create-mern-app icon indicating copy to clipboard operation
create-mern-app copied to clipboard

Published 20 hours ago verified publisher icon mernjs

[Snyk] Security upgrade mongoose from 6.12.6 to 8.0.0

Open mernjs opened this issue 4 months ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • templates/app/mern-boilerplate/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • 5821568 chore: release 8.0.0
  • 3f850ce docs: add version support notes for Mongoose 8, including EOL date for Mongoose 6
  • db92dd9 Merge pull request #14004 from hasezoey/fixwebsite
  • 68166bf chore(scripts/website): fix script to correctly parse "-rc" like versions
  • c28cffe chore: release 8.0.0-rc0
  • 4280457 Merge pull request #13937 from Automattic/8.0
  • 502ec4b Merge pull request #13990 from Automattic/vkarpov15/gh-13897
  • 572e018 chore: add 8.0.0-rc0 changelog
  • b567ec6 feat: upgrade to MongoDB driver 6.2.0
  • 9e9ad37 Merge branch 'master' into 8.0
  • d3d2ec4 docs(migrating_to_8): add note about #13897 to migration guide
  • 8d61a7d Merge branch '8.0' into vkarpov15/gh-13897
  • f923f6c Merge pull request #13989 from Automattic/vkarpov15/gh-13578
  • 30888e3 test: fix typescript tests
  • ce66e23 fix lint
  • 8fe5c36 docs: fix lint
  • c7f110e docs(migrating_to_8): add note about `overwrite` to migration guide
  • d6cd1db test: fix a couple of failing tests
  • 84ac690 Merge branch '8.0' into vkarpov15/gh-13578
  • c5b16fe test: add additional assert re: code review comment
  • 7efa151 Merge pull request #13992 from suzuki/fix/doc-typescript-query-helper
  • b630afb docs(migrating_to_8): add missing issues to migration guide
  • eefe935 Merge branch 'master' into 8.0
  • eacb5ab fix(document): fix missing import and change wrong variable name

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

mernjs avatar Feb 11 '24 14:02 mernjs