airtng-node icon indicating copy to clipboard operation
airtng-node copied to clipboard

Published 20 hours ago verified publisher icon TwilioDevEd

[Snyk] Security upgrade mongoose from 5.9.5 to 5.12.3

Open twilio-product-security opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MQUERY-1089718		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • f8d2721 chore: release 5.12.3
  • 58cad73 fix(connection): use queueing instead of event emitter for `createCollection()` and other helpers to avoid event emitter warning
  • 5382408 fix(index.d.ts): add `transform` to PopulateOptions interface
  • dca1d70 Merge branch 'master' of github.com:Automattic/mongoose
  • 2648088 fix(index.d.ts): add DocumentQuery type for backwards compatibility
  • 966770f Merge pull request #10063 from Automattic/gh-10044
  • 9e4a083 style: fix lint
  • f3cd3a8 chore: use variable instead of function
  • f24953c fix(query): add `writeConcern()` method to avoid writeConcern deprecation warning
  • 7d2e9c9 chore: upgrade mquery -> 3.2.5 re: aheckmann/mquery#121
  • d1a9a1e made requested changes
  • cf1b666 Merge pull request #10078 from pezzu/master
  • 2aef528 Merge pull request #10062 from Automattic/gh-10025
  • 452c77c Fixes #10072
  • c9bfb30 Update model.indexes.test.js
  • 6f0133a removed comments
  • 9e98cd8 Merge pull request #10055 from emrebass/patch-1
  • 1c20044 Merge pull request #10054 from coro101/add-discriminator-type
  • 4e74ea7 TIL that includes() is also not supported in all browsers
  • f231d7b should work and is designed to handle multiple text fields
  • c4897f9 TIL Object.values in not supported on all browsers
  • 391ecec collation not added to text indexes
  • 7a93c16 linter fix
  • 6deb668 fix: connection ids are now scoped

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

twilio-product-security avatar Apr 01 '21 06:04 twilio-product-security