wkylin
[Snyk] Security upgrade mongoose from 7.6.4 to 8.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- api/package.json
- api/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 |
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongoose
The new version differs by 129 commits.- 5821568 chore: release 8.0.0
- 3f850ce docs: add version support notes for Mongoose 8, including EOL date for Mongoose 6
- db92dd9 Merge pull request #14004 from hasezoey/fixwebsite
- 68166bf chore(scripts/website): fix script to correctly parse "-rc" like versions
- c28cffe chore: release 8.0.0-rc0
- 4280457 Merge pull request #13937 from Automattic/8.0
- 502ec4b Merge pull request #13990 from Automattic/vkarpov15/gh-13897
- 572e018 chore: add 8.0.0-rc0 changelog
- b567ec6 feat: upgrade to MongoDB driver 6.2.0
- 9e9ad37 Merge branch 'master' into 8.0
- d3d2ec4 docs(migrating_to_8): add note about #13897 to migration guide
- 8d61a7d Merge branch '8.0' into vkarpov15/gh-13897
- f923f6c Merge pull request #13989 from Automattic/vkarpov15/gh-13578
- 30888e3 test: fix typescript tests
- ce66e23 fix lint
- 8fe5c36 docs: fix lint
- c7f110e docs(migrating_to_8): add note about `overwrite` to migration guide
- d6cd1db test: fix a couple of failing tests
- 84ac690 Merge branch '8.0' into vkarpov15/gh-13578
- c5b16fe test: add additional assert re: code review comment
- b630afb docs(migrating_to_8): add missing issues to migration guide
- eefe935 Merge branch 'master' into 8.0
- 4a2cb0b types(models): make all properties to Model constructor optional
- f6ed0eb refactor: remove remaining usage of `overwrite` option
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| pro-react-admin | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Feb 12, 2024 3:57am |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
PR摘要
-
更新了
mongoose依赖 在api/package.json文件中,我们将mongoose的版本从7.6.4更新到了8.0.0。这意味着我们的数据库操作将得到改进和优化,软件的整体运行效率可能会有所提高。
![what-the-diff[bot] avatar](https://avatars.githubusercontent.com/in/242248?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
0 New issues
Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}