Skip to content

Commit 840dde2

Browse files
r1tsuur1tsuu
authored
fix(db-mongodb): bump mongoose to 8.8.3 (#9747)
Fixes #9729. The current version has vulnerability https://avd.aquasec.com/nvd/2024/cve-2024-53900/. Technically, Payload doesn't use described in the report [`$where`](https://www.mongodb.com/docs/manual/reference/operator/query/where/#op._S_where) property in its queries at all, but it may affect those who access mongoose via `payload.db.collections` directly
1 parent c2ff9b1 commit 840dde2

File tree

3 files changed

+10
-10
lines changed

3 files changed

+10
-10
lines changed

packages/db-mongodb/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@
4747
},
4848
"dependencies": {
4949
"http-status": "1.6.2",
50-
"mongoose": "8.8.1",
50+
"mongoose": "8.8.3",
5151
"mongoose-aggregate-paginate-v2": "1.1.2",
5252
"mongoose-paginate-v2": "1.8.5",
5353
"prompts": "2.4.2",

pnpm-lock.yaml

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@
6868
"file-type": "19.3.0",
6969
"http-status": "1.6.2",
7070
"jwt-decode": "4.0.0",
71-
"mongoose": "8.8.1",
71+
"mongoose": "8.8.3",
7272
"next": "15.0.2",
7373
"payload": "workspace:*",
7474
"qs-esm": "7.0.2",

0 commit comments

Comments
 (0)