Mongoose-TypeScript-example
Mongoose-TypeScript-example copied to clipboard
Published
20 hours ago •
tomanagle
tomanagle
[Snyk] Security upgrade mongoose from 5.9.29 to 5.11.7
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
651/1000 Why? Recently disclosed, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-MQUERY-1050858 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 250 commits.- d7fc59c chore: release 5.11.7
- d318339 fix(index.d.ts): make `Document#id` optional so types that use `id` can use `Model<IMyType & Document>`
- a9b317a chore: upgrade mquery -> 3.2.3
- 43f88db fix(document): ensure calling `get()` with empty string returns undefined for mongoose-plugin-autoinc
- 369efe1 Merge pull request #9692 from sahasayan/patch-4
- f879c4d chore: update opencollective sponsors
- 1be4d87 fix(model): set `isNew` to false for documents that were successfully inserted by `insertMany` with `ordered = false` when an error occurred
- b2da840 test(model): repro #9677
- 15d6660 fix(index.d.ts): add missing Aggregate#skip() & Aggregate#limit()
- dd348b1 chore: release 5.11.6
- 3ec01fa fix(index.d.ts): allow calling `mongoose.model()` and `Connection#model()` with model as generic param
- ccfa041 Merge pull request #9686 from cjroebuck/patch-1
- 7a52e45 Merge pull request #9685 from sahasayan/patch-3
- a5c98c2 Allow array of validators in SchemaTypeOptions
- 48907ea fix(index.d.ts): allow 2 generic types in mongoose.model function
- a17a2c3 Merge pull request #9683 from isengartz/master
- 61595f0 fix(index.d.ts): allow passing ObjectId properties as strings to `create()` and `findOneAndReplace()`
- 8e20ee6 optional next() parameter for post middleware
- 8a52485 Merge pull request #9680 from orgads/aggregate
- 1ef8274 fix(middleware): ensure sync errors in pre hooks always bubble up to the calling code
- 067e3a2 fix(index.d.ts): Fix return type of Model#aggregate()
- 0e2058d chore: release 5.11.5
- 6d9fb4d fix(index.d.ts): add missing `SchemaTypeOpts` and `ConnectionOptions` aliases for backwards compat
- a85adb9 test: fix tests re: #9669
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
