Open snyk-bot opened 3 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6
SNYK-JS-MONGOOSE-1086688
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 250 commits.- 5549f26 chore: release 5.12.2
- 4b1aaac Merge pull request #10050 from SoftwareSing/fix-bulkwrite-with-timestamps-false
- 3759f34 chore: address CR comments
- 5ffbb8e fix(query): apply schema-level `select` option from array schematypes
- 7d19c9f test(query): repro #10029
- 4b0052e fix(schema): support setting `ref` as an option on an array SchemaType
- 171c31f test(schema): repro #10029
- 96f7905 fix(index.d.ts): make query methods return `QueryWithHelpers` so query helpers pass through chaining
- 04f880f fix(index.d.ts): add back `Aggregate#project()` types that were mistakenly removed in 5.12.0
- 9a3a7b4 style: fix lint
- 91f003a Merge pull request #10053 from 418sec/1-npm-mongoose
- 3ed44ff Merge pull request #1 from zpbrent/patch-2
- 00e059d fix(index.d.ts): add `upserted` array to `updateOne()`, `updateMany()`, `update()` result
- 003e477 add missing issue number
- 0101ab8 fix(bulkwrite): make bulkWrite can work with `timestamps: false`
- 9559c46 test(bulkwrite): repro #10048
- 1bb97ba chore: update opencollective sponsors
- 5888269 docs(mongoose+browser): fix broken links to info about `mongoose.Types`
- 43b0cfa Merge branch 'master' of github.com:Automattic/mongoose
- 03905c5 fix(index.d.ts): always allow setting `type` in Schema to a SchemaType class or a Schema instance
- 422620b Merge pull request #10015 from Automattic/gh-9982
- 7b14258 test(QueryCursor): fix tests from #10015
- f2651d7 docs(transactions): introduce `session.withTransaction()` before `session.startTransaction()` because `withTransaction()` is the recommended approach
- 61d313b chore: update opencollective sponsor logo
See the full diffPackage name: npm
The new version differs by 250 commits.- 3b4ba65 7.0.0
- bbfc75d chore: fix weird .gitignore thing that happened somehow
- 8a2d375 docs: changelog for v7.0.0
- 365f2e7 read-package-json@3.0.0
- fafb348 npm-package-arg@8.1.0
- 9306c68 libnpmfund@1.0.1
- 569cd64 libnpmfund@1.0.0
- ac9fde7 Integration code for @ npmcli/arborist@1.0.0
- 704b9cd @ npmcli/arborist@1.0.0
- 3955bb9 hosted-git-info@3.0.6
- da240ef fix: patch config.js to remove duplicate values
- 9ae45a8 init-package-json@2.0.0
- 41ab36d eslint@7.11.0
- c474a15 npm-registry-fetch@8.1.5
- efc6786 fix: make sure publishConfig is passed through
- 1e4e6e9 docs: v7 using npm config refresh
- 5c1c2da fix: init config aliases
- 5bc7eb2 docs: v7 npm-install refresh
- 1a35d87 7.0.0-rc.4
- 7a5a557 docs: changelog for v7.0.0-rc.4
- f0cf859 chore: dedupe deps
- 0273745 make-fetch-happen@8.0.10
- 7bd47ca @ npmcli/arborist@0.0.33
- 9320b8e only escape arguments, not the command name
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic