fix(deps): update dependency mongoose to v8 [security] #8127
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^6.11.3
->^8.0.0
Mongoose search injection vulnerability
CVE-2024-53900 / GHSA-m7xq-9374-9rvx
More information
Details
Mongoose before 8.8.3 can improperly use $where in match.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
Automattic/mongoose (mongoose)
v8.8.3
Compare Source
==================
v8.8.2
Compare Source
==================
v8.8.1
Compare Source
==================
v8.8.0
Compare Source
==================
__v
to lean() result type and ModifyResult #14990 #12959v8.7.3
Compare Source
==================
v8.7.2
Compare Source
==================
v8.7.1
Compare Source
==================
v8.7.0
Compare Source
==================
v8.6.4
Compare Source
==================
v8.6.3
Compare Source
==================
v8.6.2
Compare Source
==================
v8.6.1
Compare Source
==================
v8.6.0
Compare Source
==================
MongooseError
instead ofMongoCursorExhaustedError
#14813v8.5.5
Compare Source
==================
v8.5.4
Compare Source
==================
v8.5.3
Compare Source
==================
lean()
set #14799 #14794 #14759 MohOrabyv8.5.2
Compare Source
==================
v8.5.1
Compare Source
==================
v8.5.0
Compare Source
==================
v8.4.5
Compare Source
==================
v8.4.4
Compare Source
==================
v8.4.3
Compare Source
==================
v8.4.2
Compare Source
==================
v8.4.1
Compare Source
==================
v8.4.0
Compare Source
==================
v8.3.5
Compare Source
==================
v8.3.4
Compare Source
==================
#14546 #14536
v8.3.3
Compare Source
==================
v8.3.2
Compare Source
==================
v8.3.1
Compare Source
==================
v8.3.0
Compare Source
==================
v8.2.4
Compare Source
==================
v8.2.3
Compare Source
==================
v8.2.2
Compare Source
==================
v8.2.1
Compare Source
==================
v8.2.0
Compare Source
==================
hydratedPopulatedDocs
option to make hydrate recursively hydrate populated docs #14352 #4727v8.1.3
Compare Source
==================
toObject.versionKey
set to false #14344v8.1.2
Compare Source
==================
createCollections()
#14295 #14279v8.1.1
Compare Source
==================
v8.1.0
Compare Source
==================
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.