This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 5.13.15 to 5.13.20.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **5 versions** ahead of your current version.
- The recommended version was released **2 months ago**, on 2023-07-12.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Prototype Pollution [SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **726/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: mongoose
77b9d99 Updated the isIndexEqual function to take into account non-text indexes when checking compound indexes that include both text and non-text indexes
9dd82be Merge pull request #13132 from rdeavila94/gh-12654
d0e149b Merge pull request #12737 from Automattic/vkarpov15/gh-12654
cdab11e chore: remove Node 5 and 7 from CI because GitHub actions is bugging out with them
e33a8be fix(types): add missing typedefs for bulkSave() to 5.x
896cd76 Merge pull request #12692 from hasezoey/backportLinkUpdate
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 5.13.15 to 5.13.20.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **5 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-07-12. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
Commit messages
Package name: mongoose
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)