This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 5.13.15 to 5.13.21.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version.
- The recommended version was released **a month ago**, on 2023-10-19.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Prototype Pollution [SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **726/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: mongoose
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mongoose from 5.13.15 to 5.13.21.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-10-19. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongoose
pin another version for node 4 build
Commit messages
Package name: mongoose
- 09c55b3 pin another version for node 4 build
- a1c9fb1 chore: fix typo
- 7bd07d9 try pinning @ types/babylon dep to fix build issues
- 21639c8 chore: release 5.13.21
- 78257e2 Merge pull request #13670 from Automattic/IslandRhythms/backport-pull-12954
- 443092a add back `uniqueDocs`
- e7ff415 fix: lint
- deedb88 backport GeoNear to 5.x
- 11bb2c4 Merge pull request #13655 from Automattic/IslandRhythms/backport-npm
- 702b4a0 Update .npmignore
- 0f3997a chore: release 5.13.20
- f1efabf fix: avoid prototype pollution on init
- 98e0762 chore: release 5.13.19
- 7e36d21 chore: release 5.13.18
- 6759c60 undo accidental changes and actually pin @ types/json-schema
- 4ed4a89 chore: pin version of @ types/json-schema because of install issues on node v4 and v6
- 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
- 26424d5 5.x - bump mongodb driver to 3.7.4
- 4b8b0a9 add versionNumber to 5.x
- 1bc07ec chore: release 5.13.17
- 3f827b3 Merge branch '5.x' of github.com:Automattic/mongoose into 5.x
- eeabe5f chore: run CI tests on ubuntu 20.04 because 18.04 no longer supported
- 14464d1 Merge pull request #13195 from raj-goguardian/gh-13192
- 7e888e4 fix(update): handle $and & $or in array filters.
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs