giuseppealbrizio
[Snyk] Security upgrade mongoose from 7.3.3 to 7.3.4
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-MONGOOSE-5777721 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 8 commits.- 0cb0757 chore: release 7.3.4
- aef309e Merge branch '6.x'
- e9eb8ab chore: release 6.11.3
- 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
- 4f264a8 test: fix tests re: #13317
- 9616af7 fix(schema): correctly handle uuids with populate()
- 305ce4f fix: avoid prototype pollution on init
- 35e59eb docs: link to migrating to 6 in 6.x docs
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
