node-twitter icon indicating copy to clipboard operation
node-twitter copied to clipboard
verified publisher icon vinitkumar

[Snyk] Upgrade mongoose from 8.9.5 to 8.17.0

Open vinitkumar opened this issue 6 months ago β€’ 0 comments

snyk-top-banner

Snyk has created this PR to upgrade mongoose from 8.9.5 to 8.17.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 27 versions ahead of your current version.

  • The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 542 Proof of Concept
Release notes
Package name: mongoose
  • 8.17.0 - 2025-07-30

    8.17.0 / 2025-07-30

    • feat: upgrade mongodb -> 6.18.0 #15552
    • feat(mongoose): export base Connection and Collection classes #15548
    • feat: make Schema.prototype.$conditionalHandlers public #15497
    • types: automatically infer discriminator type #15547 #15535
    • types: make versionKey: false disable __v from hydrated document #15524 #15511
    • types: indicate support for mongodb abort #15549 GalacticHypernova
    • types: add options property to schemas #15524
    • types(schematype): make defaultOptions static and add schemaOptions to DocumentArray #15529 #15524
  • 8.16.5 - 2025-07-25

    8.16.5 / 2025-07-25

    • fix(map): avoid throwing required error if saving map of primitives with required: true #15542
    • types(model): export MongooseBulkWriteResult type #15546
    • types(connection): add base to connection type #15544
  • 8.16.4 - 2025-07-16

    8.16.4 / 2025-07-16

    • fix(connection): avoid calling connection.close() internally with force: Object #15534 #15531
    • types(schema): handle required: string in schema definitions #15538 #15536
    • types(document): allow calling $isDefault() with no args #15528 #15522
    • types: infer Typescript string enums #15530 ruiaraujo
    • types: pass TModelType down to schema statics #15537
  • 8.16.3 - 2025-07-10

    8.16.3 / 2025-07-10

    • fix(document): clean modified subpaths if unsetting map #15520 #15519
    • fix: make DocumentArray SchemaType pass all options to embedded SchemaType #15523
    • types: support readonly array in query.select #15527 omermizr
  • 8.16.2 - 2025-07-07

    8.16.2 / 2025-07-07

    • fix(cursor): populate after hydrating in queryCursor so populated docs get parent() #15498 #15494
    • fix(schema): support toJSONSchema() on mixed types and improve error message about unsupported types #15492 #15489
    • types: add _id and __v to toObject/toJSON transform type #15501 #15479
    • types(schema): use user-provided THydratedDocumentType as context for virtual get() and set() #15517 #15516
    • types: improve typing for transform option to toJSON and toObject #15485
    • docs: link to custom setter docs from lowercase, etc. options and note that setters run on query filters #15493 #15491
    • docs(jest): add note about resetModules #15515
  • 8.16.1 - 2025-06-26

    8.16.1 / 2025-06-26

    • fix(document): avoid setting _skipMarkModified when setting nested path with merge option #15484 #11913
    • fix(model): make sure post save error handler gets doc as param on VersionError #15483 #15480
    • fix: consistent $conditionalHandlers setup between schematypes #15490
    • docs(compatibility): note that mongodb 4.0 is not supported anymore since 8.16.0 #15487 hasezoey
    • docs: remove unnecessary --save flag from npm install instruction #15486 Thahirgeek
  • 8.16.0 - 2025-06-16

    8.16.0 / 2025-06-16

  • 8.15.2 - 2025-06-12

    8.15.2 / 2025-06-12

    • fix(document+schema): improve handling for setting paths underneath maps, including maps of maps #15477 #15461
    • fix: report default paths in VersionError message because they can can cause VersionError #15464
    • fix(updateValidators): ensure update validators only call validators underneath single nested paths once #15446 #15436
    • fix: fix validation for deeply nested maps of subdocuments #15469 #15447 AbdelrahmanHafez
    • fix(DocumentArray): correctly set parent if instantiated with schema from another Mongoose instance #15471 #15466
    • types(model): use ProjectionType for Model.hydrate() #15447 #15443
  • 8.15.1 - 2025-05-26
  • 8.15.0 - 2025-05-16
  • 8.14.3 - 2025-05-13
  • 8.14.2 - 2025-05-08
  • 8.14.1 - 2025-04-29
  • 8.14.0 - 2025-04-25
  • 8.13.3 - 2025-04-24
  • 8.13.2 - 2025-04-03
  • 8.13.1 - 2025-03-28
  • 8.13.0 - 2025-03-24
  • 8.12.2 - 2025-03-21
  • 8.12.1 - 2025-03-04
  • 8.12.0 - 2025-03-03
  • 8.11.0 - 2025-02-26
  • 8.10.2 - 2025-02-25
  • 8.10.1 - 2025-02-14
  • 8.10.0 - 2025-02-05
  • 8.9.7 - 2025-02-04
  • 8.9.6 - 2025-01-31
  • 8.9.5 - 2025-01-13
from mongoose GitHub release notes

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

This change is Reviewable

vinitkumar avatar Aug 20 '25 13:08 vinitkumar