[Snyk] Upgrade mongoose from 5.9.11 to 5.13.3

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.9.11 to 5.13.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 79 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-07-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1050858	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.13.3 - 2021-07-16
  

  chore: release 5.13.3

• 5.13.2 - 2021-07-03
  

  chore: release 5.13.2

• 5.13.1 - 2021-07-02
  

  chore: release 5.13.1

• 5.13.0 - 2021-06-28
  

  chore: release 5.13.0

• 5.12.15 - 2021-06-25
  

  chore: release 5.12.15

• 5.12.14 - 2021-06-15
  

  chore: release 5.12.14

• 5.12.13 - 2021-06-04
  

  chore: release 5.12.13

• 5.12.12 - 2021-05-28
  

  chore: release 5.12.12

• 5.12.11 - 2021-05-24
• 5.12.10 - 2021-05-18
• 5.12.9 - 2021-05-13
• 5.12.8 - 2021-05-10
• 5.12.7 - 2021-04-29
• 5.12.6 - 2021-04-27
• 5.12.5 - 2021-04-19
• 5.12.4 - 2021-04-15
• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12
• 5.11.15 - 2021-02-03
• 5.11.14 - 2021-01-28
• 5.11.13 - 2021-01-20
• 5.11.12 - 2021-01-14
• 5.11.11 - 2021-01-08
• 5.11.10 - 2021-01-04
• 5.11.9 - 2020-12-28
• 5.11.8 - 2020-12-14
• 5.11.7 - 2020-12-10
• 5.11.6 - 2020-12-09
• 5.11.5 - 2020-12-07
• 5.11.4 - 2020-12-04
• 5.11.3 - 2020-12-03
• 5.11.2 - 2020-12-02
• 5.11.1 - 2020-12-01
• 5.11.0 - 2020-11-30
• 5.10.19 - 2020-11-30
• 5.10.18 - 2020-11-29
• 5.10.17 - 2020-11-27
• 5.10.16 - 2020-11-25
• 5.10.15 - 2020-11-16
• 5.10.14 - 2020-11-12
• 5.10.13 - 2020-11-06
• 5.10.12 - 2020-11-04
• 5.10.11 - 2020-10-26
• 5.10.10 - 2020-10-23
• 5.10.9 - 2020-10-09
• 5.10.8 - 2020-10-05
• 5.10.7 - 2020-09-24
• 5.10.6 - 2020-09-18
• 5.10.5 - 2020-09-11
• 5.10.4 - 2020-09-09
• 5.10.3 - 2020-09-03
• 5.10.2 - 2020-08-28
• 5.10.1 - 2020-08-26
• 5.10.0 - 2020-08-14
• 5.9.29 - 2020-08-13
• 5.9.28 - 2020-08-07
• 5.9.27 - 2020-07-31
• 5.9.26 - 2020-07-27
• 5.9.25 - 2020-07-17
• 5.9.24 - 2020-07-13
• 5.9.23 - 2020-07-10
• 5.9.22 - 2020-07-06
• 5.9.21 - 2020-07-01
• 5.9.20 - 2020-06-22
• 5.9.19 - 2020-06-15
• 5.9.18 - 2020-06-05
• 5.9.17 - 2020-06-02
• 5.9.16 - 2020-05-25
• 5.9.15 - 2020-05-18
• 5.9.14 - 2020-05-13
• 5.9.13 - 2020-05-08
• 5.9.12 - 2020-05-04
• 5.9.11 - 2020-04-30

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 3924628 chore: release 5.13.3
• 88a32fe Merge pull request #10442 from semirturgay/gh-broken-defaults
• 66fd25f fix(timestamps): apply timestamps when creating new subdocs with `$addToSet` and with positional operator
• c6a646c test(timestamps): repro #10447
• 169f9e1 fix(schema): allow calling `Schema#loadClass()` with class that has a static getter with no setter
• acd262c test(schema): repro #10436
• 16b6a37 fix(model): avoid throwing error when `bulkSave()` called on a document with no changes
• c1ce3c9 test(model): repro #9673
• ad8ca76 fix(index.d.ts): allow passing ResultType generic to `Schema#path()`
• 34d2796 fix(index.d.ts): add `discriminator()` for single nested subdocs to type definitions
• ed1bffb Merge pull request #10452 from DouglasGabr/master
• 5edb25d fix(index.d.ts): consistently use NativeDate instead of Date for Date validators and timestamps functions
• 982a389 fix(types): remove discriminator type requirement
• a22c908 fix(model): fixing model defaults for embedded objects
• 6250841 chore: update opencollective sponsors
• c01685a Merge pull request #10440 from AbdelrahmanHafez/patch-10
• ac545ef test(model): cover applying object defaults
• ca34cfa bump native driver to 3.6.10
• e1fcf29 chore: update opencollective sponsors
• c03cacb chore: release 5.13.2
• 4482592 style: fix lint
• 1159631 chore: allow @ types/node 14.x
• 726ce8b fix: hardcode @ types/node version for now to avoid breaking changes from feat(node): v16 DefinitelyTyped/DefinitelyTyped#53669
• d250ddc fix(index.d.ts): allow using `type: Date` with Date paths in SchemaDefinitionType

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs