build(deps): bump mongoose from 8.4.0 to 8.4.4

[dependabot]

Bumps mongoose from 8.4.0 to 8.4.4.

Release notes

Sourced from mongoose's releases.

8.4.4 / 2024-06-25

• perf: avoid unnecesary get() call and use faster approach for converting to string #14673 #14394
• fix(projection): handle projections on arrays in Model.hydrate() projection option #14686 #14680
• fix(document): avoid passing validateModifiedOnly to subdocs so subdocs get fully validating if they're directly modified #14685 #14677
• fix: handle casting primitive array with $elemMatch in bulkWrite() #14687 #14678
• fix(query): cast $pull using embedded discriminator schema when discriminator key is set in filter #14676 #14675
• types(connection): fix return type of withSession() #14690 tt-public
• types: add $documents pipeline stage and fix $unionWith type #14666 nick-statsig
• docs(findoneandupdate): improve example that shows findOneAndUpdate() returning doc before updates were applied #14671 #14670

8.4.3 / 2024-06-17

• fix: remove 0x flamegraph files from release

8.4.2 / 2024-06-17

• perf: more toObject() perf improvements #14623 #14606 #14394
• fix(model): check the value of overwriteModels in options when calling discriminator() #14646 uditha-g
• fix: avoid throwing TypeError when deleting an null entry on a populated Map #14654 futurliberta
• fix(connection): fix up some inconsistencies in operation-end event and add to docs #14659 #14648
• types: avoid inferring Boolean, Buffer, ObjectId as Date in schema definitions under certain circumstances #14667 #14630
• docs: add note about parallelism in transations #14647 fiws

8.4.1 / 2024-05-31

• fix: pass options to clone instead of get in applyVirtuals #14606 #14543 andrews05
• fix(document): fire pre validate hooks on 5 level deep single nested subdoc when modifying after save() #14604 #14591
• fix: ensure buildBulkWriteOperations target shard if shardKey is set #14622 #14621 matlpriceshape
• types: pass DocType down to subdocuments so HydratedSingleSubdocument and HydratedArraySubdocument toObject() returns correct type #14612 #14601

Changelog

Sourced from mongoose's changelog.

8.4.4 / 2024-06-25

• perf: avoid unnecesary get() call and use faster approach for converting to string #14673 #14394
• fix(projection): handle projections on arrays in Model.hydrate() projection option #14686 #14680
• fix(document): avoid passing validateModifiedOnly to subdocs so subdocs get fully validating if they're directly modified #14685 #14677
• fix: handle casting primitive array with $elemMatch in bulkWrite() #14687 #14678
• fix(query): cast $pull using embedded discriminator schema when discriminator key is set in filter #14676 #14675
• types(connection): fix return type of withSession() #14690 tt-public
• types: add $documents pipeline stage and fix $unionWith type #14666 nick-statsig
• docs(findoneandupdate): improve example that shows findOneAndUpdate() returning doc before updates were applied #14671 #14670

8.4.3 / 2024-06-17

• fix: remove 0x flamegraph files from release

8.4.2 / 2024-06-17

• perf: more toObject() perf improvements #14623 #14606 #14394
• fix(model): check the value of overwriteModels in options when calling discriminator() #14646 uditha-g
• fix: avoid throwing TypeError when deleting an null entry on a populated Map #14654 futurliberta
• fix(connection): fix up some inconsistencies in operation-end event and add to docs #14659 #14648
• types: avoid inferring Boolean, Buffer, ObjectId as Date in schema definitions under certain circumstances #14667 #14630
• docs: add note about parallelism in transations #14647 fiws

8.4.1 / 2024-05-31

• fix: pass options to clone instead of get in applyVirtuals #14606 #14543 andrews05
• fix(document): fire pre validate hooks on 5 level deep single nested subdoc when modifying after save() #14604 #14591
• fix: ensure buildBulkWriteOperations target shard if shardKey is set #14622 #14621 matlpriceshape
• types: pass DocType down to subdocuments so HydratedSingleSubdocument and HydratedArraySubdocument toObject() returns correct type #14612 #14601

7.6.12 / 2024-05-21

• fix(array): avoid converting to $set when calling pull() on an element in the middle of the array #14531 #14502
• fix: bump mongodb driver to 5.9.2 #14561 lorand-horvath
• fix(update): cast array of strings underneath doc array with array filters #14605 #14595

Commits

• 633e4f4 chore: release 8.4.4
• f89868b Merge pull request #14690 from tt-public/feat/type-withsession
• 31111f2 Merge pull request #14687 from Automattic/vkarpov15/gh-14678
• 516464a Merge pull request #14686 from Automattic/vkarpov15/gh-14680
• c062b1f Merge pull request #14685 from Automattic/vkarpov15/gh-14677
• 8b05872 style: fix lint
• cc63f69 feat: fix return type of Connection.withSession
• 561a580 test: add type test for Connection.withSession
• 091c85d fix: handle casting primitive array with $elemMatch in bulkWrite()
• 36ea383 fix(projection): handle projections on arrays in Model.hydrate() projection...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/mongoose	8.4.4	🟢 7.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 10/13 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits
npm/mongoose	8.4.0	🟢 7.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 10/13 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits
npm/mongoose	^8.4.4	🟢 7.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 10/13 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits
npm/mongoose	^8.3.2	🟢 7.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 10/13 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits

Scanned Manifest Files

package-lock.json

• [email protected]
• [email protected]

package.json

• mongoose@^8.4.4
• mongoose@^8.3.2

[netlify]

✅ Deploy Preview for splendorous-snickerdoodle-0e3599 ready!

Name	Link
🔨 Latest commit	c5f0779
🔍 Latest deploy log	https://app.netlify.com/sites/splendorous-snickerdoodle-0e3599/deploys/66827eb54c670d00083628a1
😎 Deploy Preview	https://deploy-preview-117--splendorous-snickerdoodle-0e3599.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 79 Accessibility: 91 Best Practices: 92 SEO: 91 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dependabot]

Superseded by #123.