[Snyk] Security upgrade mongoose from 7.0.3 to 7.3.4

[dogukankutluay]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-MONGOOSE-5777721	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• 0cb0757 chore: release 7.3.4
• aef309e Merge branch '6.x'
• e9eb8ab chore: release 6.11.3
• 688da8f test: fix flakey tests, remove test for #9597 because it affects global state and fails intermittently on deno
• 4f264a8 test: fix tests re: #13317
• 9616af7 fix(schema): correctly handle uuids with populate()
• 305ce4f fix: avoid prototype pollution on init
• 90d84fd chore: release 7.3.3
• 82b9c3c style: fix lint
• 02699fa Merge branch 'vkarpov15/avoid-prototype-pollution'
• 2188458 Merge pull request #13577 from Automattic/vkarpov15/gh-13529
• e94ca23 Merge pull request #13589 from Automattic/vkarpov15/gh-13582
• 1a998e2 Merge pull request #13588 from Automattic/vkarpov15/gh-13575
• cc722a1 test: add coverage for constructor properties
• e29578d fix: avoid prototype pollution on init
• 422dff4 perf: avoid adding all doc array subpaths when 1 path is modified
• eb9a4f7 fix(document): clean up all array subdocument modified paths on save()
• 8b8f37b types: apply suggested alternative handling for TOverrides = any
• 79a4bda Merge branch 'master' into vkarpov15/gh-13529
• 22b1e25 fix(populate): correctly set `populatedModelSymbol` on documents populated using `Model.populate()`
• b336ed8 chore: release 7.3.2
• 7ad5eef Merge pull request #13579 from Automattic/vkarpov15/gh-13531
• c01cff6 Merge pull request #13581 from hasezoey/updateDev
• 7b3b027 chore(dev-deps): bump mkdirp from 2.1.3 to 3.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
dogukankutluay	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 18, 2023 0:10am