[Snyk] Upgrade mongoose from 7.5.0 to 7.8.2

[programadorisgod]

Snyk has created this PR to upgrade mongoose from 7.5.0 to 7.8.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2024-09-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.8.2 - 2024-09-25
  

  chore: release 7.8.2

• 7.8.1 - 2024-08-19
• 7.8.0 - 2024-07-23
• 7.7.0 - 2024-06-18
• 7.6.13 - 2024-06-05
• 7.6.12 - 2024-05-21
• 7.6.11 - 2024-04-11
• 7.6.10 - 2024-03-13
• 7.6.9 - 2024-02-26
• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 3ede837 chore: release 7.8.2
• 5ebe00a Merge pull request #14894 from Automattic/vkarpov15/gh-14893
• bd4440a fix(projection): also handle value objects in isInclusive
• 062016e fix(projection): avoid setting projection to unknown exclusive/inclusive if elemMatch on a Date, ObjectId, etc.
• 3cfd3f6 Merge branch '6.x' into 7.x
• becd799 chore: release 6.13.2
• abedf3c Merge pull request #14878 from Automattic/vkarpov15/gh-14861
• 3910527 fix lint
• 9178805 fix: backport #14870 to 6.x
• fe17056 try fixing deno test
• 2c4b0d5 pin @ sinonjs/fake-timers version for node 12
• b6ab66f chore: release 6.13.1
• 0deb234 docs: highlight idSetter as a breaking change in changelog re: https://github.com/Automattic/mongoose/commit/32a84b7a65cca90c1355ce6cd218f89a92ce1e4d#commitcomment-145631235
• 6cb5571 Merge pull request #14822 from hasezoey/fixremove7x
• 98e4ae9 docs(subdocs): fix invalid header id link
• f4ee4ae docs(middleware): update some more "remove" related notes
• 9dcd8aa chore: release 7.8.1
• 343a1d3 Merge pull request #14811 from Automattic/vkarpov15/gh-14810
• b446a2e docs(mongoose): remove out-of-date callback-based example for `mongoose.connect()`
• 87fb382 add id setter to changelog re: #13517
• 91612bb Revert "Update cast.js"
• fdc7c7e Merge pull request #14761 from Automattic/vkarpov15/gh-14755-backport
• e8b0933 chore: release 7.8.0
• 0c11d12 fix(query): handle casting $switch in $expr

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs