From 14b175bd92f313b3b84b434a030c4544dd22f5fd Mon Sep 17 00:00:00 2001
From: pathei-kosmos <63155388+pathei-kosmos@users.noreply.github.com>
Date: Fri, 15 Jul 2022 17:42:56 +0200
Subject: [PATCH] added sanitizeFilter() to mongoose.set() options

---
 lib/index.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/index.js b/lib/index.js
index 69bd2de280f..480afd45b2c 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -204,6 +204,7 @@ Mongoose.prototype.setDriver = function setDriver(driver) {
  * - 'overwriteModels': Set to `true` to default to overwriting models with the same name when calling `mongoose.model()`, as opposed to throwing an `OverwriteModelError`.
  * - 'returnOriginal': If `false`, changes the default `returnOriginal` option to `findOneAndUpdate()`, `findByIdAndUpdate`, and `findOneAndReplace()` to false. This is equivalent to setting the `new` option to `true` for `findOneAndX()` calls by default. Read our [`findOneAndUpdate()` tutorial](/docs/tutorials/findoneandupdate.html) for more information.
  * - 'runValidators': `false` by default. Set to true to enable [update validators](/docs/validation.html#update-validators) for all validators by default.
+ * - 'sanitizeFilter': `false` by default. Set to true to enable the [sanitization of the query filters](/docs/api.html#mongoose_Mongoose-sanitizeFilter) against query selector injection attacks by wrapping any nested objects that have a property whose name starts with `$` in a `$eq`.
  * - 'selectPopulatedPaths': `true` by default. Set to false to opt out of Mongoose adding all fields that you `populate()` to your `select()`. The schema-level option `selectPopulatedPaths` overwrites this one.
  * - 'strict': `true` by default, may be `false`, `true`, or `'throw'`. Sets the default strict mode for schemas.
  * - 'strictQuery': same value as 'strict' by default (`true`), may be `false`, `true`, or `'throw'`. Sets the default [strictQuery](/docs/guide.html#strictQuery) mode for schemas.