Backend for AngularJSTodoApp, IonicTodoApp, & ElectronTodoApp. Create and Archive Notes in this back-end application providing RESTful APIs designed to be use with a front-end application. Archived on 2023/11/26.
Snyk has created this PR to upgrade mongoose from 6.8.2 to 7.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
The recommended version is 16 versions ahead of your current version.
The recommended version was released 7 days ago, on 2023-03-23.
Snyk has created this PR to upgrade mongoose from 6.8.2 to 7.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
The recommended version fixes:
SNYK-JS-FASTXMLPARSER-3325616
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
-
7.0.3 - 2023-03-23
- fix(query): avoid executing transforms if query wasn't executed #13185 #13165
- fix(schema): make creating top-level virtual underneath subdocument equivalent to creating virtual on the subdocument #13197 #13189
- fix(timestamps): set timestamps on empty replaceOne() #13196 #13170
- fix(types): change return type of lean() to include null if nullable #13155 #13151 lpizzinidev
- fix(types): fixed type of DocumentArray constructor parameter #13183 #13087 lpizzinidev
- docs: refactor header naming to lessen conflicts #12901 hasezoey
- docs: change header levels to be consistent across files #13173 hasezoey
-
7.0.2 - 2023-03-15
- fix: validate array elements when passing array path to validateSync() in pathsToValidate #13167 #13159
- fix(schema): propagate typeKey down to implicitly created subdocuments #13164 #13154
- fix(types): add index param to eachAsync fn #13153 krosenk729
- fix(types/documentarray): type DocumentArray constructor parameter as object #13089 #13087 lpizzinidev
- fix(types): type query
- fix(types/query): change QueryOptions lean type to Record<string, any> #13150 lpizzinidev
- docs: add and run eslint-plugin-markdown #13156 hasezoey
- docs(generateSearch): fix search generation for API #13161 hasezoey
- docs(generateSearch): move config missing error to require #13160 hasezoey
- chore: remove unused docs libraries #13172 hasezoey
-
7.0.1 - 2023-03-06
- fix(aggregate): added await to prevent exception in aggregate exec #13126 lpizzinidev
- fix(types): handle Record<string, never> as value for HydratedDocument TOverrides parameter #13123 #13094
- fix(types): remove "update" function #13120 hasezoey
- docs(compatibility): added mongoDB server compatibility for mongoose 7 #13102 lpizzinidev
- docs: Updated callback method for Model.findOne() #13096 Arghyahub
- chore: update github actions to not use ubuntu-18.04 anymore #13137 hasezoey
-
7.0.0 - 2023-02-27
- BREAKING CHANGE: copy schema options when merging schemas using new Schema() or Schema.prototype.add() #13092
- feat(types): export mongodb types more robustly #12948 simon-abbott
- docs: fix populate docs #13090 hasezoey
- docs(migrating_to_6): added info about removal of reconnectTries and reconnectInterval options #13083 lpizzinidev
-
7.0.0-rc0 - 2023-02-23 Read more
-
6.10.4 - 2023-03-21
-
6.10.3 - 2023-03-13
-
6.10.2 - 2023-03-07
-
6.10.1 - 2023-03-03
- fix: avoid removing empty query filters in
- fix(schematype): fixed validation for required UUID field #13018 lpizzinidev
- fix(types): add missing Paths generic param to
- docs(migrating_to_6): added info about removal of reconnectTries and reconnectInterval options #13083 lpizzinidev
- docs: fix code in headers for migrating_to_5 #13077 hasezoey
- docs: backport misc documentation changes into 6.x #13091 hasezoey
-
6.10.0 - 2023-02-22
- feat: upgrade to mongodb driver 4.14.0 #13036
- feat: added Schema.prototype.omit() function #12939 #12931 lpizzinidev
- feat(index): added createInitialConnection option to Mongoose constructor #13021 #12965 lpizzinidev
-
6.9.3 - 2023-02-22
-
6.9.2 - 2023-02-16
-
6.9.1 - 2023-02-06
-
6.9.0 - 2023-01-25
-
6.8.4 - 2023-01-17
-
6.8.3 - 2023-01-06
-
6.8.2 - 2022-12-28
from mongoose GitHub release notes7.0.3 / 2023-03-23
7.0.2 / 2023-03-15
select()as string, string[], or record; notany#13146 #13142 rbereziuk7.0.1 / 2023-03-06
7.0.0 / 2023-02-27
chore: release 6.10.4
chore: release 6.10.3
chore: release 6.10.2
6.10.1 / 2023-03-03
$andand$or#13086 #12898Model.populate()#130706.10.0 / 2023-02-22
Commit messages
Package name: mongoose
- ca070a9 chore: release 7.0.3
- ef287cb docs: add link to mastering js async await converter
- 228e853 Merge pull request #13197 from Automattic/vkarpov15/gh-13189
- 2739950 style: fix lint
- 0ddb0f6 Merge pull request #13113 from hasezoey/changeDocsHeaderId
- f42df47 Merge pull request #13155 from lpizzinidev/gh-13151
- fada4b8 Merge pull request #13174 from hasezoey/fixMiscDocs
- f3e999b Merge pull request #13166 from hasezoey/updateDocScripts
- 9db3382 Merge pull request #13173 from hasezoey/fixHeaderLevels
- 27d412c Merge branch 'master' into fixHeaderLevels
- 765b861 Merge pull request #13169 from hasezoey/tryFixInterrupted
- bbec186 actual fix for #13189
- 9370452 fix(schema): make creating top-level virtual underneath subdocument equivalent to creating virtual on the subdocument
- 251f993 Merge pull request #13196 from Automattic/vkarpov15/gh-13170
- 14112d6 fix(timestamps): set timestamps on empty `replaceOne()`
- 04786ca Merge pull request #13185 from Automattic/vkarpov15/gh-13165
- 18b03a0 test(query): add test case for #13165
- 4339105 Merge branch 'master' into vkarpov15/gh-13165
- 835017d fix some merge conflicts with 6.x from #12791
- 28260a7 Merge branch '6.x'
- c240274 chore: release 6.10.4
- 80d29b3 Merge pull request #13184 from Automattic/vkarpov15/gh-13032
- 7f9d4c5 Merge branch 'vkarpov15/gh-13032' of github.com:Automattic/mongoose into vkarpov15/gh-13032
- d90c9c7 docs: address code review comments
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs