Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.
Release Notes
Automattic/mongoose (mongoose)
### [`v8.5.3`](https://redirect.github.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#853--2024-08-13)
[Compare Source](https://redirect.github.com/Automattic/mongoose/compare/8.5.2...8.5.3)
\==================
- fix(document): call required functions on subdocuments underneath nested paths with correct context [#14801](https://redirect.github.com/Automattic/mongoose/issues/14801) [#14788](https://redirect.github.com/Automattic/mongoose/issues/14788)
- fix(populate): avoid throwing error when no result and `lean()` set [#14799](https://redirect.github.com/Automattic/mongoose/issues/14799) [#14794](https://redirect.github.com/Automattic/mongoose/issues/14794) [#14759](https://redirect.github.com/Automattic/mongoose/issues/14759) [MohOraby](https://redirect.github.com/MohOraby)
- fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility [#14774](https://redirect.github.com/Automattic/mongoose/issues/14774) [#14771](https://redirect.github.com/Automattic/mongoose/issues/14771) [#14623](https://redirect.github.com/Automattic/mongoose/issues/14623) [#14394](https://redirect.github.com/Automattic/mongoose/issues/14394)
- types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & [#14800](https://redirect.github.com/Automattic/mongoose/issues/14800) [#14793](https://redirect.github.com/Automattic/mongoose/issues/14793)
- types: support schema type inference based on schema options timestamps as well [#14773](https://redirect.github.com/Automattic/mongoose/issues/14773) [#13215](https://redirect.github.com/Automattic/mongoose/issues/13215) [ark23CIS](https://redirect.github.com/ark23CIS)
- types(cursor): indicate that cursor.next() can return null [#14798](https://redirect.github.com/Automattic/mongoose/issues/14798) [#14787](https://redirect.github.com/Automattic/mongoose/issues/14787)
- types: allow mongoose.connection.db to be undefined [#14797](https://redirect.github.com/Automattic/mongoose/issues/14797) [#14789](https://redirect.github.com/Automattic/mongoose/issues/14789)
- docs: add schema type widening advice [#14790](https://redirect.github.com/Automattic/mongoose/issues/14790) [JstnMcBrd](https://redirect.github.com/JstnMcBrd)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
8.5.2->8.5.3GitHub Vulnerability Alerts
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.
Release Notes
Automattic/mongoose (mongoose)
### [`v8.5.3`](https://redirect.github.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#853--2024-08-13) [Compare Source](https://redirect.github.com/Automattic/mongoose/compare/8.5.2...8.5.3) \================== - fix(document): call required functions on subdocuments underneath nested paths with correct context [#14801](https://redirect.github.com/Automattic/mongoose/issues/14801) [#14788](https://redirect.github.com/Automattic/mongoose/issues/14788) - fix(populate): avoid throwing error when no result and `lean()` set [#14799](https://redirect.github.com/Automattic/mongoose/issues/14799) [#14794](https://redirect.github.com/Automattic/mongoose/issues/14794) [#14759](https://redirect.github.com/Automattic/mongoose/issues/14759) [MohOraby](https://redirect.github.com/MohOraby) - fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility [#14774](https://redirect.github.com/Automattic/mongoose/issues/14774) [#14771](https://redirect.github.com/Automattic/mongoose/issues/14771) [#14623](https://redirect.github.com/Automattic/mongoose/issues/14623) [#14394](https://redirect.github.com/Automattic/mongoose/issues/14394) - types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & [#14800](https://redirect.github.com/Automattic/mongoose/issues/14800) [#14793](https://redirect.github.com/Automattic/mongoose/issues/14793) - types: support schema type inference based on schema options timestamps as well [#14773](https://redirect.github.com/Automattic/mongoose/issues/14773) [#13215](https://redirect.github.com/Automattic/mongoose/issues/13215) [ark23CIS](https://redirect.github.com/ark23CIS) - types(cursor): indicate that cursor.next() can return null [#14798](https://redirect.github.com/Automattic/mongoose/issues/14798) [#14787](https://redirect.github.com/Automattic/mongoose/issues/14787) - types: allow mongoose.connection.db to be undefined [#14797](https://redirect.github.com/Automattic/mongoose/issues/14797) [#14789](https://redirect.github.com/Automattic/mongoose/issues/14789) - docs: add schema type widening advice [#14790](https://redirect.github.com/Automattic/mongoose/issues/14790) [JstnMcBrd](https://redirect.github.com/JstnMcBrd)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.