • 2642bb5 chore: release 5.13.22
  • e894fe8 types: add `skipValidation`, `strict`, `timestamps` as options for bulkWrite()
  • c5fa9b4 fix: also allow setting nested field to undefined re: #14205
  • 66e5c1b fix: fix some merge issues with #14226 re: #14205
  • a96164e fix(document): allow setting nested path to `null`
  • 7ff7e33 perf(schema): remove unnecessary lookahead in numeric subpath check
  • 09c55b3 pin another version for node 4 build
  • a1c9fb1 chore: fix typo
  • 7bd07d9 try pinning @ types/babylon dep to fix build issues
  • 21639c8 chore: release 5.13.21
  • 78257e2 Merge pull request #13670 from Automattic/IslandRhythms/backport-pull-12954
  • 443092a add back `uniqueDocs`
  • e7ff415 fix: lint
  • deedb88 backport GeoNear to 5.x
  • 11bb2c4 Merge pull request #13655 from Automattic/IslandRhythms/backport-npm
  • 702b4a0 Update .npmignore
  • 0f3997a chore: release 5.13.20
  • f1efabf fix: avoid prototype pollution on init
  • 98e0762 chore: release 5.13.19
  • 7e36d21 chore: release 5.13.18
  • 6759c60 undo accidental changes and actually pin @ types/json-schema
  • 4ed4a89 chore: pin version of @ types/json-schema because of install issues on node v4 and v6
  • 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
  • 26424d5 5.x - bump mongodb driver to 3.7.4
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

πŸ‘©β€πŸ’» Set who automatically gets assigned

πŸ›  Adjust upgrade PR settings

πŸ”• Ignore this dependency or unsubscribe from future upgrade PRs