[Snyk] Upgrade mongoose from 5.9.7 to 5.13.22

[sandorTuranszky]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 5.9.7 to 5.13.22.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 101 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-01-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1050858	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1089718	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

• 2642bb5 chore: release 5.13.22
• e894fe8 types: add `skipValidation`, `strict`, `timestamps` as options for bulkWrite()
• c5fa9b4 fix: also allow setting nested field to undefined re: #14205
• 66e5c1b fix: fix some merge issues with #14226 re: #14205
• a96164e fix(document): allow setting nested path to `null`
• 7ff7e33 perf(schema): remove unnecessary lookahead in numeric subpath check
• 09c55b3 pin another version for node 4 build
• a1c9fb1 chore: fix typo
• 7bd07d9 try pinning @ types/babylon dep to fix build issues
• 21639c8 chore: release 5.13.21
• 78257e2 Merge pull request #13670 from Automattic/IslandRhythms/backport-pull-12954
• 443092a add back `uniqueDocs`
• e7ff415 fix: lint
• deedb88 backport GeoNear to 5.x
• 11bb2c4 Merge pull request #13655 from Automattic/IslandRhythms/backport-npm
• 702b4a0 Update .npmignore
• 0f3997a chore: release 5.13.20
• f1efabf fix: avoid prototype pollution on init
• 98e0762 chore: release 5.13.19
• 7e36d21 chore: release 5.13.18
• 6759c60 undo accidental changes and actually pin @ types/json-schema
• 4ed4a89 chore: pin version of @ types/json-schema because of install issues on node v4 and v6
• 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
• 26424d5 5.x - bump mongodb driver to 3.7.4

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
expressjs-opensource	❌ Failed (Inspect)			Feb 18, 2024 1:22am