vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| crisis-news-map-next | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Apr 3, 2023 3:55pm |
This PR contains the following updates:
5.12.14->5.13.15GitHub Vulnerability Alerts
CVE-2022-2564
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The
Schema.path()function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.Release Notes
Automattic/mongoose
### [`v5.13.15`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51315--2022-08-22) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.14...5.13.15) \==================== - fix: backport fix for CVE-2022-2564 [#12281](https://togithub.com/Automattic/mongoose/issues/12281) [shubanker](https://togithub.com/shubanker) - docs: fix broken link from findandmodify method deprecation [#11366](https://togithub.com/Automattic/mongoose/issues/11366) [laissonsilveira](https://togithub.com/laissonsilveira) ### [`v5.13.14`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51314--2021-12-27) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.13...5.13.14) \==================== - fix(timestamps): avoid setting createdAt on documents that already exist but dont have createdAt [#11024](https://togithub.com/Automattic/mongoose/issues/11024) - docs(models): fix up nModified example for 5.x [#11055](https://togithub.com/Automattic/mongoose/issues/11055) ### [`v5.13.13`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51313--2021-11-02) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.12...5.13.13) \==================== - fix: upgrade to mongodb@3.7.3 [#10909](https://togithub.com/Automattic/mongoose/issues/10909) [gaurav-sharma-gs](https://togithub.com/gaurav-sharma-gs) - fix: correctly emit end event in before close [#10916](https://togithub.com/Automattic/mongoose/issues/10916) [iovanom](https://togithub.com/iovanom) - fix(index.d.ts): improve ts types for query set [#10942](https://togithub.com/Automattic/mongoose/issues/10942) [jneal-afs](https://togithub.com/jneal-afs) ### [`v5.13.12`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51312--2021-10-19) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.11...5.13.12) \==================== - fix(cursor): use stream destroy method on close to prevent emitting duplicate 'close' [#10897](https://togithub.com/Automattic/mongoose/issues/10897) [iovanom](https://togithub.com/iovanom) - fix(index.d.ts): backport streamlining of FilterQuery and DocumentDefinition to avoid "excessively deep and possibly infinite" TS errors [#10617](https://togithub.com/Automattic/mongoose/issues/10617) ### [`v5.13.11`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51311--2021-10-12) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.10...5.13.11) \==================== - fix: upgrade mongodb -> 3.7.2 [#10871](https://togithub.com/Automattic/mongoose/issues/10871) [winstonralph](https://togithub.com/winstonralph) - fix(connection): call setMaxListeners(0) on MongoClient to avoid event emitter memory leak warnings with `useDb()` [#10732](https://togithub.com/Automattic/mongoose/issues/10732) ### [`v5.13.10`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51310--2021-10-05) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.9...5.13.10) \==================== - fix(index.d.ts): allow using type: SchemaDefinitionProperty in schema definitions [#10674](https://togithub.com/Automattic/mongoose/issues/10674) - fix(index.d.ts): allow AnyObject as param to findOneAndReplace() [#10714](https://togithub.com/Automattic/mongoose/issues/10714) ### [`v5.13.9`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5139--2021-09-06) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.8...5.13.9) \=================== - fix(populate): avoid setting empty array on lean document when populate result is undefined [#10599](https://togithub.com/Automattic/mongoose/issues/10599) - fix(document): make depopulate() handle populated paths underneath document arrays [#10592](https://togithub.com/Automattic/mongoose/issues/10592) - fix: peg [@types/bson](https://togithub.com/types/bson) version to 1.x || 4.0.x to avoid stubbed 4.2.x release [#10678](https://togithub.com/Automattic/mongoose/issues/10678) - fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any` [#10647](https://togithub.com/Automattic/mongoose/issues/10647) - fix(index.d.ts): allow specifying weights as an IndexOption [#10586](https://togithub.com/Automattic/mongoose/issues/10586) - fix: upgrade to mpath v0.8.4 re: security issue [#10683](https://togithub.com/Automattic/mongoose/issues/10683) ### [`v5.13.8`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5138--2021-08-23) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.7...5.13.8) \=================== - fix(populate): handle populating subdoc array virtual with sort [#10552](https://togithub.com/Automattic/mongoose/issues/10552) - fix(model): check for code instead of codeName when checking for existing collections for backwards compat with MongoDB 3.2 [#10420](https://togithub.com/Automattic/mongoose/issues/10420) - fix(index.d.ts): correct value of this for custom query helper methods [#10545](https://togithub.com/Automattic/mongoose/issues/10545) - fix(index.d.ts): allow strings for ObjectIds in nested properties [#10573](https://togithub.com/Automattic/mongoose/issues/10573) - fix(index.d.ts): add match to VirtualTypeOptions.options [#8749](https://togithub.com/Automattic/mongoose/issues/8749) - fix(index.d.ts): allow QueryOptions populate parameter type PopulateOptions [#10587](https://togithub.com/Automattic/mongoose/issues/10587) [osmanakol](https://togithub.com/osmanakol) - docs(api): add Document#$where to API docs [#10583](https://togithub.com/Automattic/mongoose/issues/10583) ### [`v5.13.7`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5137--2021-08-11) [Compare Source](https://togithub.com/Automattic/mongoose/compare/477afdc8aa1297b87e784085133617765a059a4d...5.13.7) \=================== - perf(index.d.ts): loosen up restrictions on ModelType generic for Schema for a ~50% perf improvement when compiling TypeScript and using intellisense [#10536](https://togithub.com/Automattic/mongoose/issues/10536) [#10515](https://togithub.com/Automattic/mongoose/issues/10515) [#10349](https://togithub.com/Automattic/mongoose/issues/10349) - fix(index.d.ts): fix broken `Schema#index()` types [#10562](https://togithub.com/Automattic/mongoose/issues/10562) [JaredReisinger](https://togithub.com/JaredReisinger) - fix(index.d.ts): allow using SchemaTypeOptions with array of raw document interfaces [#10537](https://togithub.com/Automattic/mongoose/issues/10537) - fix(index.d.ts): define IndexOptions in terms of mongodb.IndexOptions [#10563](https://togithub.com/Automattic/mongoose/issues/10563) [JaredReisinger](https://togithub.com/JaredReisinger) - fix(index.d.ts): improve intellisense for DocumentArray `push()` [#10546](https://togithub.com/Automattic/mongoose/issues/10546) - fix(index.d.ts): correct type for expires [#10529](https://togithub.com/Automattic/mongoose/issues/10529) - fix(index.d.ts): add Query#model property to ts bindings [#10531](https://togithub.com/Automattic/mongoose/issues/10531) - refactor(index.d.ts): make callbacks use the new Callback and CallbackWithoutResult types [#10550](https://togithub.com/Automattic/mongoose/issues/10550) [thiagokisaki](https://togithub.com/thiagokisaki) ### [`v5.13.6`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5136--2021-08-09) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.5...477afdc8aa1297b87e784085133617765a059a4d) \=================== - fix: upgrade mongodb driver -> 3.6.11 [#10543](https://togithub.com/Automattic/mongoose/issues/10543) [maon-fp](https://togithub.com/maon-fp) - fix(schema): throw more helpful error when defining a document array using a schema from a different copy of the Mongoose module [#10453](https://togithub.com/Automattic/mongoose/issues/10453) - fix: add explicit check on constructor property to avoid throwing an error when checking objects with null prototypes [#10512](https://togithub.com/Automattic/mongoose/issues/10512) - fix(cursor): make sure to clear stack every 1000 docs when calling `next()` to avoid stack overflow with large batch size [#10449](https://togithub.com/Automattic/mongoose/issues/10449) - fix(index.d.ts): allow calling new Model(...) with generic Model param [#10526](https://togithub.com/Automattic/mongoose/issues/10526) - fix(index.d.ts): update type declarations of Schema.index method [#10538](https://togithub.com/Automattic/mongoose/issues/10538) [#10530](https://togithub.com/Automattic/mongoose/issues/10530) [Raader](https://togithub.com/Raader) - fix(index.d.ts): add useNewUrlParser and useUnifiedTopology to ConnectOptions [#10500](https://togithub.com/Automattic/mongoose/issues/10500) - fix(index.d.ts): add missing type for diffIndexes [#10547](https://togithub.com/Automattic/mongoose/issues/10547) [bvgusak](https://togithub.com/bvgusak) - fix(index.d.ts): fixed incorrect type definition for Query's .map function [#10544](https://togithub.com/Automattic/mongoose/issues/10544) [GCastilho](https://togithub.com/GCastilho) - docs(schema): add more info and examples to Schema#indexes() docs [#10446](https://togithub.com/Automattic/mongoose/issues/10446) - chore: add types property to package.json [#10557](https://togithub.com/Automattic/mongoose/issues/10557) [thiagokisaki](https://togithub.com/thiagokisaki) ### [`v5.13.5`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5135--2021-07-30) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.4...5.13.5) \=================== - perf(index.d.ts): improve typescript type checking performance [#10515](https://togithub.com/Automattic/mongoose/issues/10515) [andreialecu](https://togithub.com/andreialecu) - fix(index.d.ts): fix debug type in MongooseOptions [#10510](https://togithub.com/Automattic/mongoose/issues/10510) [thiagokisaki](https://togithub.com/thiagokisaki) - docs(api): clarify that `depopulate()` with no args depopulates all [#10501](https://togithub.com/Automattic/mongoose/issues/10501) [gfrancz](https://togithub.com/gfrancz) ### [`v5.13.4`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5134--2021-07-28) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.3...5.13.4) \=================== - fix: avoid pulling non-schema paths from documents into nested paths [#10449](https://togithub.com/Automattic/mongoose/issues/10449) - fix(update): support overwriting nested map paths [#10485](https://togithub.com/Automattic/mongoose/issues/10485) - fix(update): apply timestamps to subdocs that would be newly created by `$setOnInsert` [#10460](https://togithub.com/Automattic/mongoose/issues/10460) - fix(map): correctly clone subdocs when calling toObject() on a map [#10486](https://togithub.com/Automattic/mongoose/issues/10486) - fix(cursor): cap parallel batchSize for populate at 5000 [#10449](https://togithub.com/Automattic/mongoose/issues/10449) - fix(index.d.ts): improve autocomplete for new Model() by making `doc` an object with correct keys [#10475](https://togithub.com/Automattic/mongoose/issues/10475) - fix(index.d.ts): add MongooseOptions interface [#10471](https://togithub.com/Automattic/mongoose/issues/10471) [thiagokisaki](https://togithub.com/thiagokisaki) - fix(index.d.ts): make LeanDocument work with PopulatedDoc [#10494](https://togithub.com/Automattic/mongoose/issues/10494) - docs(mongoose+connection): correct default value for bufferTimeoutMS [#10476](https://togithub.com/Automattic/mongoose/issues/10476) - chore: remove unnecessary 'eslint-disable' comments [#10466](https://togithub.com/Automattic/mongoose/issues/10466) [thiagokisaki](https://togithub.com/thiagokisaki) ### [`v5.13.3`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5133--2021-07-16) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.2...5.13.3) \=================== - fix(model): avoid throwing error when bulkSave() called on a document with no changes [#10437](https://togithub.com/Automattic/mongoose/issues/10437) - fix(timestamps): apply timestamps when creating new subdocs with `$addToSet` and with positional operator [#10447](https://togithub.com/Automattic/mongoose/issues/10447) - fix(schema): allow calling Schema#loadClass() with class that has a static getter with no setter [#10436](https://togithub.com/Automattic/mongoose/issues/10436) - fix(model): handle re-applying object defaults after explicitly unsetting [#10442](https://togithub.com/Automattic/mongoose/issues/10442) [semirturgay](https://togithub.com/semirturgay) - fix: bump mongodb driver -> 3.6.10 [#10440](https://togithub.com/Automattic/mongoose/issues/10440) [AbdelrahmanHafez](https://togithub.com/AbdelrahmanHafez) - fix(index.d.ts): consistently use NativeDate instead of Date for Date validators and timestamps functions [#10426](https://togithub.com/Automattic/mongoose/issues/10426) - fix(index.d.ts): allow calling `discriminator()` with non-document [#10452](https://togithub.com/Automattic/mongoose/issues/10452) [#10421](https://togithub.com/Automattic/mongoose/issues/10421) [DouglasGabr](https://togithub.com/DouglasGabr) - fix(index.d.ts): allow passing ResultType generic to Schema#path() [#10435](https://togithub.com/Automattic/mongoose/issues/10435) ### [`v5.13.2`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5132--2021-07-03) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.1...5.13.2) \=================== - fix: hardcode [@types/node](https://togithub.com/types/node) version for now to avoid breaking changes from [DefinitelyTyped/DefinitelyTyped#53669](https://togithub.com/DefinitelyTyped/DefinitelyTyped/issues/53669) [#10415](https://togithub.com/Automattic/mongoose/issues/10415) - fix(index.d.ts): allow using type: Date with Date paths in SchemaDefinitionType [#10409](https://togithub.com/Automattic/mongoose/issues/10409) - fix(index.d.ts): allow extra VirtualTypeOptions for better plugin support [#10412](https://togithub.com/Automattic/mongoose/issues/10412) - docs(api): add SchemaArray to docs [#10397](https://togithub.com/Automattic/mongoose/issues/10397) - docs(schema+validation): fix broken links [#10396](https://togithub.com/Automattic/mongoose/issues/10396) - docs(transactions): add note about creating a connection to transactions docs [#10406](https://togithub.com/Automattic/mongoose/issues/10406) ### [`v5.13.1`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51317--2023-04-04) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.13.0...5.13.1) \==================== - fix: backport fix for array filters handling $or and $and [#13195](https://togithub.com/Automattic/mongoose/issues/13195) [#13192](https://togithub.com/Automattic/mongoose/issues/13192) [#10696](https://togithub.com/Automattic/mongoose/issues/10696) [raj-goguardian](https://togithub.com/raj-goguardian) - fix: update the isIndexEqual function to take into account non-text indexes when checking compound indexes that include both text and non-text indexes [#13138](https://togithub.com/Automattic/mongoose/issues/13138) [#13136](https://togithub.com/Automattic/mongoose/issues/13136) [rdeavila94](https://togithub.com/rdeavila94) ### [`v5.13.0`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#5130--2021-06-28) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.12.15...5.13.0) \=================== - feat(query): add sanitizeProjection option to opt in to automatically sanitizing untrusted query projections [#10243](https://togithub.com/Automattic/mongoose/issues/10243) - feat(model): add `bulkSave()` function that saves multiple docs in 1 `bulkWrite()` [#9727](https://togithub.com/Automattic/mongoose/issues/9727) [#9673](https://togithub.com/Automattic/mongoose/issues/9673) [AbdelrahmanHafez](https://togithub.com/AbdelrahmanHafez) - feat(document): allow passing a list of virtuals or `pathsToSkip` to apply in `toObject()` and `toJSON()` [#10120](https://togithub.com/Automattic/mongoose/issues/10120) - fix(model): make Model.validate use object under validation as context by default [#10360](https://togithub.com/Automattic/mongoose/issues/10360) [AbdelrahmanHafez](https://togithub.com/AbdelrahmanHafez) - feat(document): add support for pathsToSkip in validate and validateSync [#10375](https://togithub.com/Automattic/mongoose/issues/10375) [AbdelrahmanHafez](https://togithub.com/AbdelrahmanHafez) - feat(model): add `diffIndexes()` function that calculates what indexes `syncIndexes()` will create/drop without actually executing any changes [#10362](https://togithub.com/Automattic/mongoose/issues/10362) [IslandRhythms](https://togithub.com/IslandRhythms) - feat(document): avoid using sessions that have ended, so you can use documents that were loaded in the session after calling `endSession()` [#10306](https://togithub.com/Automattic/mongoose/issues/10306) ### [`v5.12.15`](https://togithub.com/Automattic/mongoose/blob/HEAD/CHANGELOG.md#51215--2021-06-25) [Compare Source](https://togithub.com/Automattic/mongoose/compare/5.12.14...5.12.15) \==================== - fix(index.d.ts): add extra TInstanceMethods generic param to `Schema` for cases when we can't infer from Model [#10358](https://togithub.com/Automattic/mongoose/issues/10358) - fix(index.d.ts): added typings for near() in model aggregation [#10373](https://togithub.com/Automattic/mongoose/issues/10373) [tbhaxor](https://togithub.com/tbhaxor) - fix(index.d.ts): correct function signature for `Query#cast()` [#10388](https://togithub.com/Automattic/mongoose/issues/10388) [lkho](https://togithub.com/lkho) - docs(transactions): add import statement [#10365](https://togithub.com/Automattic/mongoose/issues/10365) [JimLynchCodes](https://togithub.com/JimLynchCodes) - docs(schema): add missing `discriminatorKey` schema option [#10386](https://togithub.com/Automattic/mongoose/issues/10386) [#10376](https://togithub.com/Automattic/mongoose/issues/10376) [IslandRhythms](https://togithub.com/IslandRhythms) - docs(index.d.ts): fix typo [#10363](https://togithub.com/Automattic/mongoose/issues/10363) [houssemchebeb](https://togithub.com/houssemchebeb)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.