[Snyk] Upgrade mongoose from 5.11.16 to 5.12.3

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.12.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-03-31.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.12.3 - 2021-03-31
  

  chore: release 5.12.3

• 5.12.2 - 2021-03-22
  

  chore: release 5.12.2

• 5.12.1 - 2021-03-18
  

  chore: release 5.12.1

• 5.12.0 - 2021-03-11
  

  5.12

• 5.11.20 - 2021-03-11
  

  chore: release 5.11.20

• 5.11.19 - 2021-03-05
  

  chore: release 5.11.19

• 5.11.18 - 2021-02-23
  

  chore: release 5.11.18

• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• f8d2721 chore: release 5.12.3
• 58cad73 fix(connection): use queueing instead of event emitter for `createCollection()` and other helpers to avoid event emitter warning
• 5382408 fix(index.d.ts): add `transform` to PopulateOptions interface
• dca1d70 Merge branch 'master' of github.com:Automattic/mongoose
• 2648088 fix(index.d.ts): add DocumentQuery type for backwards compatibility
• 966770f Merge pull request #10063 from Automattic/gh-10044
• 9e4a083 style: fix lint
• f3cd3a8 chore: use variable instead of function
• f24953c fix(query): add `writeConcern()` method to avoid writeConcern deprecation warning
• 7d2e9c9 chore: upgrade mquery -> 3.2.5 re: Security Fix for Prototype Pollution - huntr.dev mongoosejs/mquery#121
• d1a9a1e made requested changes
• cf1b666 Merge pull request #10078 from pezzu/master
• 2aef528 Merge pull request #10062 from Automattic/gh-10025
• 452c77c Fixes #10072
• c9bfb30 Update model.indexes.test.js
• 6f0133a removed comments
• 9e98cd8 Merge pull request #10055 from emrebass/patch-1
• 1c20044 Merge pull request #10054 from coro101/add-discriminator-type
• 4e74ea7 TIL that includes() is also not supported in all browsers
• f231d7b should work and is designed to handle multiple text fields
• c4897f9 TIL Object.values in not supported on all browsers
• 391ecec collation not added to text indexes
• 7a93c16 linter fix
• 6deb668 fix: connection ids are now scoped

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message