[Snyk] Upgrade mongoose from 4.2.4 to 6.2.5 #1219

snyk-bot · 2022-03-30T18:02:44Z

Snyk has created this PR to upgrade mongoose from 4.2.4 to 6.2.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 423 versions ahead of your current version.
The recommended version was released 21 days ago, on 2022-03-09.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MQUERY-1050858	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-MONGODB-473855	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
DLL Injection SNYK-JS-KERBEROS-568900	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MPATH-1577289	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Remote Memory Exposure npm:mongoose:20160116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Mature
Information Exposure SNYK-JS-MONGOOSE-472486	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

6.2.5 - 2022-03-09
6.2.5 / 2022-03-09
- fix(mongoose): add isObjectIdOrHexString() to better capture the most common use case for isValidObjectId() #11419
- fix(query): prevent modifying discriminator key in updates using operators other than $set #11456
- fix(populate+types): call foreignField functions with doc as 1st param, better typings for localField and foreignField functions #11321
- fix(populate): return an array when using populate count on an array localField #11307
- fix(query): avoid error when using $not with arrays #11467
- perf: only deep clone validators if necessary #11412 Uzlopak
- fix(types): rename definition files to lowercase to avoid typescript bug #11469
- fix(types): aggregate.sort() accepts a string but also { field: 'asc'|'ascending'|'desc'|'descending' } #11479 simonbrunel
- fix(types): extract and refactor aggregationcursor and querycursor #11488 Uzlopak
- fix(types): extract and refactor schemaoptions #11484 Uzlopak
- fix(types): make first param to Query.prototype.populate() a string #11475 minhthinhls
- fix(types): improve type checking for doc arrays in schema definitions #11241
- docs: fix length comparaison in lean.test.js #11493 zazapeta
- docs(timestamps): fix typo #11481 saibbyweb
- docs: fix broken link to rawResult #11459 chhiring90
6.2.4 - 2022-02-28
6.2.4 / 2022-02-28
- fix(query): correctly return full deleteOne(), deleteMany() result #11211
- fix(query): handle update validators on deeply nested subdocuments #11455 #11394
- fix(discriminator): handle modifying multiple nested paths underneath a discriminator #11428
- perf: improve isAsyncFunction #11408 Uzlopak
- fix(index.d.ts): add typedefs for Schema pick() #11448 Moisei-Shkil
- fix(index.d.ts): allow type override for distinct() #11306
- fix(index.d.ts): allow array of validators in schema definition #11355
- fix(index.d.ts): improve connection typings #11418 Uzlopak
- docs: add timestamps docs #11336
- docs(timestamps): explain how timestamps works under the hood #11336
- docs(migrating_to_6): add model.exists breaking change returning doument instead of boolean #11407 AbdelrahmanHafez
- docs(index.d.ts): add docs for FilterQuery, UpdateQuery, and LeanDocument #11457 Moisei-Shkil
6.2.3 - 2022-02-21
6.2.3 / 2022-02-21
- fix(model): avoid dropping base model indexes when using discriminators with Connection.prototype.syncIndexes() #11424 #11421 AbdelrahmanHafez
