[Snyk] Upgrade mongoose from 7.6.3 to 7.6.8 #95

PlainDevelopment · 2024-03-18T17:27:01Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 7.6.3 to 7.6.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-01-08.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AXIOS-6144788	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Resource Exhaustion SNYK-JS-NEXT-6032387	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-POSTCSS-5926692	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

7.6.8 - 2024-01-08
7.6.7 - 2023-12-06
7.6.6 - 2023-11-27
7.6.5 - 2023-11-14
7.6.4 - 2023-10-30
7.6.3 - 2023-10-17

from mongoose GitHub release notes

Commit messages

Package name: mongoose

ac9af5b docs: add unnecessary lookahead fix to changelog
6ffb123 chore: release 7.6.8
7248bdf Merge branch '6.x' into 7.x
2d68983 chore: release 6.12.5
b4e3b2f Merge pull request #14213 from Automattic/vkarpov15/gh-14024
0960fae types(document): add ignoreAtomics option to isModified typedefs re: #14024
f7e9816 docs(document): add ignoreAtomics option to docs
e3c12cf types(model): add missing strict and timestamps options to bulkWrite() re: #8778
f37b4f2 Merge pull request #14226 from Automattic/vkarpov15/gh-14205
b286b02 fix: also allow setting nested field to undefined re: #14205
6d526cd fix(document): allow setting nested path to `null`
403a28e fix: add ignoreAtomics option to isModified() for better backwards compatibility with Mongoose 5
3e60145 perf(schema): remove unnecessary lookahead in numeric subpath check
8e141d1 perf(schema): remove unnecessary lookahead in numeric subpath check
3a015f9 Merge pull request #14202 from Automattic/vkarpov15/gh-14162
94de74f Merge pull request #14206 from Automattic/vkarpov15/gh-14177
50b0078 style: remove unnecessary comment
4b77619 Merge branch '7.x' into vkarpov15/gh-14177
485f155 test: fix deno tests
0e7ec7f test: try closing change stream to avoid test failure
0199c8b fix(ChangeStream): avoid suppressing errors in closed change stream
e182fe5 Merge pull request #14198 from Automattic/vkarpov15/gh-14178
dabb2cf style: fix lint
e4f4c32 fix(discriminator): handle reusing schema with embedded discriminators defined using Schema.prototype.discriminator