[Snyk] Security upgrade mongoose from 5.6.9 to 5.13.9

[eliorpaz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• 07946be chore: release v5.13.9
• 264554f fix: upgrade to mpath v0.8.4 re: security issue
• fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
• 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
• 1dc9b45 style: fix lint
• 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
• b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 2a3399e docs: another layout fix for 5.x docs
• 5bf3c29 chore: update makefile again
• 191678c chore: update makefile re: #10607
• 776fae9 docs: fix up 5.x docs navbar
• a803885 test(typescript): add coverage for #10590
• bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
• cb1e787 chore: release 5.13.8
• 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
• 6122f4b docs(api): add `Document#$where` to API docs
• 2871c1b style: fix lint
• 8d00f62 Merge pull request #10587 from osmanakol/master
• 57e729b allow QueryOptions populate parameter use PopulateOptions
• 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
• e90aab1 docs(History): make a note about #10555
• fca0627 style: fix lint
• 6b92599 fix(populate): handle populating subdoc array virtual with sort
• 283d43f test(populate): repro #10552

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
myClass	✅ Ready (Inspect)	Visit Preview	Jun 14, 2022 at 11:31AM (UTC)