Skip to content

Commit c75b70d

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps-dev): bump mongoose from 6.12.9 to 6.13.6 (#216)
Bumps [mongoose](https://github.com/Automattic/mongoose) from 6.12.9 to 6.13.6. e notes</summary> <p><em>Sourced from <a href="https://github.com/Automattic/mongoose/releases">mongoose's releases</a>.</em></p> <blockquote> <h1>6.13.6 / 2025-01-13</h1> <ul> <li>fix: disallow nested $where in populate match</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md">mongoose's changelog</a>.</em></p> <blockquote> <h1>6.13.6 / 2025-01-13</h1> <ul> <li>fix: disallow nested $where in populate match CVE-2025-23061</li> </ul> <h1>8.9.4 / 2025-01-09</h1> <ul> <li>fix(document): fix document not applying manual populate when using a function in schema.options.ref <a href="https://redirect.github.com/Automattic/mongoose/issues/15138">#15138</a> <a href="https://github.com/IchirokuXVI">IchirokuXVI</a></li> <li>fix(model): make Model.validate() static correctly cast document arrays <a href="https://redirect.github.com/Automattic/mongoose/issues/15169">#15169</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15164">#15164</a></li> <li>fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation <a href="https://redirect.github.com/Automattic/mongoose/issues/15161">#15161</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15156">#15156</a></li> <li>fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator <a href="https://redirect.github.com/Automattic/mongoose/issues/15142">#15142</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15120">#15120</a></li> <li>types: avoid BufferToBinary&lt;&gt; wiping lean types when passed to generic functions <a href="https://redirect.github.com/Automattic/mongoose/issues/15160">#15160</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15158">#15158</a></li> <li>docs: fix <code>&lt;code&gt;</code> in header ids <a href="https://redirect.github.com/Automattic/mongoose/issues/15159">#15159</a></li> <li>docs: fix header in field-level-encryption.md <a href="https://redirect.github.com/Automattic/mongoose/issues/15137">#15137</a> <a href="https://github.com/damieng">damieng</a></li> </ul> <h1>8.9.3 / 2024-12-30</h1> <ul> <li>fix(schema): make duplicate index error a warning for now to prevent blocking upgrading <a href="https://redirect.github.com/Automattic/mongoose/issues/15135">#15135</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15112">#15112</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15109">#15109</a></li> <li>fix(model): handle document array paths set to non-array values in Model.castObject() <a href="https://redirect.github.com/Automattic/mongoose/issues/15124">#15124</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15075">#15075</a></li> <li>fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas <a href="https://redirect.github.com/Automattic/mongoose/issues/15131">#15131</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15071">#15071</a></li> <li>fix(model): avoid throwing unnecessary error if updateOne() returns null in save() <a href="https://redirect.github.com/Automattic/mongoose/issues/15126">#15126</a></li> <li>perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs <a href="https://redirect.github.com/Automattic/mongoose/issues/15136">#15136</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/10449">#10449</a></li> <li>types: make BufferToBinary avoid Document instances <a href="https://redirect.github.com/Automattic/mongoose/issues/15123">#15123</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15122">#15122</a></li> <li>types(model+query): avoid stripping out virtuals when calling populate with paths generic <a href="https://redirect.github.com/Automattic/mongoose/issues/15132">#15132</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15111">#15111</a></li> <li>types(schema): add missing removeIndex <a href="https://redirect.github.com/Automattic/mongoose/issues/15134">#15134</a></li> <li>types: add cleanIndexes() to IndexManager interface <a href="https://redirect.github.com/Automattic/mongoose/issues/15127">#15127</a></li> <li>docs: move search endpoint to netlify <a href="https://redirect.github.com/Automattic/mongoose/issues/15119">#15119</a></li> </ul> <h1>8.9.2 / 2024-12-19</h1> <ul> <li>fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name <a href="https://redirect.github.com/Automattic/mongoose/issues/15112">#15112</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15109">#15109</a></li> <li>fix(map): clean modified subpaths when overwriting values in map of subdocs <a href="https://redirect.github.com/Automattic/mongoose/issues/15114">#15114</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15108">#15108</a></li> <li>fix(aggregate): pull session from transaction local storage for aggregation cursors <a href="https://redirect.github.com/Automattic/mongoose/issues/15094">#15094</a> <a href="https://github.com/IchirokuXVI">IchirokuXVI</a></li> <li>types: correctly handle union types in BufferToBinary and related helpers <a href="https://redirect.github.com/Automattic/mongoose/issues/15103">#15103</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15102">#15102</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15057">#15057</a></li> <li>types: add UUID to RefType <a href="https://redirect.github.com/Automattic/mongoose/issues/15115">#15115</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15101">#15101</a></li> <li>docs: remove link to Mongoose 5.x docs from dropdown <a href="https://redirect.github.com/Automattic/mongoose/issues/15116">#15116</a></li> <li>docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() <a href="https://redirect.github.com/Automattic/mongoose/issues/15113">#15113</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15107">#15107</a></li> </ul> <h1>8.9.1 / 2024-12-16</h1> <ul> <li>fix(connection): remove heartbeat check in load balanced mode <a href="https://redirect.github.com/Automattic/mongoose/issues/15089">#15089</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15042">#15042</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/14812">#14812</a></li> <li>fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs <a href="https://redirect.github.com/Automattic/mongoose/issues/15099">#15099</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15088">#15088</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15092">#15092</a></li> <li>fix(model): handle discriminators in castObject() <a href="https://redirect.github.com/Automattic/mongoose/issues/15096">#15096</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15075">#15075</a></li> <li>fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call <a href="https://redirect.github.com/Automattic/mongoose/issues/15093">#15093</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15056">#15056</a></li> <li>fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc <a href="https://redirect.github.com/Automattic/mongoose/issues/15080">#15080</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15048">#15048</a></li> <li>fix(document+schema): improve error message for get() on invalid path <a href="https://redirect.github.com/Automattic/mongoose/issues/15098">#15098</a> <a href="https://redirect.github.com/Automattic/mongoose/issues/15071">#15071</a></li> <li>docs: remove more callback doc references &amp; some small other changes <a href="https://redirect.github.com/Automattic/mongoose/issues/15095">#15095</a></li> </ul> <h1>8.9.0 / 2024-12-13</h1> <ul> <li>feat: upgrade mongodb -&gt; 6.12</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Automattic/mongoose/commit/e59e342e5d01bfeee31c5d5c796745315ecf0fa9"><code>e59e342</code></a> chore: release 6.13.6</li> <li><a href="https://github.com/Automattic/mongoose/commit/64a9f9706f2428c49e0cfb8e223065acc645f7bc"><code>64a9f97</code></a> fix: disallow nested $where in populate match</li> <li><a href="https://github.com/Automattic/mongoose/commit/15bdccf78ca96c85038346c2ceccb934b1c54f40"><code>15bdccf</code></a> chore: release 6.13.5</li> <li><a href="https://github.com/Automattic/mongoose/commit/33679bcf8ca43d74e3e8ecd4cc224826772d805b"><code>33679bc</code></a> fix: disallow using $where in match</li> <li><a href="https://github.com/Automattic/mongoose/commit/22210b12edf6180fa4f0958ac3d2cd4f4c020793"><code>22210b1</code></a> chore: release 6.13.4</li> <li><a href="https://github.com/Automattic/mongoose/commit/d21a239328acccf8e9ed15d3743c90a95e3841b5"><code>d21a239</code></a> Merge pull request <a href="https://redirect.github.com/Automattic/mongoose/issues/15043">#15043</a> from Automattic/vkarpov15/<a href="https://redirect.github.com/Automattic/mongoose/issues/15039">gh-15039</a></li> <li><a href="https://github.com/Automattic/mongoose/commit/68377ff4e3c80f9fb261c651cc4b7f49944436ae"><code>68377ff</code></a> fix: save execution stack in query as string</li> <li><a href="https://github.com/Automattic/mongoose/commit/6fbe9f0e79d57566ea2b9e9370ce1c9d091ea856"><code>6fbe9f0</code></a> Merge pull request <a href="https://redirect.github.com/Automattic/mongoose/issues/14998">#14998</a> from markstos/UT-8434-doc-strict-query-flipflop</li> <li><a href="https://github.com/Automattic/mongoose/commit/3e3dc2e140dd72de5a7b26d70577df0ea018b22a"><code>3e3dc2e</code></a> docs: clarify strictQuery default will flip-flop in &quot;Migrating to 6.x&quot;</li> <li><a href="https://github.com/Automattic/mongoose/commit/d98b2e7796d6d72ccf21f70d79f3e46d3b14a22f"><code>d98b2e7</code></a> docs: Add missing closing tag for Lodash entry.</li> <li>Additional commits viewable in <a href="https://github.com/Automattic/mongoose/compare/6.12.9...6.13.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mongoose&package-manager=npm_and_yarn&previous-version=6.12.9&new-version=6.13.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx-js/network/alerts). </details>
1 parent 8fe7386 commit c75b70d

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

packages/node-opentelemetry/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@
7979
"knex": "^3.1.0",
8080
"koa": "^2.15.3",
8181
"mongodb": "^6.6.2",
82-
"mongoose": "^6.12.8",
82+
"mongoose": "^6.13.6",
8383
"mysql": "^2.18.1",
8484
"mysql2": "^3.9.7",
8585
"pg": "^8.11.5",

yarn.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10884,10 +10884,10 @@ mongodb@^6.6.2:
1088410884
bson "^6.7.0"
1088510885
mongodb-connection-string-url "^3.0.0"
1088610886

10887-
mongoose@^6.12.8:
10888-
version "6.12.9"
10889-
resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-6.12.9.tgz#13480bdc5420f07c2e0f3841aa489f83a64e395f"
10890-
integrity sha512-/2eOuoTC4Bl1xk1GWvpHeSbBW0RX+8bPrfCT2sBpndGjC+f4tbZ3NVKIv9CvQNXw7rl7Wrl5G1g4r+UKHPqXoQ==
10887+
mongoose@^6.13.6:
10888+
version "6.13.6"
10889+
resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-6.13.6.tgz#5f90f1bfd470a30a5fcb06e88bdc3ae47fbe6dd4"
10890+
integrity sha512-1c5NBoiJ+n7wBVaifBsFVSnVkCB/m6IfnZh6ppnyQVLTtK99mS37nfW/ytnoftIcu1ITvRDgzgOj5H2fPX5ezw==
1089110891
dependencies:
1089210892
bson "^4.7.2"
1089310893
kareem "2.5.1"

0 commit comments

Comments
 (0)