[Snyk] Upgrade mongoose from 7.3.0 to 7.6.9

[AbdulHakkam]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mongoose from 7.3.0 to 7.6.9.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mongoose

• 7.6.9 - 2024-02-26
  

  chore: release 7.6.9

• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29
• 7.4.5 - 2023-08-25
• 7.4.4 - 2023-08-22
• 7.4.3 - 2023-08-11
• 7.4.2 - 2023-08-03
• 7.4.1 - 2023-07-24
• 7.4.0 - 2023-07-18
• 7.3.4 - 2023-07-12
• 7.3.3 - 2023-07-11
• 7.3.2 - 2023-07-06
• 7.3.1 - 2023-06-21
• 7.3.0 - 2023-06-14

from mongoose GitHub release notes

Commit messages

Package name: mongoose

• 834c29f chore: release 7.6.9
• ca1cc92 Merge pull request #14364 from Automattic/vkarpov15/gh-14266
• 81e36d1 Update docs/connections.md
• 6950c96 docs(connections): add note about using `asPromise()` with `createConnection()` for error handling
• a6e4d18 style: fix lint
• 7f9406f types(query): improve findByIdAndDelete return type for query re: #14190
• 775aadf types(model): correct return type for findByIdAndDelete()
• 4939b01 Merge pull request #14264 from Automattic/vkarpov15/gh-14246
• cc80894 Update lib/model.js
• ee0d28f Update docs/tutorials/findoneandupdate.md
• 64fa470 docs(model+query+findoneandupdate): add more details about `overwriteDiscriminatorKey` option to docs
• 0faafcf Merge pull request #14256 from Automattic/vkarpov15/gh-14245
• d3e22af fix(document): handle embedded recursive discriminators on nested path defined using Schema.prototype.discriminator
• ac9af5b docs: add unnecessary lookahead fix to changelog
• 6ffb123 chore: release 7.6.8
• 7248bdf Merge branch '6.x' into 7.x
• 2d68983 chore: release 6.12.5
• b4e3b2f Merge pull request #14213 from Automattic/vkarpov15/gh-14024
• 0960fae types(document): add ignoreAtomics option to isModified typedefs re: #14024
• f7e9816 docs(document): add ignoreAtomics option to docs
• e3c12cf types(model): add missing strict and timestamps options to bulkWrite() re: #8778
• f37b4f2 Merge pull request #14226 from Automattic/vkarpov15/gh-14205
• b286b02 fix: also allow setting nested field to undefined re: #14205
• 6d526cd fix(document): allow setting nested path to `null`

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs