ooade / next-apollo-auth

Authentication Boilerplate with Next.js and Apollo GraphQL
https://next-auth-apollo.now.sh
202 stars 36 forks source link

[Snyk] Security upgrade mongoose from 6.4.6 to 6.11.3 #94

Closed ooade closed 1 year ago

ooade commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **798/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1 | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose The new version differs by 250 commits.
  • e9eb8ab chore: release 6.11.3
  • 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
  • 4f264a8 test: fix tests re: #13317
  • 9616af7 fix(schema): correctly handle uuids with populate()
  • 305ce4f fix: avoid prototype pollution on init
  • 35e59eb docs: link to migrating to 6 in 6.x docs
  • a28933e chore: release 6.11.2
  • 3a6b0dd chore: use deno v1.34 in test for MMS HTTP issues
  • f7c6d3e Merge pull request #13476 from Automattic/vkarpov15/gh-13453
  • 5552107 fix(cursor): allow find middleware to modify query cursor options
  • 7a90868 Merge branch '6.x' of github.com:Automattic/mongoose into 6.x
  • 23132db chore: release 6.11.1
  • d96de21 Merge pull request #13384 from Automattic/vkarpov15/gh-13373
  • 0ab335f docs: add note about SUPPRESS_JEST_WARNINGS to jest docs
  • eb28aaf fix: quick error message improvement
  • 9ea1a64 fix: add SUPPRESS_JEST_WARNINGS environment variable to silence jest warnings
  • 76e6456 Merge pull request #13292 from hasezoey/modifyBulkWriteType6
  • 2bbbb3c Merge pull request #13348 from Automattic/vkarpov15/gh-13340
  • 523f6ce Merge pull request #13365 from hasezoey/denoFixCycle6x
  • 48aed67 Revert "test: try removing mongodb memory server to try to fix deno tests"
  • 5f587f7 chore(deno): change to start mocha fixtures before mocha
  • 73ef135 chore: quick fix for versioned deploy
  • d382b73 chore: more docs build fixes
  • f0291e4 chore: improve 6.x docs build
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/ooade/project/1a347e57-7551-4bed-af13-770c81709a1b?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/ooade/project/1a347e57-7551-4bed-af13-770c81709a1b?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"052272f6-f5c1-4421-99f2-9ee2d1ca1be2","prPublicId":"052272f6-f5c1-4421-99f2-9ee2d1ca1be2","dependencies":[{"name":"mongoose","from":"6.4.6","to":"6.11.3"}],"packageManager":"npm","projectPublicId":"1a347e57-7551-4bed-af13-770c81709a1b","projectUrl":"https://app.snyk.io/org/ooade/project/1a347e57-7551-4bed-af13-770c81709a1b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MONGOOSE-5777721"],"upgrade":["SNYK-JS-MONGOOSE-5777721"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[798],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)