[Snyk] Upgrade mongoose from 5.12.0 to 6.0.5

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.12.0 to 6.0.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 34 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2021-09-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 6.0.5 - 2021-09-06
  

  chore: release 6.0.5

• 6.0.4 - 2021-09-01
  

  chore: release 6.0.4

• 6.0.3 - 2021-08-30
  

  chore: release 6.0.3

• 6.0.2 - 2021-08-26
  

  chore: release 6.0.2

• 6.0.1 - 2021-08-25
  

  chore: release 6.0.1

• 6.0.0 - 2021-08-24
  

  chore: release 6.0.0

• 6.0.0-rc2 - 2021-08-23
• 6.0.0-rc1 - 2021-08-12
• 6.0.0-rc0 - 2021-08-03
• 5.13.9 - 2021-09-06
  

  chore: release v5.13.9

• 5.13.8 - 2021-08-23
• 5.13.7 - 2021-08-11
• 5.13.6 - 2021-08-09
• 5.13.5 - 2021-07-30
• 5.13.4 - 2021-07-28
• 5.13.3 - 2021-07-16
• 5.13.2 - 2021-07-03
• 5.13.1 - 2021-07-02
• 5.13.0 - 2021-06-28
• 5.12.15 - 2021-06-25
• 5.12.14 - 2021-06-15
• 5.12.13 - 2021-06-04
• 5.12.12 - 2021-05-28
• 5.12.11 - 2021-05-24
• 5.12.10 - 2021-05-18
• 5.12.9 - 2021-05-13
• 5.12.8 - 2021-05-10
• 5.12.7 - 2021-04-29
• 5.12.6 - 2021-04-27
• 5.12.5 - 2021-04-19
• 5.12.4 - 2021-04-15
• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• c23a004 chore: release 6.0.5
• ddce6fb Merge pull request #10681 from yogabonito/patch-2
• f4ccee1 Merge pull request #10680 from yogabonito/patch-1
• 8d0a551 chore: merge 5.x branch
• 07946be chore: release v5.13.9
• 264554f fix: upgrade to mpath v0.8.4 re: security issue
• 99edce7 Merge pull request #10679 from YC/master
• 7d5cc12 fix(model): allow calling `Model.validate()` static with POJO array
• 4d48869 fix(index.d.ts): allow using `$in` and `$nin` on array paths
• 5e59b01 fix(index.d.ts): make `_id` required in query results and return value from `create()`
• d36b8c2 DOC: fix typo in queries.md
• ee6eb8e DOC: fix typo in models.md
• bf27b70 ci: add test for ubuntu-20.04
• e00424c fix(setDefaultsOnInsert): avoid adding unnecessary auto `_id` to $setOnInsert
• 1987ea7 style: auto reformat of package.json
• 96a2b9b fix(map): propagate `flattenMaps` option down to nested maps
• 5853f87 test(map): repro #10653
• 90883e3 test: fix tests
• 8a5a6ad Merge branch '5.x'
• 5016197 test: fix tests
• fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
• f5905b1 Merge pull request #10673 from multiwebinc/patch-1
• 9eba474 Merge pull request #10666 from fluidblue/master
• 41e227a Update deprecations.md to reflect version 6

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs