Skip to content
This repository has been archived by the owner on Aug 12, 2023. It is now read-only.

Update dependency mongoose to v5.7.5 [SECURITY] #420

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency mongoose to v5.7.5 [SECURITY] #420

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 5, 2020
edited
Loading

This PR contains the following updates:

Package Type Update Change
mongoose (source) dependencies patch 5.7.4 -> 5.7.5

GitHub Vulnerability Alerts

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).

Release Notes

Automattic/mongoose

v5.7.5

Compare Source

==================

  • fix(query): delete top-level _bsontype property in queries to prevent silent empty queries #​8222
  • fix(update): handle subdocument pre('validate') errors in update validation #​7187
  • fix(subdocument): make subdocument#isModified use parent document's isModified #​8223
  • docs(index): add favicon to home page #​8226
  • docs: add schema options to API docs #​8012
  • docs(middleware): add note about accessing the document being updated in pre('findOneAndUpdate') #​8218
  • refactor: remove redundant code in ValidationError #​8244 AbdelrahmanHafez

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@codecov
Copy link

codecov bot commented Jun 5, 2020
edited
Loading

Codecov Report

Merging #420 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #420   +/-   ##
=======================================
  Coverage   63.56%   63.56%           
=======================================
  Files         136      136           
  Lines        1872     1872           
  Branches      192      192           
=======================================
  Hits         1190     1190           
  Misses        627      627           
  Partials       55       55

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b785ab7...5acaba0. Read the comment docs.

@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 2 times, most recently from 4fec392 to 5e7e70e Compare June 12, 2020 00:48
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 3 times, most recently from 165ffa9 to fbd8e32 Compare June 21, 2020 21:48
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 4 times, most recently from bef7ae7 to 59c887d Compare June 30, 2020 19:40
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 4 times, most recently from e4f88c0 to 0f3bfc1 Compare July 18, 2020 17:39
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 6 times, most recently from 507f5c2 to 5d0a554 Compare July 26, 2020 17:14
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 2 times, most recently from 100aa1b to 8be467d Compare August 2, 2020 09:53
@renovate renovate bot changed the title Update dependency mongoose to v5.7.5 [SECURITY] fix(deps): update dependency mongoose to v5.7.5 [security] Aug 2, 2020
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 2 times, most recently from 9ca7d63 to 05768fb Compare August 2, 2020 17:37
@renovate renovate bot changed the title fix(deps): update dependency mongoose to v5.7.5 [security] Update dependency mongoose to v5.7.5 [SECURITY] Aug 2, 2020
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 4 times, most recently from 9b9858a to 50c0fc2 Compare August 7, 2020 20:49
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 2 times, most recently from 21feaf0 to d8b6c6d Compare August 23, 2020 09:01
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch from d8b6c6d to 389e0f6 Compare September 5, 2020 17:29
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 5 times, most recently from 89783f5 to 7b08d1d Compare September 19, 2020 17:47
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 3 times, most recently from 289dd4d to c2ae505 Compare September 27, 2020 14:46
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 6 times, most recently from 9bdaf63 to d35564d Compare October 5, 2020 14:36
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 3 times, most recently from 2555fbb to 5f10971 Compare October 6, 2020 18:44
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch 8 times, most recently from 13e6e82 to 6bef637 Compare October 20, 2020 16:07
@renovate renovate bot force-pushed the renovate/npm-mongoose-vulnerability branch from 6bef637 to 5acaba0 Compare October 22, 2020 19:09
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot