[Snyk] Upgrade mongoose from 6.9.1 to 6.10.0

[wearrrrr]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 6.9.1 to 6.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-FASTXMLPARSER-3325616	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.10.0 - 2023-02-22
  

  6.10.0 / 2023-02-22

  • feat: upgrade to mongodb driver 4.14.0 #13036
  • feat: added Schema.prototype.omit() function #12939 #12931 lpizzinidev
  • feat(index): added createInitialConnection option to Mongoose constructor #13021 #12965 lpizzinidev
• 6.9.3 - 2023-02-22
  

  6.9.3 / 2023-02-22

  • fix(connection): delay calculating autoCreate and autoIndex until after initial connection established #13007 #12940 lpizzinidev
  • fix(discriminator): allows update doc with discriminatorKey #13056 #13055 abarriel
  • fix(query): avoid sending unnecessary empty projection to MongoDB server #13059 #13050
  • fix(model): avoid sending null session option with document operations #13053 #13052 lpizzinidev
  • fix(types): use MergeTypes for type overrides in HydratedDocument #13066 #13040
  • docs(middleware): list validate as a potential query middleware #13057 #12680
  • docs(getters-setters): explain that getters do not run by default on toJSON() #13058 #13049
  • docs: refactor docs generation scripts #13044 hasezoey
• 6.9.2 - 2023-02-16
• 6.9.1 - 2023-02-06

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 0180746 chore: release 6.10.0
• bbd5ef7 Merge pull request #13076 from Automattic/6.10
• 6791962 feat: added Schema.prototype.omit() function
• 185eb16 fix: syntax error for node 12
• c3c133b feat(index): added createInitialConnection option to Mongoose constructor
• 2dbd4aa Merge branch '6.10' of github.com:Automattic/mongoose into 6.10
• 831009a Merge branch 'master' of github.com:Automattic/mongoose
• 8f3d58f chore: release 6.9.3
• ce2061e Merge pull request #13066 from Automattic/vkarpov15/gh-13040
• 170d8fc style: fix lint
• d7f7b42 test: add test case for #13040
• aa94b90 Merge branch 'master' into vkarpov15/gh-13040
• 67f0489 style: fix lint
• c7b2b16 Merge pull request #13056 from abarriel/iso-discriminator
• 768f203 Merge pull request #13057 from Automattic/vkarpov15/validate-middleware-docs
• ec379cf Merge pull request #13063 from Automattic/vkarpov15/gh-13061
• a1c0944 fix(types): use MergeTypes for type overrides in HydratedDocument
• e62f587 Merge pull request #13058 from Automattic/vkarpov15/getters-docs-fix
• 7756609 Merge pull request #13059 from Automattic/vkarpov15/gh-13050
• 3ddc2e2 Merge pull request #13007 from lpizzinidev/gh-12940
• 28e2bce test: avoid storing document in subdocument timestamps test
• b08afa1 test: hopefully fix deno tests by cleaning up data
• 4397d86 test: print doc value for debugging
• 4577dc2 test: pin Deno std version in tests, try removing test from #13053 to see if that fixes deno tests

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs