chore(deps): match bson version with mongodb's bson version #15297
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Author
|
Also i have noticed that there is no |
Collaborator
|
Re: 8.12.0 branch or PR, I skipped the 8.12 release PR because 8.12 was just updating MongoDB Node driver version. However, in hindsight, I should've just made a PR so we could've also caught this version inconsistency. I will do so in the future. Thanks 👍 |
vkarpov15
approved these changes
Mar 4, 2025
KleilsonSantos
added a commit
to KleilsonSantos/Mongo-RestFull-API
that referenced
this pull request
May 23, 2025
 <h3>Snyk has created this PR to upgrade mongoose from 8.12.1 to 8.13.2.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **4 versions** ahead of your current version. - The recommended version was released **a month ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>mongoose</b></summary> <ul> <li> <b>8.13.2</b> - <a href="https://redirect.github.com/Automattic/mongoose/releases/tag/8.13.2">2025-04-03</a></br><h1>8.13.2 / 2025-04-03</h1> <ul> <li>fix: avoid double calling validators on paths in document arrays underneath subdocuments <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2964589348" data-permission-text="Title is private" data-url="Automattic/mongoose#15338" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15338/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15338">#15338</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2962842706" data-permission-text="Title is private" data-url="Automattic/mongoose#15335" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/15335/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/15335">#15335</a></li> </ul> </li> <li> <b>8.13.1</b> - <a href="https://redirect.github.com/Automattic/mongoose/releases/tag/8.13.1">2025-03-28</a></br><h1>8.13.1 / 2025-03-28</h1> <ul> <li>fix(populate): handle virtual populate on array of UUIDs <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2950829127" data-permission-text="Title is private" data-url="Automattic/mongoose#15329" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15329/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15329">#15329</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2920867131" data-permission-text="Title is private" data-url="Automattic/mongoose#15315" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/15315/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/15315">#15315</a></li> <li>types: allow default function returning undefined with DocType override <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2947550615" data-permission-text="Title is private" data-url="Automattic/mongoose#15328" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15328/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15328">#15328</a></li> </ul> </li> <li> <b>8.13.0</b> - <a href="https://redirect.github.com/Automattic/mongoose/releases/tag/8.13.0">2025-03-24</a></br><h1>8.13.0 / 2025-03-24</h1> <ul> <li>feat: bump mongodb driver -> 6.15.0</li> <li>feat: support custom types exported from driver <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2932613125" data-permission-text="Title is private" data-url="Automattic/mongoose#15321" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/15321/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/15321">#15321</a></li> </ul> </li> <li> <b>8.12.2</b> - <a href="https://redirect.github.com/Automattic/mongoose/releases/tag/8.12.2">2025-03-21</a></br><h1>8.12.2 / 2025-03-21</h1> <ul> <li>fix(document): avoid stripping out fields in discriminator schema after select: false field <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2935646883" data-permission-text="Title is private" data-url="Automattic/mongoose#15322" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15322/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15322">#15322</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2904960977" data-permission-text="Title is private" data-url="Automattic/mongoose#15308" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/15308/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/15308">#15308</a></li> <li>fix(AggregationCursor): make next() error if schema pre('aggregate') middleware throws error <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2889837415" data-permission-text="Title is private" data-url="Automattic/mongoose#15293" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15293/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15293">#15293</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2885865700" data-permission-text="Title is private" data-url="Automattic/mongoose#15279" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/15279/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/15279">#15279</a></li> <li>fix(populate): correctly get schematypes when deep populating under a map <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2901416105" data-permission-text="Title is private" data-url="Automattic/mongoose#15302" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15302/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15302">#15302</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="686137748" data-permission-text="Title is private" data-url="Automattic/mongoose#9359" data-hovercard-type="issue" data-hovercard-url="/Automattic/mongoose/issues/9359/hovercard" href="https://redirect.github.com/Automattic/mongoose/issues/9359">#9359</a></li> <li>fix(model): avoid returning null from bulkSave() if error doesn't have writeErrors property <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2935725795" data-permission-text="Title is private" data-url="Automattic/mongoose#15323" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15323/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15323">#15323</a></li> <li>types: add WithTimestamps utility type <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2927393328" data-permission-text="Title is private" data-url="Automattic/mongoose#15318" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15318/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15318">#15318</a> <a href="https://redirect.github.com/baruchiro">baruchiro</a></li> <li>docs: update references to the ms module in date schema documentation <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2927630755" data-permission-text="Title is private" data-url="Automattic/mongoose#15319" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15319/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15319">#15319</a> <a href="https://redirect.github.com/baruchiro">baruchiro</a></li> <li>docs: fix typo in schematypes.md <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2902260990" data-permission-text="Title is private" data-url="Automattic/mongoose#15305" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15305/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15305">#15305</a> <a href="https://redirect.github.com/skyran1278">skyran1278</a></li> </ul> </li> <li> <b>8.12.1</b> - <a href="https://redirect.github.com/Automattic/mongoose/releases/tag/8.12.1">2025-03-04</a></br><h1>8.12.1 / 2025-03-04</h1> <ul> <li>fix: match bson version with mongodb's bson version <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2893748580" data-permission-text="Title is private" data-url="Automattic/mongoose#15297" data-hovercard-type="pull_request" data-hovercard-url="/Automattic/mongoose/pull/15297/hovercard" href="https://redirect.github.com/Automattic/mongoose/pull/15297">#15297</a> <a href="https://redirect.github.com/hasezoey">hasezoey</a></li> </ul> </li> </ul> from <a href="https://redirect.github.com/Automattic/mongoose/releases">mongoose GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmZDlkODkzMi00ZGFkLTRiNmQtYjAzOS1lOWUwZThkYzI3ZWEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImZkOWQ4OTMyLTRkYWQtNGI2ZC1iMDM5LWU5ZTBlOGRjMjdlYSJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/kdsdesign1/project/6dfd2c96-abbb-46a3-be3c-7747489f415d?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/kdsdesign1/project/6dfd2c96-abbb-46a3-be3c-7747489f415d/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/kdsdesign1/project/6dfd2c96-abbb-46a3-be3c-7747489f415d/settings/integration?pkg=mongoose&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"mongoose","from":"8.12.1","to":"8.13.2"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"fd9d8932-4dad-4b6d-b039-e9e0e8dc27ea","prPublicId":"fd9d8932-4dad-4b6d-b039-e9e0e8dc27ea","packageManager":"npm","priorityScoreList":[],"projectPublicId":"6dfd2c96-abbb-46a3-be3c-7747489f415d","projectUrl":"https://app.snyk.io/org/kdsdesign1/project/6dfd2c96-abbb-46a3-be3c-7747489f415d?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2025-04-03T23:43:39.900Z"},"vulns":[]}'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates mongoose's
bsondependency version to match mongodb's bson version.Because package managers that upgrade might decide to stay on the old version for mongoose but use newer for mongodb (like yarn 1x), as i had encountered while updating typegoose.
Mismatched version can cause (runtime) type check failures, like:
expect(received).toBeInstanceOf(expected) Expected constructor: ObjectId Received constructor: ObjectId 422 | 423 | found.mapped.forEach((v) => { > 424 | expect(v).toBeInstanceOf(mongoose.Types.ObjectId); | ^ 425 | }); 426 | 427 | await found.populate('mapped.$*'); at test/tests/ref.test.ts:424:15 at MongooseMap.forEach (<anonymous>) at Object.<anonymous> (test/tests/ref.test.ts:423:16)