- fix(document): handle array defaults when selecting element underneath array #11376
- fix(populate): correctly handle depopulating populated subdocuments #11436
- fix(utils): improve deepEqual() handling for comparing objects with non-objects #11417
- fix(schema): allow declaring array of arrays using [{ type: [String] }] #11252
- perf: improve validation sync and async by replacing forEach with classic for loops #11414 Uzlopak
- perf: make hasDollarKeys faster #11401 Uzlopak
- fix(index.d.ts): ValidationError errors only contains CastError or ValidationError #11369 Uzlopak
- fix(index.d.ts): make InsertManyResult.insertedIds return an array of Types.ObjectId by default #11197
- fix(index.d.ts): allow pre('save') middleware with pre options #11257
- fix(index.d.ts): add supressReservedKeysWarning option to schema #11439 hiukky
- docs(connections): improve replica set hostname docs with correct error message and info about err.reason.servers #11200
- docs(populate): add virtual populate match option documentation #11411 remirobichet
- docs(document): add note to API docs that flattenMaps defaults to true for toJSON() but not toObject() #11213
- docs(document+model): add populate option to populate() API docs #11170
- docs(migrating_to_6): add additional info about removing omitUndefined #11038
- docs(migrating_to_6): add model.exists breaking change returning doument instead of boolean AbdelrahmanHafez
6.2.2 - 2022-02-16
Read more
6.2.1 - 2022-02-07
Read more
6.2.0 - 2022-02-02
Read more
6.1.10 - 2022-02-01
6.1.9 - 2022-01-31
6.1.8 - 2022-01-24
6.1.7 - 2022-01-17
6.1.6 - 2022-01-10
6.1.5 - 2022-01-04
6.1.4 - 2021-12-27
6.1.3 - 2021-12-21
6.1.2 - 2021-12-15
6.1.1 - 2021-12-09
6.1.0 - 2021-12-07
6.0.15 - 2021-12-06
6.0.14 - 2021-11-29
6.0.13 - 2021-11-15
6.0.12 - 2021-10-21
6.0.11 - 2021-10-14
6.0.10 - 2021-10-08
6.0.9 - 2021-10-04
6.0.8 - 2021-09-27
6.0.7 - 2021-09-20
6.0.6 - 2021-09-15
6.0.5 - 2021-09-06
6.0.4 - 2021-09-01
6.0.3 - 2021-08-30
6.0.2 - 2021-08-26
6.0.1 - 2021-08-25
6.0.0 - 2021-08-24
6.0.0-rc2 - 2021-08-23
6.0.0-rc1 - 2021-08-12
6.0.0-rc0 - 2021-08-03
5.13.14 - 2021-12-27
5.13.13 - 2021-11-02
5.13.12 - 2021-10-19
5.13.11 - 2021-10-12
5.13.10 - 2021-10-05
5.13.9 - 2021-09-06
5.13.8 - 2021-08-23
5.13.7 - 2021-08-11
5.13.6 - 2021-08-09
5.13.5 - 2021-07-30
5.13.4 - 2021-07-28
5.13.3 - 2021-07-16
5.13.2 - 2021-07-03
5.13.1 - 2021-07-02
5.13.0 - 2021-06-28
5.12.15 - 2021-06-25
5.12.14 - 2021-06-15
5.12.13 - 2021-06-04
5.12.12 - 2021-05-28
5.12.11 - 2021-05-24
5.12.10 - 2021-05-18
5.12.9 - 2021-05-13
5.12.8 - 2021-05-10
5.12.7 - 2021-04-29
5.12.6 - 2021-04-27
5.12.5 - 2021-04-19
5.12.4 - 2021-04-15
5.12.3 - 2021-03-31
5.12.2 - 2021-03-22
5.12.1 - 2021-03-18
5.12.0 - 2021-03-11
5.11.20 - 2021-03-11
5.11.19 - 2021-03-05
5.11.18 - 2021-02-23
5.11.17 - 2021-02-17
5.11.16 - 2021-02-12
5.11.15 - 2021-02-03
5.11.14 - 2021-01-28
5.11.13 - 2021-01-20
5.11.12 - 2021-01-14
5.11.11 - 2021-01-08
5.11.10 - 2021-01-04
5.11.9 - 2020-12-28
5.11.8 - 2020-12-14
5.11.7 - 2020-12-10
5.11.6 - 2020-12-09
5.11.5 - 2020-12-07
5.11.4 - 2020-12-04
5.11.3 - 2020-12-03
5.11.2 - 2020-12-02
5.11.1 - 2020-12-01
5.11.0 - 2020-11-30
5.10.19 - 2020-11-30
5.10.18 - 2020-11-29
5.10.17 - 2020-11-27
5.10.16 - 2020-11-25
