[Snyk] Upgrade mongoose from 8.2.0 to 8.6.2

[arenault-pass]

Snyk has created this PR to upgrade mongoose from 8.2.0 to 8.6.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.

• The recommended version was released on 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-WS-7266574	646	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	646	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	646	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	646	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	646	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646	Proof of Concept
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	646	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289	646	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	646	Proof of Concept
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	646	No Known Exploit

Release notes

Package name: mongoose

• 8.6.2 - 2024-09-11
  

  8.6.2 / 2024-09-11

  • fix: make set merge deeply nested objects #14870 #14861 ianHeydoc
  • types: allow arbitrary keys in query filters again (revert #14764) #14874 #14863 #14862 #14842
  • types: make SchemaType static setters property accessible in TypeScript #14881 #14879
  • type(inferrawdoctype): infer Date types as JS dates rather than Mongoose SchemaType Date #14882 #14839
• 8.6.1 - 2024-09-03
  

  8.6.1 / 2024-09-03

  • fix(document): avoid unnecessary clone() in applyGetters() that was preventing getters from running on 3-level deep subdocuments #14844 #14840 #14835
  • fix(model): throw error if bulkSave() did not insert or update any documents #14837 #14763
  • fix(cursor): throw error in ChangeStream constructor if changeStreamThunk() throws a sync error #14846
  • types(query): add $expr to RootQuerySelector #14845
  • docs: update populate.md to fix missing match: { } #14847 makhoulshbeeb
• 8.6.0 - 2024-08-28
  

  8.6.0 / 2024-08-28

  • feat: upgrade mongodb -> 6.8.0, handle throwing error on closed cursor in Mongoose with MongooseError instead of MongoCursorExhaustedError #14813
  • feat(model+query): support options parameter for distinct() #14772 #8006
  • feat(QueryCursor): add getDriverCursor() function that returns the raw driver cursor #14745
  • types: change query selector to disallow unknown top-level keys by default #14764 alex-statsig
  • types: make toObject() and toJSON() not generic by default to avoid type widening #14819 #12883
  • types: avoid automatically inferring lean result type when assigning to explicitly typed variable #14734
• 8.5.5 - 2024-08-28
• 8.5.4 - 2024-08-23
• 8.5.3 - 2024-08-13
• 8.5.2 - 2024-07-30
• 8.5.1 - 2024-07-12
• 8.5.0 - 2024-07-08
• 8.4.5 - 2024-07-05
• 8.4.4 - 2024-06-25
• 8.4.3 - 2024-06-17
• 8.4.2 - 2024-06-17
• 8.4.1 - 2024-05-31
• 8.4.0 - 2024-05-17
• 8.3.5 - 2024-05-15
• 8.3.4 - 2024-05-06
• 8.3.3 - 2024-04-29
• 8.3.2 - 2024-04-16
• 8.3.1 - 2024-04-08
• 8.3.0 - 2024-04-03
• 8.2.4 - 2024-03-28
• 8.2.3 - 2024-03-21
• 8.2.2 - 2024-03-15
• 8.2.1 - 2024-03-04
• 8.2.0 - 2024-02-22

from mongoose GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"mongoose","from":"8.2.0","to":"8.6.2"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EJS-6689533","issue_id":"SNYK-JS-EJS-6689533","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Control of Dynamically-Managed Code Resources"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","issue_id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":319,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"}],"prId":"f9f6a3b8-141f-4c08-8128-341807743e59","prPublicId":"f9f6a3b8-141f-4c08-8128-341807743e59","packageManager":"npm","priorityScoreList":[482,696,589,646,265,559,646,319],"projectPublicId":"597f791c-c192-46a3-91b9-565ac2ff1b69","projectUrl":"https://app.snyk.io/org/axelrenault92/project/597f791c-c192-46a3-91b9-565ac2ff1b69?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728","SNYK-JS-TAR-6476909","SNYK-JS-EJS-6689533","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-IP-7148531","SNYK-JS-SERVESTATIC-7926865"],"upgradeInfo":{"versionsDiff":25,"publishedDate":"2024-09-11T19:02:15.973Z"},"vulns":["SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728","SNYK-JS-TAR-6476909","SNYK-JS-EJS-6689533","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-IP-7148531","SNYK-JS-SERVESTATIC-7926865"]}'