[Snyk] Upgrade mongoose from 5.11.16 to 5.12.6

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.12.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-04-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.12.6 - 2021-04-27
  

  chore: release 5.12.6

• 5.12.5 - 2021-04-19
  

  chore: release 5.12.5

• 5.12.4 - 2021-04-15
  

  chore: release 5.12.4

• 5.12.3 - 2021-03-31
  

  chore: release 5.12.3

• 5.12.2 - 2021-03-22
  

  chore: release 5.12.2

• 5.12.1 - 2021-03-18
  

  chore: release 5.12.1

• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 9723b42 chore: release 5.12.6
• 54fda61 fix(index.d.ts): allow any object as parameter to `create()` and `insertMany()`
• dca6ba7 chore: update opencollective sponsors
• 78386c1 chore: update opencollective sponsors
• fd586dc Merge pull request #10175 from michaln-q/gh-10147
• 1c7a459 Merge pull request #10167 from Automattic/gh-10083
• 97f851f fix(query): convert projection string values to numbers as a workaround for #10142
• aef649e fix(index.d.ts): change document.validateSync return type to ValidationError
• de0cdc4 refactor(populate): move logic that creates populate query filter into helper
• 53582a6 fix(populate): add `localField` filter to `$elemMatch` on virtual populate when custom `match` has a `$elemMatch` and `foreignField` is an array
• e00a2ba test(populate): repro #10117
• 124d8ef chore: update opencollective sponsors
• 0aab125 fix(populate): dedupe when virtual populate foreignField is an array to avoid duplicate docs in result
• 46ba888 test(populate): repro part of #10117
• 1eefd9e fix(index.d.ts): clarify that `eachAsync()` callback receives a single doc rather than array of docs unless `batchSize` is set
• 1ba4b56 chore: fix docs build
• bf85ae6 chore: update opencollective sponsors
• f96f702 fix(model): use `obj` as `context` in `Model.validate()` if `obj` is a document
• 9a34bf4 fix the writeConcern issue
• 9ca6c06 made requested changes
• 6860878 Merge branch 'master' of github.com:Automattic/mongoose
• 87b1707 fix: upgrade to [email protected] to work around transitive dev dependency security warning
• a773e78 fix failing test
• 10e3181 test: adjust writeConcern test

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message