[Snyk] Upgrade mongoose from 5.11.16 to 5.12.10

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.11.16 to 5.12.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-05-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MQUERY-1089718	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.12.10 - 2021-05-18
  

  chore: release 5.12.10

• 5.12.9 - 2021-05-13
  

  chore: release 5.12.9

• 5.12.8 - 2021-05-10
  

  chore: release 5.12.8

• 5.12.7 - 2021-04-29
  

  chore: release 5.12.7

• 5.12.6 - 2021-04-27
  

  chore: release 5.12.6

• 5.12.5 - 2021-04-19
  

  chore: release 5.12.5

• 5.12.4 - 2021-04-15
  

  chore: release 5.12.4

• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• e9b44e2 chore: release 5.12.10
• 07a527c fix(populate): handle populating embedded discriminator with custom tiedValue
• 4c7e5de test(populate): repro #10231
• 616be95 fix(document): allow passing space-delimited string of `pathsToValidate` to `validate()` and `validateSync()`
• 94291be style: fix lint
• 312df3d Merge pull request #10257 from Automattic/enhancement-10254
• c19ffca Merge pull request #10245 from Automattic/feat-7287
• 1c30add Merge pull request #10198 from HunterKohler/master
• 79a71cb fix(index.d.ts): use `$parent()` instead of `parent()` in TS definitions
• 1985c94 added comments
• 76af6e4 Update model.js
• 9321308 added $__collection
• 70340a2 made requested changes
• cbb6e32 Merge branch 'master' of github.com:Automattic/mongoose
• e61def3 fix(index.d.ts): add `any` to all query operators to minimize likelihood of "type instantiation is excessively deep" when querying docs with 4-level deep subdocs
• a7290de Merge pull request #10253 from Hysolate/improve-query-cursor-typing
• 6177c4c Merge pull request #10251 from Hysolate/fix-query-async-iterator-type
• 71c5dde ts: strictly typed query cursor async iterator
• a6af138 ts: fix query async iterator definition
• fc9706b update
• df55943 updated to work with older versions of node hopefully
• bffc126 docs: switch from AWS to Azure Functions for search
• e9a0e26 linter fix
• 35a8180 Update model.test.js

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message