[Snyk] Upgrade mongoose from 5.10.13 to 5.13.15

[snyk-bot]

Snyk has created this PR to upgrade mongoose from 5.10.13 to 5.13.15.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 59 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2022-08-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1050858	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1089718	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 5.13.15 - 2022-08-22
• 5.13.14 - 2021-12-27
• 5.13.13 - 2021-11-02
• 5.13.12 - 2021-10-19
• 5.13.11 - 2021-10-12
• 5.13.10 - 2021-10-05
• 5.13.9 - 2021-09-06
• 5.13.8 - 2021-08-23
• 5.13.7 - 2021-08-11
• 5.13.6 - 2021-08-09
• 5.13.5 - 2021-07-30
• 5.13.4 - 2021-07-28
• 5.13.3 - 2021-07-16
• 5.13.2 - 2021-07-03
• 5.13.1 - 2021-07-02
• 5.13.0 - 2021-06-28
• 5.12.15 - 2021-06-25
• 5.12.14 - 2021-06-15
• 5.12.13 - 2021-06-04
• 5.12.12 - 2021-05-28
• 5.12.11 - 2021-05-24
• 5.12.10 - 2021-05-18
• 5.12.9 - 2021-05-13
• 5.12.8 - 2021-05-10
• 5.12.7 - 2021-04-29
• 5.12.6 - 2021-04-27
• 5.12.5 - 2021-04-19
• 5.12.4 - 2021-04-15
• 5.12.3 - 2021-03-31
• 5.12.2 - 2021-03-22
• 5.12.1 - 2021-03-18
• 5.12.0 - 2021-03-11
• 5.11.20 - 2021-03-11
• 5.11.19 - 2021-03-05
• 5.11.18 - 2021-02-23
• 5.11.17 - 2021-02-17
• 5.11.16 - 2021-02-12
• 5.11.15 - 2021-02-03
• 5.11.14 - 2021-01-28
• 5.11.13 - 2021-01-20
• 5.11.12 - 2021-01-14
• 5.11.11 - 2021-01-08
• 5.11.10 - 2021-01-04
• 5.11.9 - 2020-12-28
• 5.11.8 - 2020-12-14
• 5.11.7 - 2020-12-10
• 5.11.6 - 2020-12-09
• 5.11.5 - 2020-12-07
• 5.11.4 - 2020-12-04
• 5.11.3 - 2020-12-03
• 5.11.2 - 2020-12-02
• 5.11.1 - 2020-12-01
• 5.11.0 - 2020-11-30
• 5.10.19 - 2020-11-30
• 5.10.18 - 2020-11-29
• 5.10.17 - 2020-11-27
• 5.10.16 - 2020-11-25
• 5.10.15 - 2020-11-16
• 5.10.14 - 2020-11-12
• 5.10.13 - 2020-11-06

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• ca7996b chore: release 5.13.15
• e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
• a1144dc test: run node 7 tests with upgraded npm re: #12297
• dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
• b9e985c test: more strict @ types/node version
• 4d813fa test: fix @ types/node version in tests re: #12297
• 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
• 5eb11dd made function non async
• 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
• a2ec28d Merge pull request #11366 from laissonsilveira/5.x
• 05ce577 Fix broken link from findandmodify method deprecation
• d2b846f chore: release 5.13.14
• 69c1f6c docs(models): fix up nModified example for 5.x
• 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
• a738440 chore: release 5.13.13
• 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
• c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
• ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
• d205c4d make value optional
• c6fd7f7 Fix ts types for query set
• 22e9b3b [gh-10902 v5] Add node major version to utils
• 5468642 [gh-10902 v5] Emit end event in before close
• 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
• b7ebeec Update mongodb driver to 3.7.3

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs