[Snyk] Upgrade mongoose from 5.11.16 to 5.12.5

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.12.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2021-04-19.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.12.5 - 2021-04-19
  

  chore: release 5.12.5

• 5.12.4 - 2021-04-15
  

  chore: release 5.12.4

• 5.12.3 - 2021-03-31
  

  chore: release 5.12.3

• 5.12.2 - 2021-03-22
  

  chore: release 5.12.2

• 5.12.1 - 2021-03-18
  

  chore: release 5.12.1

• 5.12.0 - 2021-03-11
  

  5.12

• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 98519de chore: release 5.12.5
• d5b7e25 docs: update license copyright
• 937cb24 fix(populate): handle populating underneath document array when document array property doesn't exist in db
• 95f8fe7 docs(mongoose): make `useCreateIndex` always `false` in docs
• 61d24d4 fix(index.d.ts): allow passing array of aggregation pipeline stages to `updateOne()` and `updateMany()`
• 998ef54 fix(populate): clear out dangling pointers to populated docs so query cursor with populate() can garbage collect populated subdocs
• e2b7553 fix(index.d.ts): support legacy 2nd param callback syntax for `deleteOne()`, `deleteMany()`
• c90140f fix(index.d.ts): allow `any` for `$push` to allow `$push` with positional operator
• dad2e20 fix(connection): pull correct `autoCreate` value from Mongoose global when creating new model before calling `connect()`
• 7b2b1bf fix(populate): handle populating paths on documents with discriminator keys that point to non-existent discriminators
• 854374b docs(schema): fix incorrect links from schema API docs
• 6d962f4 fix(index.d.ts): allow numbers as discriminator names
• 86524c7 fix(index.d.ts): allow `type: Boolean` in Schema definitions
• 725d6c6 chore: release 5.12.4
• a302ba6 Merge pull request #10119 from Automattic/gh-10068
• 00d836d Merge branch 'master' into gh-10068
• f5a3a01 linter fix
• 1a77624 Merge pull request #10137 from Automattic/quick-shave
• 245ef23 Merge branch 'master' into gh-10068
• c919931 made requested changes
• 2736bcf removed a redundant if statement
• 7ec2c7c might have fixed it
• 39fb5b3 Merge pull request #10131 from AbdelrahmanHafez/gh-10126
• 6c42fec fix spread for node 4

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message