search

mongoosejs / mongoose-lean-virtuals

Attach virtuals to the results of mongoose lean() queries
Apache License 2.0
45 stars 24 forks source link

Dependabot alert: mpath < 0.8.4 #54

Closed rpenido closed 3 years ago

rpenido commented 3 years ago

Issue solved in mongoose: https://github.com/Automattic/mongoose/issues/10683

vkarpov15 commented 3 years ago

This should be fixed with Mongoose v5.13.9, so we can close this issue for now.

vkarpov15 commented 3 years ago

Also, just to confirm, the security issue in mpath <= 0.8.3 does not impact mongoose.

rpenido commented 3 years ago

This should be fixed with Mongoose v5.13.9, so we can close this issue for now.

I don't understand. This plugin is not necessary with mongoose v5.13.9?

vkarpov15 commented 3 years ago

That's our mistake, we didn't realize that this project depended on mpath directly.

We can confirm that the security issue in mpath <= 0.8.3 does not affect this project.

We fixed this in d116890da2791784268e925eba9412837dceefb8 and released v0.8.1 :+1: