build(deps): bump mongoose from 8.20.3 to 9.3.1

[dependabot]

Bumps mongoose from 8.20.3 to 9.3.1.

Release notes

Sourced from mongoose's releases.

9.3.1 / 2026-03-17

• fix(model): handle passing string projection to hydrate() #16082
• fix(model): fix bulkWrite() sorting #16079 #16080 pnkov
• fix(QueryCursor): fix wrong this context in QueryCursor close callback #16104 techcodie
• types(schema): infer schema options correctly for model context in statics #16046 #16102
• types(schema): fix type definition for HydratedDocType in autoTypedVirtuals #16083
• types(plugin): allow passing model with custom TStatics into Schema.prototype.plugin() #16090 #16086
• chore: use MongooseError instead of Error in schema, model, and aggregate #15995 mahmoodhamdi
• docs(projection): clean up jsdoc for parseProjection()

9.3.0 / 2026-03-10

• feat(schema): support discriminators option inline for better TypeScript support #16053
• feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
• feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
• fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
• fix(changeStream): emit ready on next tick to allow stream to initialize
• fix(connection): handle calling watch() on disconnected connection
• fix: remove references to mongodb option "promiseLibrary" hasezoey
• fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
• perf(model): remove unnecessary overhead when saving new doc
• types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
• types: add type constraints for Document#$model() and Document#model() mrazauskas
• docs: fix broken links and update MongoDB documentation links #16037 hasezoey
• docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

• types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
• types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
• docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
• docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

9.2.2 / 2026-02-23

• fix(document): make pathsToSave filter all update operators and preserve unsaved state #16027
• fix(setDefaultsOnInsert): check child filter paths before applying defaults, fix dot-notation handling, and prevent prototype pollution #16031 #16030
• fix(populate): make refPath work as a function, including map paths with $* #16035 #16028
• perf: optimize pathsToSave and indexed-path checks for subdocuments
• types: remove duplicate definition of UUIDToJSON type #16029
• docs(field-level-encryption): clarify crypt_shared library usage and move extraOptions under autoEncryption #16026 #16015
• test(types): introduce TSTyche for type testing #16024

9.2.1 / 2026-02-11

... (truncated)

Changelog

Sourced from mongoose's changelog.

9.3.1 / 2026-03-17

• fix(model): handle passing string projection to hydrate() #16082
• fix(model): fix bulkWrite() sorting #16079 #16080 pnkov
• fix(QueryCursor): fix wrong this context in QueryCursor close callback #16104 techcodie
• types(schema): infer schema options correctly for model context in statics #16046 #16102
• types(schema): fix type definition for HydratedDocType in autoTypedVirtuals #16083
• types(plugin): allow passing model with custom TStatics into Schema.prototype.plugin() #16090 #16086
• chore: use MongooseError instead of Error in schema, model, and aggregate #15995 mahmoodhamdi
• docs(projection): clean up jsdoc for parseProjection()

9.3.0 / 2026-03-10

• feat(schema): support discriminators option inline for better TypeScript support #16053
• feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
• feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
• fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
• fix(changeStream): emit ready on next tick to allow stream to initialize
• fix(connection): handle calling watch() on disconnected connection
• fix: remove references to mongodb option "promiseLibrary" hasezoey
• fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
• perf(model): remove unnecessary overhead when saving new doc
• types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
• types: add type constraints for Document#$model() and Document#model() mrazauskas
• docs: fix broken links and update MongoDB documentation links #16037 hasezoey
• docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

• types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
• types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
• docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
• docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

9.2.2 / 2026-02-23

• fix(document): make pathsToSave filter all update operators and preserve unsaved state #16027
• fix(setDefaultsOnInsert): check child filter paths before applying defaults, fix dot-notation handling, and prevent prototype pollution #16031 #16030
• fix(populate): make refPath work as a function, including map paths with $* #16035 #16028
• perf: optimize pathsToSave and indexed-path checks for subdocuments
• types: remove duplicate definition of UUIDToJSON type #16029
• docs(field-level-encryption): clarify crypt_shared library usage and move extraOptions under autoEncryption #16026 #16015
• test(types): introduce TSTyche for type testing #16024

9.2.1 / 2026-02-11

... (truncated)

Commits

• 88673cc chore: release 9.3.1
• 89ae6ec Merge pull request #16104 from techcodie/fix-query-cursor-close-context
• 1a6e317 Merge pull request #16102 from Automattic/vkarpov15/gh-16046-2
• 31bc5a1 Fix wrong this context in QueryCursor._read cursor.close callback
• 6a593e3 Merge pull request #16083 from mrazauskas/use-tstyche-assertions
• 6043037 Update virtuals type in autoTypedVirtuals function
• 81f96d3 Import mongoose alongside other mongoose types
• 6bd17b2 Fix type definition for HydratedDocType
• 8285600 Update type expectations for virtuals in tests
• c98dde6 types(schema): infer schema options correctly for model context in statics
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for mongoose since your current version.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
mongoose	[< 8.3, > 8.2.2]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)