eggjs
[Snyk] Security upgrade mongoose from 7.6.8 to 8.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 |
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 129 commits.- 5821568 chore: release 8.0.0
- 3f850ce docs: add version support notes for Mongoose 8, including EOL date for Mongoose 6
- db92dd9 Merge pull request #14004 from hasezoey/fixwebsite
- 68166bf chore(scripts/website): fix script to correctly parse "-rc" like versions
- c28cffe chore: release 8.0.0-rc0
- 4280457 Merge pull request #13937 from Automattic/8.0
- 502ec4b Merge pull request #13990 from Automattic/vkarpov15/gh-13897
- 572e018 chore: add 8.0.0-rc0 changelog
- b567ec6 feat: upgrade to MongoDB driver 6.2.0
- 9e9ad37 Merge branch 'master' into 8.0
- d3d2ec4 docs(migrating_to_8): add note about #13897 to migration guide
- 8d61a7d Merge branch '8.0' into vkarpov15/gh-13897
- f923f6c Merge pull request #13989 from Automattic/vkarpov15/gh-13578
- 30888e3 test: fix typescript tests
- ce66e23 fix lint
- 8fe5c36 docs: fix lint
- c7f110e docs(migrating_to_8): add note about `overwrite` to migration guide
- d6cd1db test: fix a couple of failing tests
- 84ac690 Merge branch '8.0' into vkarpov15/gh-13578
- c5b16fe test: add additional assert re: code review comment
- b630afb docs(migrating_to_8): add missing issues to migration guide
- eefe935 Merge branch 'master' into 8.0
- 4a2cb0b types(models): make all properties to Model constructor optional
- f6ed0eb refactor: remove remaining usage of `overwrite` option
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/[email protected] | Transitive: environment, filesystem, network, shell | +17 |
9.62 MB | vkarpov15 |
🚮 Removed packages: npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
4d95371) 98.84% compared to head (377633d) 98.84%. Report is 1 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #61 +/- ##
=======================================
Coverage 98.84% 98.84%
=======================================
Files 6 6
Lines 173 173
Branches 36 36
=======================================
Hits 171 171
Misses 2 2
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}