[Snyk] Upgrade mongoose from 6.0.10 to 6.5.4

[weirdbandkid]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 6.0.10 to 6.5.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 51 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2022-08-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.5.4 - 2022-08-30
  

  6.5.4 / 2022-08-30

  • fix(document): allow calling $assertPopulated() with values to better support manual population #12233
  • fix(connection+mongoose): better handling for calling model() with 1 argument #12359
  • fix(model): allow defining discriminator virtuals and methods using schema options #12326
  • fix(types): fix MongooseQueryMiddleware missing "findOneAndReplace" and "replaceOne" #12330 #12329 Jule- lpizzinidev
  • fix(types): fix replaceOne return type #12351 lpizzinidev
  • fix(types): use this for return type from $assertPopulated() #12234
  • docs: highlight how to connect using auth in README #12354 AntonyOnScript
  • docs: improve jsdoc comments for private methods #12337 hasezoey
  • docs: fix minor typo in compatibility table header #12355 skyme5
• 6.5.3 - 2022-08-25
  

  6.5.3 / 2022-08-24

  • fix(document): handle maps when applying defaults to nested paths #12322
  • fix(schema): make ArraySubdocuments apply _id defaults on init #12264
  • fix(populate): handle specifying recursive populate as a string with discriminators #12266
  • perf(types): remove extends Query in Schema.pre() and Schema.post(), loosen discriminator() generic #10349
  • perf(types): some more micro-optimizations re: #10349, remove extra type checking on $ne, etc.
  • fix(types): infer schema on connection.model() #12298 #12125 hasezoey
  • fix(types): add missing findById() type definitions #12309 lpizzinidev
  • fix(types): allow $search in $lookup pipeline stages for MongoDB v6.x support #12278 AbdelrahmanHafez
  • fix(types): add parameter "options" to "Model.remove" #12258 hasezoey
  • fix(types): sync single-generic-no-constraint "model" between "index.d.ts" and "connection.d.ts" #12299 hasezoey
  • fix(types): update isDirectModified typing #12290 gabrielDonnantuoni
  • docs: update links on api docs #12293 eatmoarrice
  • docs: add note about language_override option #12310 IslandRhythms
  • docs(document): add "String[]" to Document.depopulate as jsdoc parameter type #12300 hasezoey
  • docs: update Node.js EventEmitter url #12303 rainrisa
• 6.5.2 - 2022-08-10
  

  6.5.2 / 2022-08-09

  • fix(aggregate): avoid throwing error when disconnecting with change stream open #12201 ramos-ph
  • fix(query): overwrite top-level key if using Query.prototype.set() to set to undefined #12155
  • fix(query): shallow clone options before modifying #12176
  • fix(types): auto schema type inference on Connection.prototype.model() #12240 hasezoey
  • fix(types): better typescript support for schema plugins #12139 emiljanitzek
  • fix(types): make bulkWrite() type param optional #12221 #12212
  • docs: misc cleanup #12199 hasezoey
  • docs: highlight current top-most visible header in navbar #12222 hasezoey
  • docs(populate): improve examples for Document.prototype.populate() #12111
  • docs(middleware): clarify document vs model in middleware docs #12113
• 6.5.1 - 2022-08-03
  

  6.5.1 / 2022-08-03

  • fix(timestamps): set timestamps on child schema when child schema has timestamps: true but parent schema does not #12119
  • fix(schema+timestamps): handle insertMany() with timestamps and discriminators #12150
  • fix(model+query): handle populate with lean transform that deletes _id #12143
  • fix(types): allow $pull with _id #12142
  • fix(types): add schema plugin option inference #12196 hasezoey
  • fix(types): pass type to mongodb bulk write operation #12167 emiljanitzek
  • fix(types): map correct generics from model to schema #12125 emiljanitzek
  • fix(types): avoid baffling circular reference when using PopulatedDoc with a bidirectional reference #12136
  • fix(types): allow using path with $count #12149
  • docs(compatibility): change to use a table #12200 hasezoey
  • docs(api_split.pug): add "code" to sidebar entries #12153 hasezoey
  • docs: add "code" to Headers (and index list) #12152 hasezoey
• 6.5.0 - 2022-07-26
  Read more
• 6.4.7 - 2022-07-25
  Read more
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16
• 6.2.1 - 2022-02-07
• 6.2.0 - 2022-02-02
• 6.1.10 - 2022-02-01
• 6.1.9 - 2022-01-31
• 6.1.8 - 2022-01-24
• 6.1.7 - 2022-01-17
• 6.1.6 - 2022-01-10
• 6.1.5 - 2022-01-04
• 6.1.4 - 2021-12-27
• 6.1.3 - 2021-12-21
• 6.1.2 - 2021-12-15
• 6.1.1 - 2021-12-09
• 6.1.0 - 2021-12-07
• 6.0.15 - 2021-12-06
• 6.0.14 - 2021-11-29
• 6.0.13 - 2021-11-15
• 6.0.12 - 2021-10-21
• 6.0.11 - 2021-10-14
• 6.0.10 - 2021-10-08

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 803a786 chore: release 6.5.4
• b60d0e6 Merge pull request #12341 from Automattic/vkarpov15/gh-12233
• 20584b2 fix(mongoose): fix build from #12359
• 3bef3cf fix(connection+mongoose): better handling for calling `model()` with 1 argument
• aba698b style: fix lint
• f858ca5 Merge pull request #12359 from chochihim/patch-1
• c6d5889 Update connection.js
• 53d4f38 Update lib/connection.js
• 1563a1b docs(document): improve `$assertPopulated()` docs
• 67bfddd Merge pull request #12337 from hasezoey/changeCommentType
• caa9a69 Merge pull request #12354 from AntonyOnScript/patch-1
• d4828e2 Update index.md
• 9f115b8 Merge pull request #12357 from hasezoey/combineCoverage
• 9da0b2e Merge branch 'master' into combineCoverage
• 3aa2411 Merge branch 'master' into changeCommentType
• 11edf8d style(ArraySubdocument): fix jsdoc field casing
• bbeaa9a Merge pull request #12351 from lpizzinidev/fix-replaceone-type
• c4935c7 Update connection.js
• 3b062ee Update some tests and config to be more maintainable (#12356)
• 9ab5f52 Update test/types/models.test.ts
• 3bcd316 Call _markModified in splice array method (#12348)
• d9add5f fix lint
• 1ff771b test(types): added type test replaceOne
• 5d1991f Fixed replaceOne model's return type

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs