[Snyk] Upgrade mongoose from 5.11.16 to 5.13.3

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.13.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 24 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-07-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.13.3 - 2021-07-16
  

  chore: release 5.13.3

• 5.13.2 - 2021-07-03
  

  chore: release 5.13.2

• 5.13.1 - 2021-07-02
  

  chore: release 5.13.1

• 5.13.0 - 2021-06-28
  

  chore: release 5.13.0

• 5.12.15 - 2021-06-25
  

  chore: release 5.12.15

• 5.12.14 - 2021-06-15
  

  chore: release 5.12.14

• 5.12.13 - 2021-06-04
  

  chore: release 5.12.13

• 5.12.12 - 2021-05-28
  

  chore: release 5.12.12

• 5.12.11 - 2021-05-24
• 5.12.10 - 2021-05-18
• 5.12.9 - 2021-05-13
• 5.12.8 - 2021-05-10
• 5.12.7 - 2021-04-29
• 5.12.6 - 2021-04-27
• 5.12.5 - 2021-04-19
• 5.12.4 - 2021-04-15
• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 3924628 chore: release 5.13.3
• 88a32fe Merge pull request #10442 from semirturgay/gh-broken-defaults
• 66fd25f fix(timestamps): apply timestamps when creating new subdocs with `$addToSet` and with positional operator
• c6a646c test(timestamps): repro #10447
• 169f9e1 fix(schema): allow calling `Schema#loadClass()` with class that has a static getter with no setter
• acd262c test(schema): repro #10436
• 16b6a37 fix(model): avoid throwing error when `bulkSave()` called on a document with no changes
• c1ce3c9 test(model): repro #9673
• ad8ca76 fix(index.d.ts): allow passing ResultType generic to `Schema#path()`
• 34d2796 fix(index.d.ts): add `discriminator()` for single nested subdocs to type definitions
• ed1bffb Merge pull request #10452 from DouglasGabr/master
• 5edb25d fix(index.d.ts): consistently use NativeDate instead of Date for Date validators and timestamps functions
• 982a389 fix(types): remove discriminator type requirement
• a22c908 fix(model): fixing model defaults for embedded objects
• 6250841 chore: update opencollective sponsors
• c01685a Merge pull request #10440 from AbdelrahmanHafez/patch-10
• ac545ef test(model): cover applying object defaults
• ca34cfa bump native driver to 3.6.10
• e1fcf29 chore: update opencollective sponsors
• c03cacb chore: release 5.13.2
• 4482592 style: fix lint
• 1159631 chore: allow @ types/node 14.x
• 726ce8b fix: hardcode @ types/node version for now to avoid breaking changes from feat(node): v16 DefinitelyTyped/DefinitelyTyped#53669
• d250ddc fix(index.d.ts): allow using `type: Date` with Date paths in SchemaDefinitionType

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message