[Snyk] Upgrade mongoose from 7.4.1 to 7.8.1

[surajit03]

Snyk has created this PR to upgrade mongoose from 7.4.1 to 7.8.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-08-19.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.8.1 - 2024-08-19
• 7.8.0 - 2024-07-23
• 7.7.0 - 2024-06-18
• 7.6.13 - 2024-06-05
• 7.6.12 - 2024-05-21
• 7.6.11 - 2024-04-11
• 7.6.10 - 2024-03-13
• 7.6.9 - 2024-02-26
• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29
• 7.4.5 - 2023-08-25
• 7.4.4 - 2023-08-22
• 7.4.3 - 2023-08-11
• 7.4.2 - 2023-08-03
• 7.4.1 - 2023-07-24

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 9dcd8aa chore: release 7.8.1
• 343a1d3 Merge pull request #14811 from Automattic/vkarpov15/gh-14810
• b446a2e docs(mongoose): remove out-of-date callback-based example for `mongoose.connect()`
• 87fb382 add id setter to changelog re: #13517
• fdc7c7e Merge pull request #14761 from Automattic/vkarpov15/gh-14755-backport
• e8b0933 chore: release 7.8.0
• 0c11d12 fix(query): handle casting $switch in $expr
• 5a71c3e Merge pull request #14742 from Automattic/vkarpov15/gh-13889-7.x
• e909e0b fix: support session: null option for save() to opt out of automatic session option with transactionAsyncLocalStorage; backport #14744
• 3f21bfa fix: backport #14743
• 378d115 Update types/mongooseoptions.d.ts
• b9deadb Update docs/transactions.md
• ec61900 feat: add transactionAsyncLocalStorage option to opt in to automatically setting session on all transactions
• 0c65a53 Merge pull request #14737 from hasezoey/7xFixQueryFind
• 1ced015 types(query): fix usage of "RawDocType" where "DocType" should be passed
• 061bb82 chore: release 7.7.0
• 0198236 types: remove duplicate key
• 7fdda33 Merge branch '6.x' into 7.x
• 53d382b chore: release 6.13.0
• 0f99e99 chore: release 7.6.13
• 7e6db5f types: cherry-pick #14612 back to 7.x and fix conflicts
• 40ec813 types: pass DocType down to subdocuments so `HydratedSingleSubdocument` and `HydratedArraySubdocument` `toObject()` returns correct type
• 7b6be47 Merge pull request #14645 from Automattic/vkarpov15/gh-13762-docs
• da126f4 docs(migrating_to_7): add id setter to Mongoose 7 migration guide

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs