Igloo-OLD-
Igloo-OLD- copied to clipboard
Published
20 hours ago •
Ash110
Ash110
[Snyk] Security upgrade mongoose from 5.12.3 to 6.0.4
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MPATH-1577289 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 250 commits.- 8d37fe5 chore: release 6.0.4
- 0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
- 09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
- d278258 Merge pull request #10645 from theonlydaleking/patch-1
- bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
- 36d23ce fix(schema): handle maps of maps
- d21d2b1 test(schema): repro #10644
- 57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
- 1a1a2f2 test: repro #10605
- e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
- e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
- 3ee32b1 fix: upgrade mpath -> 0.8.4 re: aheckmann/mpath#13
- 8fc256c fix(schema): throw error if `versionKey` is not a string
- 3401881 chore: update opencollective sponsors
- 0305c3b update TS docs to reflect connect Opts
- 463f2d8 chore: release 6.0.3
- 953131d Merge pull request #10635 from AbdelrahmanHafez/patch-11
- c4b0e86 get rid of co
- d1ffe7c refactor more tests to async/await
- 48badcd refactor more tests to async/await
- 3089342 refactor more tests to async/await
- 72cdab0 refactor more tests to async/await
- ab07251 use await delay instead of yield callback
- 720f0cc refactor more tests to async/await
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
📚 Read more about Snyk's upgrade and patch logic