5.10.15 - 2020-11-16
5.10.14 - 2020-11-12
5.10.13 - 2020-11-06
5.10.12 - 2020-11-04
5.10.11 - 2020-10-26
5.10.10 - 2020-10-23
5.10.9 - 2020-10-09
5.10.8 - 2020-10-05
5.10.7 - 2020-09-24
5.10.6 - 2020-09-18
5.10.5 - 2020-09-11
5.10.4 - 2020-09-09
5.10.3 - 2020-09-03
5.10.2 - 2020-08-28
5.10.1 - 2020-08-26
5.10.0 - 2020-08-14
5.9.29 - 2020-08-13
5.9.28 - 2020-08-07
5.9.27 - 2020-07-31
5.9.26 - 2020-07-27
5.9.25 - 2020-07-17
5.9.24 - 2020-07-13
5.9.23 - 2020-07-10
5.9.22 - 2020-07-06
5.9.21 - 2020-07-01
5.9.20 - 2020-06-22
5.9.19 - 2020-06-15
5.9.18 - 2020-06-05
5.9.17 - 2020-06-02
5.9.16 - 2020-05-25
5.9.15 - 2020-05-18
5.9.14 - 2020-05-13
5.9.13 - 2020-05-08
5.9.12 - 2020-05-04
5.9.11 - 2020-04-30
5.9.10 - 2020-04-20
5.9.9 - 2020-04-13
5.9.7 - 2020-03-30
5.9.6 - 2020-03-23
5.9.5 - 2020-03-16
5.9.4 - 2020-03-09
5.9.3 - 2020-03-02
5.9.2 - 2020-02-21
5.9.1 - 2020-02-14
5.9.0 - 2020-02-13
5.8.13 - 2020-02-13
5.8.12 - 2020-02-12
5.8.11 - 2020-01-31
5.8.10 - 2020-01-27
5.8.9 - 2020-01-17
5.8.7 - 2020-01-10
5.8.6 - 2020-01-08
5.8.5 - 2020-01-06
5.8.4 - 2020-01-02
5.8.3 - 2019-12-23
5.8.2 - 2019-12-20
5.8.1 - 2019-12-12
5.8.0 - 2019-12-09
5.7.14 - 2019-12-06
5.7.13 - 2019-11-29
5.7.12 - 2019-11-19
5.7.11 - 2019-11-14
5.7.10 - 2019-11-11
5.7.9 - 2019-11-08
5.7.8 - 2019-11-05
5.7.7 - 2019-10-24
5.7.6 - 2019-10-21
5.7.5 - 2019-10-14
5.7.4 - 2019-10-09
5.7.3 - 2019-09-30
5.7.1 - 2019-09-13
5.7.0 - 2019-09-09
5.6.13 - 2019-09-06
5.6.12 - 2019-09-03
5.6.11 - 2019-08-25
5.6.10 - 2019-08-21
5.6.9 - 2019-08-07
5.6.8 - 2019-08-02
5.6.7 - 2019-07-26
5.6.6 - 2019-07-22
5.6.5 - 2019-07-17
5.6.4 - 2019-07-08
5.6.3 - 2019-07-03
5.6.2 - 2019-06-28
5.6.1 - 2019-06-24
5.6.0 - 2019-06-14
5.5.15 - 2019-06-12
5.5.14 - 2019-06-08
5.5.13 - 2019-06-05
5.5.12 - 2019-05-31
5.5.11 - 2019-05-23
5.5.10 - 2019-05-20
5.5.9 - 2019-05-16
5.5.8 - 2019-05-13
5.5.7 - 2019-05-09
5.5.6 - 2019-05-06
5.5.5 - 2019-04-30
5.5.4 - 2019-04-25
5.5.3 - 2019-04-22
5.5.2 - 2019-04-16
5.5.1 - 2019-04-11
5.5.0 - 2019-04-08
5.4.23 - 2019-04-08
5.4.22 - 2019-04-04
5.4.21 - 2019-04-02
5.4.20 - 2019-03-25
5.4.19 - 2019-03-11
5.4.18 - 2019-03-08
5.4.17 - 2019-03-03
5.4.16 - 2019-02-26
5.4.15 - 2019-02-23
5.4.14 - 2019-02-19
5.4.13 - 2019-02-15
5.4.12 - 2019-02-13
5.4.11 - 2019-02-09
5.4.10 - 2019-02-05
5.4.9 - 2019-02-01
5.4.8 - 2019-01-30
5.4.7 - 2019-01-26
5.4.6 - 2019-01-22
5.4.5 - 2019-01-18
5.4.4 - 2019-01-14
5.4.3 - 2019-01-09
5.4.2 - 2019-01-03
5.4.1 - 2018-12-26
5.4.0 - 2018-12-14
5.3.16 - 2018-12-11
5.3.15 - 2018-12-05
5.3.14 - 2018-11-27
5.3.13 - 2018-11-20
5.3.12 - 2018-11-13
5.3.11 - 2018-11-09
5.3.10 - 2018-11-06
5.3.9 - 2018-11-02
5.3.8 - 2018-10-30
5.3.7 - 2018-10-26
5.3.6 - 2018-10-23
5.3.5 - 2018-10-22
5.3.4 - 2018-10-15
5.3.3 - 2018-10-12
5.3.2 - 2018-10-07
5.3.1 - 2018-10-02
5.3.0 - 2018-09-28
5.2.18 - 2018-09-27
5.2.17 - 2018-09-21
5.2.16 - 2018-09-19
5.2.15 - 2018-09-15
5.2.14 - 2018-09-10
5.2.13 - 2018-09-04
5.2.12 - 2018-08-30
5.2.11 - 2018-08-30
5.2.10 - 2018-08-27
5.2.9 - 2018-08-17
5.2.8 - 2018-08-14
5.2.7 - 2018-08-06
5.2.6 - 2018-07-30
5.2.5 - 2018-07-23
5.2.4 - 2018-07-16
5.2.3 - 2018-07-11
5.2.2 - 2018-07-08
5.2.1 - 2018-07-04
5.2.0 - 2018-07-03
5.1.8 - 2018-07-02
5.1.7 - 2018-06-26
5.1.6 - 2018-06-19
5.1.5 - 2018-06-11
5.1.4 - 2018-06-04
5.1.3 - 2018-05-29
5.1.2 - 2018-05-21
5.1.1 - 2018-05-14
5.1.0 - 2018-05-10
5.0.18 - 2018-05-09
5.0.17 - 2018-04-30
5.0.16 - 2018-04-23
5.0.15 - 2018-04-16
5.0.14 - 2018-04-09
5.0.13 - 2018-04-05
5.0.12 - 2018-03-27
5.0.11 - 2018-03-19
5.0.10 - 2018-03-13
5.0.9 - 2018-03-05
5.0.8 - 2018-03-03
5.0.7 - 2018-02-23
5.0.6 - 2018-02-15
5.0.5 - 2018-02-13
5.0.4 - 2018-02-08
5.0.3 - 2018-02-01
5.0.2 - 2018-01-28
5.0.1 - 2018-01-20
5.0.0 - 2018-01-17
5.0.0-rc2 - 2018-01-04
5.0.0-rc1 - 2018-01-02
5.0.0-rc0 - 2017-12-28
4.13.21 - 2020-07-12
4.13.20 - 2020-01-08
4.13.19 - 2019-07-17
4.13.18 - 2019-01-22
4.13.17 - 2018-08-30
4.13.16 - 2018-08-30
4.13.15 - 2018-08-14
4.13.14 - 2018-05-25
4.13.13 - 2018-05-17
4.13.12 - 2018-03-14
4.13.11 - 2018-02-08
4.13.10 - 2018-01-28
4.13.9 - 2018-01-07
4.13.8 - 2017-12-27
4.13.7 - 2017-12-12
4.13.6 - 2017-12-02
4.13.5 - 2017-11-24
4.13.4 - 2017-11-17
4.13.3 - 2017-11-16
4.13.2 - 2017-11-13
4.13.1 - 2017-11-09
4.13.0 - 2017-11-03
4.12.6 - 2017-11-01
4.12.5 - 2017-10-30
4.12.4 - 2017-10-21
4.12.3 - 2017-10-16
4.12.2 - 2017-10-14
4.12.1 - 2017-10-08
4.12.0 - 2017-10-03
4.11.14 - 2017-09-30
4.11.13 - 2017-09-25
4.11.12 - 2017-09-18
4.11.11 - 2017-09-10
4.11.10 - 2017-09-04
4.11.9 - 2017-08-28
4.11.8 - 2017-08-24
4.11.7 - 2017-08-14
4.11.6 - 2017-08-07
4.11.5 - 2017-07-30
4.11.4 - 2017-07-23
4.11.3 - 2017-07-14
4.11.2 - 2017-07-13
4.11.1 - 2017-07-03
4.11.0 - 2017-06-25
4.10.8 - 2017-06-22
4.10.7 - 2017-06-18
4.10.6 - 2017-06-13
4.10.5 - 2017-06-07
4.10.4 - 2017-05-29
4.10.3 - 2017-05-27
4.10.2 - 2017-05-23
4.10.1 - 2017-05-22
4.10.0 - 2017-05-18
4.9.10 - 2017-05-18
4.9.9 - 2017-05-13
4.9.8 - 2017-05-07
4.9.7 - 2017-05-01
4.9.6 - 2017-04-24
4.9.5 - 2017-04-17
4.9.4 - 2017-04-09
4.9.3 - 2017-04-02
4.9.2 - 2017-03-26
4.9.1 - 2017-03-19
4.9.0 - 2017-03-13
4.8.7 - 2017-03-12
4.8.6 - 2017-03-05
4.8.5 - 2017-02-26
4.8.4 - 2017-02-20
4.8.3 - 2017-02-16
4.8.2 - 2017-02-11
4.8.1 - 2017-01-31
4.8.0 - 2017-01-29
4.7.9 - 2017-01-27
4.7.8 - 2017-01-24
4.7.7 - 2017-01-16
4.7.6 - 2017-01-03
4.7.5 - 2016-12-26
4.7.5-pre - 2016-12-26
4.7.4 - 2016-12-20
4.7.3 - 2016-12-16
4.7.2 - 2016-12-08
4.7.1 - 2016-12-01
4.7.0 - 2016-11-23
4.6.8 - 2016-11-15
4.6.7 - 2016-11-10
4.6.6 - 2016-11-03
4.6.5 - 2016-10-24
4.6.4 - 2016-10-17
4.6.3 - 2016-10-06
4.6.2 - 2016-10-01
4.6.1 - 2016-09-20
4.6.0 - 2016-09-02
4.5.10 - 2016-08-23
4.5.9 - 2016-08-14
4.5.8 - 2016-08-01
4.5.7 - 2016-07-25
4.5.6 - 2016-07-23
4.5.5 - 2016-07-18
4.5.4 - 2016-07-11
4.5.3 - 2016-07-01
4.5.2 - 2016-06-25
4.5.1 - 2016-06-18
4.5.0 - 2016-06-13
4.4.20 - 2016-06-05
4.4.19 - 2016-05-21
4.4.18 - 2016-05-21
4.4.17 - 2016-05-13
4.4.16 - 2016-05-09
4.4.15 - 2016-05-06
4.4.14 - 2016-04-27
4.4.13 - 2016-04-21
4.4.12 - 2016-04-08
4.4.11 - 2016-04-03
4.4.10 - 2016-03-24
4.4.9 - 2016-03-23
4.4.8 - 2016-03-18
4.4.7 - 2016-03-11
4.4.6 - 2016-03-03
4.4.5 - 2016-02-24
4.4.4 - 2016-02-17
4.4.3 - 2016-02-09
4.4.2 - 2016-02-05
4.4.1 - 2016-02-03
4.4.0 - 2016-02-02
4.3.7 - 2016-01-23
4.3.6 - 2016-01-15
4.3.5 - 2016-01-09
4.3.4 - 2015-12-23
4.3.3 - 2015-12-18
4.3.2 - 2015-12-17
4.3.1 - 2015-12-11
4.3.0 - 2015-12-09
4.2.10 - 2015-12-08
4.2.9 - 2015-12-02
4.2.8 - 2015-11-25
4.2.7 - 2015-11-20
4.2.6 - 2015-11-16
4.2.5 - 2015-11-09
4.2.4 - 2015-11-02

