Skip to content

fix(security): patch mongoose dependency vulnerabilities #1255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 7, 2025
Merged

fix(security): patch mongoose dependency vulnerabilities #1255

merged 8 commits into from
May 7, 2025

Conversation

arnaudbesnier
Copy link
Contributor

@arnaudbesnier arnaudbesnier commented Jan 30, 2025
edited
Loading

Definition of Done

General

  • Write an explicit title for the Pull Request, following Conventional Commits specification
  • Test manually the implemented changes
  • Validate the code quality (indentation, syntax, style, simplicity, readability)

Security

  • Consider the security impact of the changes made

@codeclimate CodeClimate
Copy link

codeclimate bot commented May 7, 2025

Code Climate has analyzed commit 9d6d6d0 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (98% is the threshold).

This pull request will bring the total coverage in the repository to 97.2%.

View more on Code Climate.

@realSpok realSpok merged commit a43af07 into main May 7, 2025
22 checks passed
@realSpok realSpok deleted the security/patch-mongoose-vulnerability-3 branch May 7, 2025 13:19
forest-bot added a commit that referenced this pull request May 7, 2025
@forest-bot
chore(release): [email protected] [skip ci]
d659b52 
## [1.13.23](https://github.com/ForestAdmin/agent-nodejs/compare/[email protected]@1.13.23) (2025-05-07)

### Bug Fixes

* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))
forest-bot added a commit that referenced this pull request May 7, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
0e72b98 
## [1.5.1](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-07)

### Bug Fixes

* **agent:** backup and restore stack properly when reload ([#1289](#1289)) ([7120857](7120857))
* **lazy join:** avoid crash when there is no filter to refine ([#1288](#1288)) ([52e0855](52e0855))
* prevent unauthorized live queries ([#1291](#1291)) ([fa1a56e](fa1a56e))
* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))

### Features

* **has-many:** allow user to retrieve data when primary key contains special characters ([#1287](#1287)) ([426e322](426e322))
* show a warning in case a mongoose relationship is omitted ([#1290](#1290)) ([93ed397](93ed397))
@forest-bot
Copy link
Member

🎉 This PR is included in version 1.12.42 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

forest-bot added a commit that referenced this pull request May 7, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
3b38d32 
## [1.12.1](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-07)

### Bug Fixes

* **agent:** backup and restore stack properly when reload ([#1289](#1289)) ([7120857](7120857))
* **lazy join:** avoid crash when there is no filter to refine ([#1288](#1288)) ([52e0855](52e0855))
* prevent unauthorized live queries ([#1291](#1291)) ([fa1a56e](fa1a56e))
* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))

### Features

* **has-many:** allow user to retrieve data when primary key contains special characters ([#1287](#1287)) ([426e322](426e322))
* show a warning in case a mongoose relationship is omitted ([#1290](#1290)) ([93ed397](93ed397))
@forest-bot
Copy link
Member

🎉 This PR is included in version 1.13.23 🎉

The release is available on [email protected]

Your semantic-release bot 📦🚀

@forest-bot
Copy link
Member

🎉 This PR is included in version 1.5.1 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

@forest-bot
Copy link
Member

🎉 This PR is included in version 1.12.1 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

forest-bot added a commit that referenced this pull request May 12, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
75766bb 
## [1.63.4](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-12)

### Bug Fixes

* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))
* **vulnerability:** bump superagent -> formidable ([#1294](#1294)) ([0a9ef9b](0a9ef9b))
forest-bot added a commit that referenced this pull request May 12, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
c571c66 
## [1.36.13](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-12)

### Bug Fixes

* **agent:** backup and restore stack properly when reload ([#1289](#1289)) ([7120857](7120857))
* **lazy join:** avoid crash when there is no filter to refine ([#1288](#1288)) ([52e0855](52e0855))
* prevent unauthorized live queries ([#1291](#1291)) ([fa1a56e](fa1a56e))
* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))
* **vulnerability:** bump superagent -> formidable ([#1294](#1294)) ([0a9ef9b](0a9ef9b))

### Features

* **has-many:** allow user to retrieve data when primary key contains special characters ([#1287](#1287)) ([426e322](426e322))
* show a warning in case a mongoose relationship is omitted ([#1290](#1290)) ([93ed397](93ed397))
@forest-bot
Copy link
Member

🎉 This PR is included in version 1.63.4 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

@forest-bot
Copy link
Member

🎉 This PR is included in version 1.36.13 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

forest-bot added a commit that referenced this pull request May 14, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
ac03618 
## [1.7.3](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-14)

### Bug Fixes

* **mongoose:** change regex to support windows os when making introspection ([#1296](#1296)) ([46c799f](46c799f))
* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))
* **vulnerability:** bump koa ([#1295](#1295)) ([08698ad](08698ad))
* **vulnerability:** bump koa-router ([#1298](#1298)) ([9517fcd](9517fcd))
* **vulnerability:** bump lerna ([#1297](#1297)) ([669d997](669d997))
* **vulnerability:** bump socks ([#1299](#1299)) ([c4273f6](c4273f6))
* **vulnerability:** bump superagent -> formidable ([#1294](#1294)) ([0a9ef9b](0a9ef9b))
forest-bot added a commit that referenced this pull request May 14, 2025
@forest-bot
chore(release): @forestadmin/[email protected] [skip ci]
9425aab 
## [1.17.1](https://github.com/ForestAdmin/agent-nodejs/compare/@forestadmin/[email protected]...@forestadmin/[email protected]) (2025-05-14)

### Bug Fixes

* **agent:** backup and restore stack properly when reload ([#1289](#1289)) ([7120857](7120857))
* **lazy join:** avoid crash when there is no filter to refine ([#1288](#1288)) ([52e0855](52e0855))
* **mongoose:** change regex to support windows os when making introspection ([#1296](#1296)) ([46c799f](46c799f))
* prevent unauthorized live queries ([#1291](#1291)) ([fa1a56e](fa1a56e))
* **security:** patch mongoose dependency vulnerabilities ([#1255](#1255)) ([a43af07](a43af07))
* **vulnerability:** bump koa ([#1295](#1295)) ([08698ad](08698ad))
* **vulnerability:** bump koa-router ([#1298](#1298)) ([9517fcd](9517fcd))
* **vulnerability:** bump lerna ([#1297](#1297)) ([669d997](669d997))
* **vulnerability:** bump socks ([#1299](#1299)) ([c4273f6](c4273f6))
* **vulnerability:** bump superagent -> formidable ([#1294](#1294)) ([0a9ef9b](0a9ef9b))

### Features

* **has-many:** allow user to retrieve data when primary key contains special characters ([#1287](#1287)) ([426e322](426e322))
* show a warning in case a mongoose relationship is omitted ([#1290](#1290)) ([93ed397](93ed397))
@forest-bot
Copy link
Member

🎉 This PR is included in version 1.7.3 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

@forest-bot
Copy link
Member

🎉 This PR is included in version 1.17.1 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

@forest-bot
Copy link
Member

🎉 This PR is included in version 1.5.0 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DayTF DayTF DayTF approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@arnaudbesnier @forest-bot @DayTF @realSpok @PMerlet