New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency mongoose to v6.11.3 [security] #4728
Open
renovate
wants to merge
1
commit into
dev
Choose a base branch
from
renovate/npm-mongoose-vulnerability
base: dev
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+3,279
−138
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
☁️ Nx Cloud ReportCI is running/has finished running commands for commit 1b09b10. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this CI Pipeline Execution
✅ Successfully ran 5 targetsSent with 💌 from NxCloud. |
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
7 times, most recently
from
July 28, 2023 12:10
72a2641
to
cc15b9c
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
8 times, most recently
from
August 4, 2023 14:55
dc85f84
to
90ac7b2
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
11 times, most recently
from
August 12, 2023 20:31
eeb4507
to
9fe0178
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
6 times, most recently
from
February 4, 2024 00:31
d45ba32
to
ae9377b
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
2 times, most recently
from
February 18, 2024 00:21
898981e
to
59e1f32
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
February 18, 2024 04:17
59e1f32
to
0a59c9f
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
2 times, most recently
from
March 3, 2024 03:39
4dea757
to
43fc353
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
March 10, 2024 01:20
43fc353
to
95d76e3
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
2 times, most recently
from
March 24, 2024 01:43
359db2f
to
fd40342
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
March 31, 2024 00:45
fd40342
to
05495cb
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
5 times, most recently
from
April 14, 2024 01:15
5c667a3
to
27b2b7e
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
5 times, most recently
from
April 28, 2024 00:59
55345f2
to
32588d5
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
May 5, 2024 04:35
32588d5
to
3b34ee1
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
May 12, 2024 04:52
3b34ee1
to
bb8f7db
Compare
renovate
bot
force-pushed
the
renovate/npm-mongoose-vulnerability
branch
from
May 19, 2024 03:51
bb8f7db
to
8c8273a
Compare
Quality Gate passedIssues Measures |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.1.7
->6.11.3
GitHub Vulnerability Alerts
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.
CVE-2022-24304
Description
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Prototype Pollution. The
Schema.path()
function is vulnerable to prototype pollution when setting theschema
object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.Proof of Concept
Impact
This vulnerability can be manipulated to exploit other types of attacks, such as Denial of service (DoS), Remote Code Execution, or Property Injection.
Release Notes
Automattic/mongoose (mongoose)
v6.11.3
Compare Source
===================
v6.11.2
Compare Source
===================
v6.11.1
Compare Source
===================
v6.11.0
Compare Source
===================
v6.10.5
Compare Source
===================
v6.10.4
Compare Source
===================
v6.10.3
Compare Source
===================
v6.10.2
Compare Source
===================
engines
inpackage.json
#13124 lorand-horvathv6.10.1
Compare Source
===================
$and
and$or
#13086 #12898Model.populate()
#13070v6.10.0
Compare Source
===================
v6.9.3
Compare Source
==================
autoCreate
andautoIndex
until after initial connection established #13007 #12940 lpizzinidevv6.9.2
Compare Source
==================
v6.9.1
Compare Source
==================
v6.9.0
Compare Source
==================
$or
conditions after strict applied #12898 0x0a0dv6.8.4
Compare Source
==================
v6.8.3
Compare Source
==================
v6.8.2
Compare Source
==================
v6.8.1
Compare Source
==================
$locals
parameters to getters/setters tutorial #12814 #12550 IslandRhythmsv6.8.0
Compare Source
==================
localField
andforeignField
for virtual populate #12657 #6963 IslandRhythmsv6.7.5
Compare Source
==================
v6.7.4
Compare Source
==================
v6.7.3
Compare Source
v6.7.2
Compare Source
v6.7.1
Compare Source
==================
v6.7.0
Compare Source
v6.6.7
Compare Source
==================
v6.6.6
Compare Source
==================
v6.6.5
Compare Source
v6.6.4
Compare Source
v6.6.3
Compare Source
==================
v6.6.2
Compare Source
v6.6.1
Compare Source
==================
v6.6.0
Compare Source
==================
v6.5.5
Compare Source
==================
v6.5.4
Compare Source
==================
v6.5.3
Compare Source
==================
discriminator()
generic #10349connection.model()
#12298 #12125 hasezoeyfindById()
type definitions #12309 lpizzinidevv6.5.2
Compare Source
==================
Connection.prototype.model()
#12240 hasezoeyv6.5.1
Compare Source
==================
v6.5.0
Compare Source
==================
v6.4.7
Compare Source
==================
v6.4.6
Compare Source
==================
isObjectIdOrHexString()
#12123 LokeshKanumooriv6.4.5
Compare Source
==================
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.