from mongoose GitHub release notes

Commit messages

Package name: mongoose

f148e62 chore: release 6.2.5
3441ba0 Merge pull request #11488 from Uzlopak/chore-extract-and-refactor-aggregationcursor-and-querycursor
da0f4bd Merge pull request #11484 from Uzlopak/chore-extract-refactor-schemaoptions
6a2430d Merge pull request #11475 from minhthinhls/patch-11473
893203c fix: remove caching from #11412
029b786 Merge pull request #11412 from Uzlopak/isSimpleValidator
7eaf775 Merge branch 'master' of github.com:Automattic/mongoose
a6d790e fix(mongoose): add `isObjectIdOrHexString()` to better capture the most common use case for `isValidObjectId()`
6ca7ef4 Merge pull request #11493 from zazapeta/patch-1
8b2f016 Update lean.test.js
daaabfd test: fix #11467 test case on MongoDB 4
5ce23b2 fix(populate+types): call `foreignField` functions with `doc` as 1st param, better typings for `localField` and `foreignField` functions
200c277 fix(query): avoid error when using `$not` with arrays
0f429b3 fix(query): prevent modifying discriminator key in updates using operators other than `$set`
8d69a62 remove newline
d871971 passthrough options
a62de71 use any
4164bd2 improve typings of cursor
c8aa1c9 extract aggregationcursor and querycursor
71e7fa1 remove emitIndexErrors
96011b4 fix lint error
30315c6 extract schemaoptions
976b137 fix(populate): return an array when using populate count on an array localField
a7a41b5 Merge pull request #11479 from simonbrunel/fix/typescript-aggregate-sort

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mongoose from 4.2.4 to 6.2.5. See this package in npm: https://www.npmjs.com/package/mongoose See this project in Snyk: https://app.snyk.io/org/lirantal/project/f8ab60dc-dac0-4909-bf00-7bdd059d1416?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade mongoose from 4.2.4 to 6.2.5 #1219

[Snyk] Upgrade mongoose from 4.2.4 to 6.2.5 #1219

Uh oh!

snyk-bot commented Mar 30, 2022

6.2.5 / 2022-03-09

6.2.4 / 2022-02-28

6.2.3 / 2022-02-21

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade mongoose from 4.2.4 to 6.2.5 #1219

Are you sure you want to change the base?

[Snyk] Upgrade mongoose from 4.2.4 to 6.2.5 #1219

Uh oh!

Conversation

snyk-bot commented Mar 30, 2022

Snyk has created this PR to upgrade mongoose from 4.2.4 to 6.2.5.

6.2.5 / 2022-03-09

6.2.4 / 2022-02-28

6.2.3 / 2022-02-21

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants