Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mongoose from 4.13.7 to 4.13.21 #2

Open
wants to merge 1 commit into
base: VS
Choose a base branch
from
Open

[Snyk] Upgrade mongoose from 4.13.7 to 4.13.21 #2

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade mongoose from 4.13.7 to 4.13.21.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2020-07-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MPATH-72672		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Information Exposure
SNYK-JS-MONGOOSE-472486		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mongoose
  • 4.13.21 - 2020-07-12
  • 4.13.20 - 2020-01-08
  • 4.13.19 - 2019-07-17
  • 4.13.18 - 2019-01-22
  • 4.13.17 - 2018-08-30
  • 4.13.16 - 2018-08-30
  • 4.13.15 - 2018-08-14
  • 4.13.14 - 2018-05-25
  • 4.13.13 - 2018-05-17
  • 4.13.12 - 2018-03-14
  • 4.13.11 - 2018-02-08
  • 4.13.10 - 2018-01-28
  • 4.13.9 - 2018-01-07
  • 4.13.8 - 2017-12-27
  • 4.13.7 - 2017-12-12
from mongoose GitHub release notes
Commit messages
Package name: mongoose
  • f88eb25 fix(query): delete top-level `_bsontype` property in queries to prevent silent empty queries
  • 1db031c test(schema): clean up messy tests re: #8459
  • 8fa8012 test: test cleanup re: #8459
  • 4a55040 chore: remove problematic mongoose-long dep and use mongodb 3.4 in tests
  • 91f95da chore: run consistent mongod version in tests
  • 0e65e6e chore: release 4.13.20
  • 803090d fix(schema): make aliases handle mongoose-lean-virtuals
  • 6a8b381 chore: add .config.js to gitignore and npmignore
  • f51c4aa chore: release 4.13.19
  • 2aeeaa8 Merge pull request #7950 from cdimitroulas/backport-aggregate-options-bugfix
  • b10cc98 rename aggregation option test
  • d9a2027 fix bug: Using options in aggregates doesn't set anything
  • 75daf18 chore: release 4.13.18
  • 8c75e9b chore: dont run nsp
  • c8b8720 style: fix lint
  • edf70e4 fix(cast): backport fix from #7290 to 4.x
  • 29f6709 fix(model): handle setting populated path set via `Document#populate()`
  • 0e1772f test(document): repro #7302
  • 2370f97 chore: now working on 4.13.18
  • 4545d44 chore: release 4.13.17
  • fb8b644 fix(document): disallow setting constructor and prototype if strict mode false
  • b33d8c2 style: fix lint
  • df93f5b chore: release 4.13.16
  • a3b98f6 fix(document): disallow setting __proto__ if strict mode false

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot