Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 #225

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 3, 2019

Snyk has created this PR to upgrade mongoose from 4.2.4 to 4.13.19.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 136 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2019-07-17.

The recommended version fixes:

Severity Issue Exploit Maturity
Remote Memory Exposure
npm:mongoose:20160116
Mature
Release notes
Package name: mongoose
  • 4.13.19 - 2019-07-17
  • 4.13.18 - 2019-01-22
  • 4.13.17 - 2018-08-30
  • 4.13.16 - 2018-08-30
  • 4.13.15 - 2018-08-14
  • 4.13.14 - 2018-05-25
  • 4.13.13 - 2018-05-17
  • 4.13.12 - 2018-03-14
  • 4.13.11 - 2018-02-08
  • 4.13.10 - 2018-01-28
  • 4.13.9 - 2018-01-07
  • 4.13.8 - 2017-12-27
  • 4.13.7 - 2017-12-12
  • 4.13.6 - 2017-12-02
  • 4.13.5 - 2017-11-24
  • 4.13.4 - 2017-11-17
  • 4.13.3 - 2017-11-16
  • 4.13.2 - 2017-11-13
  • 4.13.1 - 2017-11-09
  • 4.13.0 - 2017-11-03
  • 4.12.6 - 2017-11-01
  • 4.12.5 - 2017-10-30
  • 4.12.4 - 2017-10-21
  • 4.12.3 - 2017-10-16
  • 4.12.2 - 2017-10-14
  • 4.12.1 - 2017-10-08
  • 4.12.0 - 2017-10-03
  • 4.11.14 - 2017-09-30
  • 4.11.13 - 2017-09-25
  • 4.11.12 - 2017-09-18
  • 4.11.11 - 2017-09-10
  • 4.11.10 - 2017-09-04
  • 4.11.9 - 2017-08-28
  • 4.11.8 - 2017-08-24
  • 4.11.7 - 2017-08-14
  • 4.11.6 - 2017-08-07
  • 4.11.5 - 2017-07-30
  • 4.11.4 - 2017-07-23
  • 4.11.3 - 2017-07-14
  • 4.11.2 - 2017-07-13
  • 4.11.1 - 2017-07-03
  • 4.11.0 - 2017-06-25
  • 4.10.8 - 2017-06-22
  • 4.10.7 - 2017-06-18
  • 4.10.6 - 2017-06-13
  • 4.10.5 - 2017-06-07
  • 4.10.4 - 2017-05-29
  • 4.10.3 - 2017-05-27
  • 4.10.2 - 2017-05-23
  • 4.10.1 - 2017-05-22
  • 4.10.0 - 2017-05-18
  • 4.9.10 - 2017-05-18
  • 4.9.9 - 2017-05-13
  • 4.9.8 - 2017-05-07
  • 4.9.7 - 2017-05-01
  • 4.9.6 - 2017-04-24
  • 4.9.5 - 2017-04-17
  • 4.9.4 - 2017-04-09
  • 4.9.3 - 2017-04-02
  • 4.9.2 - 2017-03-26
  • 4.9.1 - 2017-03-19
  • 4.9.0 - 2017-03-13
  • 4.8.7 - 2017-03-12
  • 4.8.6 - 2017-03-05
  • 4.8.5 - 2017-02-26
  • 4.8.4 - 2017-02-20
  • 4.8.3 - 2017-02-16
  • 4.8.2 - 2017-02-11
  • 4.8.1 - 2017-01-31
  • 4.8.0 - 2017-01-29
  • 4.7.9 - 2017-01-27
  • 4.7.8 - 2017-01-24
  • 4.7.7 - 2017-01-16
  • 4.7.6 - 2017-01-03
  • 4.7.5 - 2016-12-26
  • 4.7.5-pre - 2016-12-26
  • 4.7.4 - 2016-12-20
  • 4.7.3 - 2016-12-16
  • 4.7.2 - 2016-12-08
  • 4.7.1 - 2016-12-01
  • 4.7.0 - 2016-11-23
  • 4.6.8 - 2016-11-15
  • 4.6.7 - 2016-11-10
  • 4.6.6 - 2016-11-03
  • 4.6.5 - 2016-10-24
  • 4.6.4 - 2016-10-17
  • 4.6.3 - 2016-10-06
  • 4.6.2 - 2016-10-01
  • 4.6.1 - 2016-09-20
  • 4.6.0 - 2016-09-02
  • 4.5.10 - 2016-08-23
  • 4.5.9 - 2016-08-14
  • 4.5.8 - 2016-08-01
  • 4.5.7 - 2016-07-25
  • 4.5.6 - 2016-07-23
  • 4.5.5 - 2016-07-18
  • 4.5.4 - 2016-07-11
  • 4.5.3 - 2016-07-01
  • 4.5.2 - 2016-06-25
  • 4.5.1 - 2016-06-18
  • 4.5.0 - 2016-06-13
  • 4.4.20 - 2016-06-05
  • 4.4.19 - 2016-05-21
  • 4.4.18 - 2016-05-21
  • 4.4.17 - 2016-05-13
  • 4.4.16 - 2016-05-09
  • 4.4.15 - 2016-05-06
  • 4.4.14 - 2016-04-27
  • 4.4.13 - 2016-04-21
  • 4.4.12 - 2016-04-08
  • 4.4.11 - 2016-04-03
  • 4.4.10 - 2016-03-24
  • 4.4.9 - 2016-03-23
  • 4.4.8 - 2016-03-18
  • 4.4.7 - 2016-03-11
  • 4.4.6 - 2016-03-03
  • 4.4.5 - 2016-02-24
  • 4.4.4 - 2016-02-17
  • 4.4.3 - 2016-02-09
  • 4.4.2 - 2016-02-05
  • 4.4.1 - 2016-02-03
  • 4.4.0 - 2016-02-02
  • 4.3.7 - 2016-01-23
  • 4.3.6 - 2016-01-15
  • 4.3.5 - 2016-01-09
  • 4.3.4 - 2015-12-23
  • 4.3.3 - 2015-12-18
  • 4.3.2 - 2015-12-17
  • 4.3.1 - 2015-12-11
  • 4.3.0 - 2015-12-09
  • 4.2.10 - 2015-12-08
  • 4.2.9 - 2015-12-02
  • 4.2.8 - 2015-11-25
  • 4.2.7 - 2015-11-20
  • 4.2.6 - 2015-11-16
  • 4.2.5 - 2015-11-09
  • 4.2.4 - 2015-11-02
from <a href="https://github.com/Automattic/mongoose/releases">mongoose GitHub release notes</a>
Commit messages
Package name: mongoose
  • 62e2ff6 Merge pull request #5740 from AyushG3112/addFields-aggregate-feature
  • 8632e79 feat(model): report validation errors from `insertMany()` if using `ordered: false` and `rawResult: true`
  • 8d09a20 Added test cases for #5706
  • b73af8d Merge branch 'master' of https://github.com/wlingke/mongoose
  • a51e1f5 fix(connection): handle no cb correctly for connection helpers
  • f008895 chore: bump lockfile
  • f02641c test(populate): repro #5737
  • 1d87987 fix(populate): handle slice projections correctly when automatically selecting populated fields
  • 9e3427a fix(document): catch sync errors in document pre hooks and report as error
  • b9ab446 refactor(test): remove unnecessary code
  • 3b4211e test(query): repro #5744
  • 85821d9 fix(query): correctly handle `$in` and required for $pull and update validators
  • 9c709e1 refactor: reduce number of array accesses
  • 411db61 fix: remove typo that was breaking tests
  • ee01370 Merge pull request #5766 from wlingke/master
  • 4d9d71b test(discriminator): fix tests re: #5757
  • ae78242 chore: release 4.12.5
  • c83b416 chore: fix date
  • 65cc909 chore: now working on 4.12.6
  • 4138ce5 chore: bump lockfile
  • 43fb086 test(schema): repro #5752
  • f43a984 fix(schema): make clone() copy query helpers correctly
  • b9c2d3a Merge branch 'master' into 4.13
  • 9b0525b Merge branch '4.13' into 1939
  • 2068a4b refactor: get rid of weird setFunction, just use $set internally re: [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 #1939
  • 01bf209 feat(schema): allow using set as a schema path
  • a980af8 Merge pull request #5748 from Automattic/5337
  • 5ec995c chore: disable travis email spam
  • 64fd968 fix: undeprecate `ensureIndex()` and use it by default
  • 65df02e style: fix lint
  • 9153ae4 chore: release 4.12.6
  • a48219b chore: now working on 4.12.7
  • 4348fa1 Merge branch 'master' into 4.13
  • 06f260b Merge pull request #5771 from Automattic/4.13
  • ca7e915 chore: release 4.13.0
  • d373c81 chore: now working on 4.13.1
  • 4ff5f52 test(document): repro #5780
  • e8a29bb fix(document): pass default array as actual array rather than taking first element
  • 14eb80a test(model): repro #5765
  • f147176 fix(model): cast query option to geoNear()
  • 9665a04 style: fix lint re: #5765
  • d284104 refactor(test): remove duplicate 2.4 checks re: #5765
  • a12d282 test(query): repro #5775
  • 2adf1f3 fix(query): don't explicitly project in discriminator key if user projected in parent path
  • c40b313 test(query): repro #5737
  • c93fdae fix(query): don't treat projection with just $slice as inclusive
  • 3771f49 refactor(query): move selectedInclusively() into separate helper
  • 77c543d Accept multiple paths or array of paths to depopulate
  • 3b07c00 Use old school ES5 just in case
  • ab668da test(model): repro #5779
  • 060fcdf fix(model): increment version when $set-ing it in a save() that requires a version bump
  • 54d9189 Merge pull request #5798 from adamreisnz/patch-1
  • b4cf78f fix(hooks): defer applying embedded discriminator hooks until top-level model is compiled
  • bb6a64e docs(discriminator): add warning to always attach hooks before calling discriminator()
  • a7eeab1 chore: release 4.13.1
  • 2b61adf chore: add missing comment for docs build
  • d6e1458 chore: now working on 4.13.2
  • 22befbb docs: fix capitalization issue
  • 83abbad docs: update release-items.md
  • a43d6dc update markdown
  • e67d1f3 Add a check for node js 8
  • 68b1d2a test(document): repro #5530
  • 910e8b2 chore: bump lockfile
  • 89d2f3d feat(buffer): add support for subtype prop
  • 836decf Merge pull request #5808 from superheri/update-markdown
  • 3e7497f chore: release 4.13.2
  • 95e548e chore: now working on 4.13.3
  • 2ed278a fixed applyHooks for recursive embedded discriminators
  • 93eb3aa added test for recursive embedded discriminators
  • d5fd152 fixed typo in test
  • dce067b test(document): repro #5807
  • 20fc0ab fix(document): don't apply transforms to nested docs when updating already saved doc
  • 9bb9fe4 Merge pull request #5818 from superheri/travis
  • 3c9a5c1 fixed variables in test
  • 484e32b another typo
  • 76da92e added subevent test
  • 62d09b0 Add node 9 in travis allowing failures
  • 8e5bd8b chore: now working on 4.13.3
  • a0ee8d8 chore: now working on 4.13.4
  • 2f2782e Grammar fixes to `unique` FAQ
  • a813dd2 Merge pull request #5821 from Faibk/master
  • f6960da Merge pull request #5823 from mfluehr/patch-1
  • 001f98b Merge pull request #5822 from superheri/travis_node9
  • 22d4657 fix(aggregate): add `.pipeline()` helper to get the current pipeline
  • bb840f5 fix(aggregate): add chainable .option() helper for setting arbitrary options
  • aa675e7 chore: release 4.13.4
  • 754db14 fix(model): allow virtual ref function to return arrays
  • 69f4ced fix trailing spaces
  • 0b13451 fix trailing spaces
  • 4fcf4ee chore: now working on 4.13.5
  • 3597079 chore: remove allow_failures for node 9 on travis
  • 07d8edb test(document): repro #5703
  • 6535373 fix(document): support calling `populate()` on nested document props
  • 743c42c test(query): repro #5812
  • 80731fd fix(query): don't throw uncaught error if query filter too big
  • 93ea193 test(document): repro #5800
  • 82c615c fix(document): if setting unselected nested path, don't overwrite nested path
  • ad69054 Merge pull request #5834 from brunohcastro/fix/virtual-ref
  • d1f6691 Add link to bufferCommands
  • 6e6a845 Merge pull request [Snyk-test] Fix for 1 vulnerable dependencies #1 from ralphite/guide-link-patch
  • 1ffc38d fix "TypeError: Cannot read property 'options' of undefined" error that stops actual error from being thrown
  • 48aeccc Merge branch '4.13'
  • e061881 docs(faq): add faq re: typeKey
  • d5d7c1e Merge pull request #5844 from ralphite/master
  • dc19eac Merge pull request #5845 from Michael77/master
  • fe0d1c5 docs(query): add more detailed docs re: options
  • 38131d4 Merge pull request #5344 from c0d0g3n/master
  • edca051 style: fix lint
  • e318882 chore: release 4.13.5
  • a122191 chore: now working on 4.13.6
  • 16a41e5 chore: bump lockfile
  • 3a88543 docs(query): correct function signature for .mod() helper
  • 5e279f4 test(update): repro #5839
  • 4d4dfa1 fix(update): make upsert option consistently handle truthy values, not just booleans, for updateOne()
  • cbab4ca Added strictBool option to schema
  • a9be7dc docs: make Document $markValid() public re: #5826
  • f46e033 refactor: remove unnecessary constructor check
  • a3fd08c Added check for missing model parameter
  • 0de9867 test(query): repro [Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 #1698
  • 5c547ad fix(query): report ObjectParameterError when passing non-object as filter to find() and findOne()
  • 7dc384c Merge pull request #5856 from ekulabuhov/master
  • 5c159d7 chore: release 4.13.6
  • d3bb122 chore: now working on 4.13.7
  • 50aafb6 chore: bump lockfile
  • d0d2d5f test(model): repro [Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 #2037
  • d90100e fix(model): throw error when passing non-object to create()
  • 4a1e474 fix(Mongoose): fix connection setter
  • 23c8dd0 fix(types): handle Decimal128 when using bson-ext on server side
  • 7e4077d test(document): repro #4991
  • 7b42c15 fix(document): ensure projection with only $slice isn't treated as inclusive for discriminators
  • f4c06e5 docs(middleware): suggest using `return next()` to stop middleware execution
  • 9897aaf fix: eachAsync - Treat reject() as a Promise rejection
  • a11c05e docs(middleware): some cleanup re: #5866
  • 83d9a98 docs(connection): improve connection string query param docs
  • cc84026 refactor: add isDefiningProjection helper re: #5881
  • 7c355b0 test(discriminator): repro #5859
  • 107b838 fix(discriminator): don't treat $meta as defining projection when querying
  • 4f1e1a0 refactor(document): use isDefiningProjection() helper instead of checking for $meta and $slice everywhere
  • 1c3e210 test: fix tests re: #5881
  • 5025a4e test(document): repro #5861
  • eb2c337 fix(document): run validate hooks on array subdocs even if not directly modified
  • e2e38e5 Merge pull request #5871 from jinasonlin/master
  • 580b2d5 chore: more consistent copy
  • 2ecf938 Merge pull request #5875 from ZacharyRSmith/fix/eachAsync
  • e044fde Update schematypes.jade
  • 8de8c84 Merge pull request #5889 from gokaygurcan/patch-1
  • e5fbd01 chore: release 4.13.7
  • 722d0ab chore: now working on 4.13.8
  • 1996a06 chore: bump lockfile
  • ed8e874 test(populate): repro #5858
  • 4e64596 fix(populate): use correct model with discriminators + nested populate
  • ccec46f fix: propagate lean options to child schemas
  • a159115 Grammar change: it's --> its
  • f59defb refactor: fix a few tests re: #5891
  • 6da0c52 Merge pull request #5927 from abagh0703/patch-1
  • 41ff691 chore: bump nsp
  • fb21c07 Revert "chore: bump nsp"
  • e179034 docs(README): add recommended import syntax
  • 3b6eec3 docs(guide): use more up-to-date syntax for autoIndex example
  • 96cfbb8 chore: release 4.13.8
  • 941efb4 chore: now working on 4.13.9
  • d82c6f3 chore: bump lockfile
  • efa7339 chore: update Makefile and release-items for 5.0 release
  • a50a050 docs: add missing fn name for docs build
  • fb93c16 docs: add missing @method
  • 9b04e53 docs: add missing @method
  • a1c9d76 chore: backport #5951 to 4.x
  • 4a54649 chore: bump lockfile
  • f397363 docs: use useMongooseAggCursor for aggregate docs
  • 5bf49c1 fix: upgrade mongodb -> 2.2.34
  • 9fea218 chore: release 4.13.9
  • ee6433b chore: now working on 4.13.10
  • b19aa23 docs(query+aggregate): add more detail re: maxTimeMS
  • d7232de docs(model+query): add lean() option to Model helpers
  • 718e777 docs(schema): improve description of .indexes()
  • 07feb5a docs(connections): clarify multi-mongos with useMongoClient for 4.x docs
  • ac2c662 test(populate): repro #5970
  • 7677cf3 fix(populate): handle populating embedded discriminator paths
  • 7a0b15f style: fix lint
  • bff15e3 chore: get rid of gemnasium and codementor badges
  • 0ff2f94 Added unit test for setting default values with timestamps.
  • c28ce33 refactor: move test from #6024
  • 51511af Merge branch '4.x' into 5970
  • 5b78dba fix(populate): make getSchemaTypes() handle embedded discriminators without a ref
  • cb48835 style: fix lint
  • b4b59c4 Merge pull request #6022 from Automattic/5970
  • b510cb9 fix(populate): dedupe model names with embedded discriminators
  • a5b3899 test: repro #5842
  • 31b84f0 fix: use lazy loading to avoid browserDocument edge case
  • 940ccc8 style: fix lint
  • b716e73 style: fix lint
  • 82ea3e8 chore: release 4.13.10
  • b447d65 chore: now working on 4.13.11
  • ca194cc chore: add release script that uses --tag for npm publish for 4.x releases
  • 6d2963c test: use exec instead of execSync() for #5842 test for node 0.10
  • 3660092 docs: fix links in 4.x docs
  • f86ddcf chore: release 4.13.11
  • 617fb47 chore: use legacy instead of 4.x
  • 0290187 chore: now working on 4.13.12
  • 36b2f3f fix(discriminator): don't copy `discriminators` property from base schema
  • 1ed41ab chore: now working on 4.x
  • 3e54723 fix url in useMongoClient error message
  • cfad53b Merge pull request #6219 from lineus/docs-6217
  • 2be24f4 fix: support callback with createConnection() and useMongoClient
  • 5f142bd test(document): repro #6223
  • c6295cb fix(document): make virtual get() return undefined instead of null if no getters
  • cd2a15a chore: release 4.13.12
  • 06cca17 add fix for #6439 to 4.x
  • 48f1fc3 remove co for compatibility
  • a61f4d7 Merge pull request #6467 from lineus/fix-6439-v4
  • 4219ded chore: bump lodash devDependency for security
  • 67701e2 chore: bump async re: security vulnerability with lodash
  • 94b1147 chore: release 4.13.13
  • 4d3dea5 chore: now working on 4.13.14
  • 9f866fc test(model): repro #6484
  • 833cc14 fix(model): handle retainKeyOrder option in findOneAndUpdate()
  • 471cadc chore: release 4.13.14
  • ce7fb11 feat(error): add version number to VersionError
  • 84dffc3 test(model): correct test pending value to prevent ci failure
  • 5484542 test(document): fix near sphere test for #4014
  • f2a4a5b test(connection): increase delay to make sure driver give up reconnection
  • c8d0258 chore: fix file permission modified by WSL
  • 127c750 test(connection): adjust delay time to improve ci pass rate
  • df958a9 resolve cherry-pick conflict
  • 6af5f0b test(populate): fix flaky test for #5602
  • 453f472 test(populate): fix flaky test for #5737
  • 0e0dba0 Merge pull request #6852 from hellodigit/4.x-version-number-errors
  • 0e8f016 Merge pull request #6853 from Fonger/4.x-ci-improve
  • 754a4e9 chore: add test/files to npmignore+gitignore for 4.x
  • 953a846 fix(mongoose): add global `usePushEach` option for easier Mongoose 4.x + MongoDB 3.6
  • 631f476 chore: release 4.13.15
  • 7ba0068 feat(error): add modified paths to VersionError
  • 5046cef fix str spacing
  • a738273 Merge pull request #6928 from hellodigit/4.x-modifiedpaths-pr
  • a3b98f6 fix(document): disallow setting __proto__ if strict mode false
  • df93f5b chore: release 4.13.16
  • b33d8c2 style: fix lint
  • fb8b644 fix(document): disallow setting constructor and prototype if strict mode false
  • 4545d44 chore: release 4.13.17
  • 2370f97 chore: now working on 4.13.18
  • 0e1772f test(document): repro #7302
  • 29f6709 fix(model): handle setting populated path set via `Document#populate()`
  • edf70e4 fix(cast): backport fix from #7290 to 4.x
  • c8b8720 style: fix lint
  • 8c75e9b chore: dont run nsp
  • 75daf18 chore: release 4.13.18
  • d9a2027 fix bug: Using options in aggregates doesn't set anything
  • b10cc98 rename aggregation option test
  • 2aeeaa8 Merge pull request #7950 from cdimitroulas/backport-aggregate-options-bugfix
  • f51c4aa chore: release 4.13.19

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant