[Snyk] Upgrade mongoose from 7.4.5 to 7.6.8

[ladunjexa]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 7.4.5 to 7.6.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-01-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29
• 7.4.5 - 2023-08-25

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• ac9af5b docs: add unnecessary lookahead fix to changelog
• 6ffb123 chore: release 7.6.8
• 7248bdf Merge branch '6.x' into 7.x
• 2d68983 chore: release 6.12.5
• b4e3b2f Merge pull request #14213 from Automattic/vkarpov15/gh-14024
• 0960fae types(document): add ignoreAtomics option to isModified typedefs re: #14024
• f7e9816 docs(document): add ignoreAtomics option to docs
• e3c12cf types(model): add missing strict and timestamps options to bulkWrite() re: #8778
• f37b4f2 Merge pull request #14226 from Automattic/vkarpov15/gh-14205
• b286b02 fix: also allow setting nested field to undefined re: #14205
• 6d526cd fix(document): allow setting nested path to `null`
• 403a28e fix: add ignoreAtomics option to isModified() for better backwards compatibility with Mongoose 5
• 3e60145 perf(schema): remove unnecessary lookahead in numeric subpath check
• 8e141d1 perf(schema): remove unnecessary lookahead in numeric subpath check
• 3a015f9 Merge pull request #14202 from Automattic/vkarpov15/gh-14162
• 94de74f Merge pull request #14206 from Automattic/vkarpov15/gh-14177
• 50b0078 style: remove unnecessary comment
• 4b77619 Merge branch '7.x' into vkarpov15/gh-14177
• 485f155 test: fix deno tests
• 0e7ec7f test: try closing change stream to avoid test failure
• 0199c8b fix(ChangeStream): avoid suppressing errors in closed change stream
• e182fe5 Merge pull request #14198 from Automattic/vkarpov15/gh-14178
• dabb2cf style: fix lint
• e4f4c32 fix(discriminator): handle reusing schema with embedded discriminators defined using Schema.prototype.discriminator

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nextjs13-threads	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 14, 2024 11:20pm