[Security issue] Upgrade mongoose to 8.8.3 #7538
Assignees
Labels
Comments
|
Mongoose 8.8.3 depends on mongodb 6.10.0, while testing this i found some tests failing that made me discover there is a bug in this version of the driver since the 6.8.0, documented in the mongodb issues in jira and some work already being done mongodb/node-mongodb-native#4191, although it looks like last activity was 5 months ago, we will need to wait for this update for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Mongoose search injection vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mongoose │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=8.8.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mongoose │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ mongoose │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1101063 │
└───────────────┴──────────────────────────────────────────────────────────────┘
7 vulnerabilities found - Packages audited: 748
The text was updated successfully, but these errors were encountered: