[Snyk] Upgrade mongoose from 7.3.4 to 7.5.3

[jonasdamher]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 7.3.4 to 7.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-09-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Information Exposure SNYK-JS-MONGODB-5871303	424/1000 Why? Has a fix available, CVSS 4.2	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	424/1000 Why? Has a fix available, CVSS 4.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.5.3 - 2023-09-25
  

  7.5.3 / 2023-09-25

  • fix(document): handle MongoDB Long when casting BigInts #13869 #13791
  • fix(model): make bulkSave() persist changes that happen in pre('save') middleware #13885 #13799
  • fix: handle casting $elemMatch underneath $not underneath another $elemMatch #13893 #13880
  • fix(model): make bulkWrite casting respect global setDefaultsOnInsert #13870 #13823
  • fix(document): handle default values for discriminator key with embedded discriminators #13891 #13835
  • fix: account for null values when assigning isNew property within document array #13883
  • types: avoid "interface can only extend object types with statically known members" error in TypeScript 4 #13871
  • docs(deprecations): fix typo in includeResultMetadata deprecation docs #13884 #13844
  • docs: fix pre element overflow in home page #13868 ghoshRitesh12
• 7.5.2 - 2023-09-15
  

  7.5.2 / 2023-09-15

  • fix(schema): handle number discriminator keys when using Schema.prototype.discriminator() #13858 #13788
  • fix: ignore id property when calling set() with both id and _id specified to avoid id setter overwriting #13762
  • types: pass correct document type to required and default function #13851 #13797
  • docs(model): add examples of using diffIndexes() to syncIndexes()and diffIndexes() api docs #13850 #13771
• 7.5.1 - 2023-09-11
  

  7.5.1 / 2023-09-11

  • fix: set default value for _update when no update object is provided and versionKey is set to false #13795 #13783 MohOraby
  • fix: avoid unexpected error when accessing null array element on discriminator array when populating #13716 ZSabakh
  • types(schematypes): use DocType for instance method this #13822 #13800 pshaddel
  • types: remove duplicated 'exists' method in Model interface in models.d.ts #13818 ohzeno
  • docs(model): replace outdated docs on deprecated findOneAndUpdate() overwrite option #13821 #13715
  • docs: add example of using virtuals.pathsToSkip option for toObject() and toJSON() #13798 RobertHunter-Pluto
• 7.5.0 - 2023-08-29
  

  7.5.0 / 2023-08-29

  • feat: use mongodb driver v5.18.1
  • feat: allow top level dollar keys with findOneAndUpdate(), update() for MongoDB 5 #13786
  • fix(document): make array getters avoid unintentionally modifying array, defer getters until index access instead #13774
  • feat: deprecate overwrite option for findOneAndUpdate() #13578
  • feat: add pathsToSkip option for Model.validate #13663 #10353
  • feat: support alias when declaring index #13659 #13276
  • fix(query): remove unnecessary check for atomic operators in findOneAndReplace() #13678
  • types: add SearchMeta Interface for Atlas Search #13792 mreouven
  • types(schematypes): add missing BigInt SchemaType #13787
• 7.4.5 - 2023-08-25
• 7.4.4 - 2023-08-22
• 7.4.3 - 2023-08-11
• 7.4.2 - 2023-08-03
• 7.4.1 - 2023-07-24
• 7.4.0 - 2023-07-18
• 7.3.4 - 2023-07-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 5a53e62 chore: release 7.5.3
• cb2c819 Merge pull request #13893 from Automattic/vkarpov15/gh-13880
• 3dc87cb fix: handle casting `$elemMatch` underneath `$not` underneath another `$elemMatch`
• d8429aa Merge pull request #13885 from Automattic/vkarpov15/gh-13799
• 9477860 style: fix lint
• eee5ac1 Merge pull request #13868 from ghoshRitesh12/master
• f9e5043 Merge branch 'master' into vkarpov15/gh-13799
• f4fc8a7 Merge pull request #13891 from Automattic/vkarpov15/gh-13835
• 97970cb fix: use consistent null check instead of falsy check
• 8b1e4e2 fix(document): handle default values for discriminator key with embedded discriminators
• 82bfa5b Merge pull request #13884 from Automattic/vkarpov15/gh-13844
• 1bed0c7 fix(model): make `bulkSave()` persist changes that happen in pre('save') middleware
• e5b6bbd docs(deprecations): fix typo in includeResultMetadata deprecation docs
• 699c8f8 Merge pull request #13883 from Automattic/IslandRhythms/gh-13859
• 813de4d Update document.js
• f8fa770 fix: 13859
• f2462a7 Merge pull request #13861 from Automattic/vkarpov15/cleaner-get-db-name
• c6e0665 Merge pull request #13870 from Automattic/vkarpov15/gh-13823
• 8776c4b Merge pull request #13871 from Automattic/vkarpov15/gh-13775
• 27ac3e6 Merge pull request #13869 from Automattic/vkarpov15/gh-13791
• f7b86c5 types: avoid "interface can only extend object types with statically known members" error in TypeScript 4
• d2e336e fix(model): make bulkWrite casting respect global setDefaultsOnInsert
• 3012413 fix(document): handle MongoDB Long when casting BigInts
• 582b30d docs: fix `pre` element overflow in home page

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs