[Snyk] Upgrade mongoose from 6.0.13 to 6.11.5

[Braineanear]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 6.0.13 to 6.11.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 84 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2023-08-01.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.11.5 - 2023-08-01
  

  chore: release 6.11.5

• 6.11.4 - 2023-07-17
  

  chore: release 6.11.4

• 6.11.3 - 2023-07-11
• 6.11.2 - 2023-06-08
• 6.11.1 - 2023-05-08
• 6.11.0 - 2023-05-01
• 6.10.5 - 2023-04-06
• 6.10.4 - 2023-03-21
• 6.10.3 - 2023-03-13
• 6.10.2 - 2023-03-07
• 6.10.1 - 2023-03-03
• 6.10.0 - 2023-02-22
• 6.9.3 - 2023-02-22
• 6.9.2 - 2023-02-16
• 6.9.1 - 2023-02-06
• 6.9.0 - 2023-01-25
• 6.8.4 - 2023-01-17
• 6.8.3 - 2023-01-06
• 6.8.2 - 2022-12-28
• 6.8.1 - 2022-12-19
• 6.8.0 - 2022-12-05
• 6.7.5 - 2022-11-30
• 6.7.4 - 2022-11-28
• 6.7.3 - 2022-11-22
• 6.7.2 - 2022-11-07
• 6.7.1 - 2022-11-02
• 6.7.0 - 2022-10-24
• 6.6.7 - 2022-10-21
• 6.6.6 - 2022-10-20
• 6.6.5 - 2022-10-05
• 6.6.4 - 2022-10-03
• 6.6.3 - 2022-09-30
• 6.6.2 - 2022-09-26
• 6.6.1 - 2022-09-14
• 6.6.0 - 2022-09-08
• 6.5.5 - 2022-09-07
• 6.5.4 - 2022-08-30
• 6.5.3 - 2022-08-25
• 6.5.2 - 2022-08-10
• 6.5.1 - 2022-08-03
• 6.5.0 - 2022-07-26
• 6.4.7 - 2022-07-25
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16
• 6.2.1 - 2022-02-07
• 6.2.0 - 2022-02-02
• 6.1.10 - 2022-02-01
• 6.1.9 - 2022-01-31
• 6.1.8 - 2022-01-24
• 6.1.7 - 2022-01-17
• 6.1.6 - 2022-01-10
• 6.1.5 - 2022-01-04
• 6.1.4 - 2021-12-27
• 6.1.3 - 2021-12-21
• 6.1.2 - 2021-12-15
• 6.1.1 - 2021-12-09
• 6.1.0 - 2021-12-07
• 6.0.15 - 2021-12-06
• 6.0.14 - 2021-11-29
• 6.0.13 - 2021-11-15

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• be5b7d5 chore: release 6.11.5
• d5784d8 Merge pull request #13682 from Automattic/vkarpov15/gh-13626-2
• 1a9f1b3 fix(document): correctly set index when casting subdocs for validation re: #13626
• 622fa1c Merge pull request #13671 from Automattic/vkarpov15/gh-13626
• d012888 fix(schema): make `Schema.prototype.clone()` avoid creating different copies of subdocuments and single nested paths underneath single nested paths
• 0d17ccb Merge pull request #13637 from Automattic/IslandRhythms/gh-13364-backport
• 1b09cb1 backported
• 20b030e chore: release 6.11.4
• 895bc32 Merge pull request #13614 from Automattic/vkarpov15/gh-13191-2
• b8ebe80 perf: speed up mapOfSubdocs benchmark by 4x by avoiding unnecessary O(n^2) loop in getPathsToValidate()
• dcc4c9a perf: some more small optimizations
• 69405b2 Merge branch '6.x' into vkarpov15/gh-13191-2
• e9eb8ab chore: release 6.11.3
• 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
• 4f264a8 test: fix tests re: #13317
• 9616af7 fix(schema): correctly handle uuids with populate()
• 305ce4f fix: avoid prototype pollution on init
• f143485 perf: couple of small micro-optimizations re: #13191
• 35e59eb docs: link to migrating to 6 in 6.x docs
• a28933e chore: release 6.11.2
• 3a6b0dd chore: use deno v1.34 in test for MMS HTTP issues
• f7c6d3e Merge pull request #13476 from Automattic/vkarpov15/gh-13453
• a1b7bb5 perf(schema): make some micro optimizations for casting subdocument paths
• 5552107 fix(cursor): allow find middleware to modify query cursor options

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs