Skip to content

[Snyk] Upgrade mongoose from 8.2.0 to 8.21.0#41

Closed
global-tek wants to merge 2 commits intomasterfrom
snyk-upgrade-c1191070e3913970d035f29e89123fed
Closed

[Snyk] Upgrade mongoose from 8.2.0 to 8.21.0#41
global-tek wants to merge 2 commits intomasterfrom
snyk-upgrade-c1191070e3913970d035f29e89123fed

Conversation

@global-tek
Copy link
Owner

@global-tek global-tek commented Jan 19, 2026

snyk-top-banner

Snyk has created this PR to upgrade mongoose from 8.2.0 to 8.21.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 86 versions ahead of your current version.

  • The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Improper Neutralization of Special Elements in Data Query Logic
SNYK-JS-MONGOOSE-8446504		 756 Proof of Concept
high severity Improper Neutralization of Special Elements in Data Query Logic
SNYK-JS-MONGOOSE-8623536		 756 Proof of Concept
Release notes
Package name: mongoose
  • 8.21.0 - 2025-12-29

    8.21.0 / 2025-12-29

    • feat(document): add support for getAtomics() to allow custom container types to utilize atomics #15817
    • feat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks #15908 #15870
    • fix: add support for typescript style enums #15914 #15913 mjfwebb
  • 8.20.4 - 2025-12-18

    8.20.4 / 2025-12-18

    • fix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully #15898
    • fix(document): use bitwise OR to accumulate version mode flags #15893 #15888 AbdelrahmanHafez
  • 8.20.3 - 2025-12-15

    8.20.3 / 2025-12-15

    • perf: use Object.hasOwn instead of Object#hasOwnProperty #15875 AbdelrahmanHafez
    • fix: improve error when calling Document.prototype.init() with null/undefined #15812 Vegapunk-debug
    • types(schema): avoid treating paths with default: null as required #15889
    • types(schema): allow partial statics to schema.statics() #15780
  • 8.20.2 - 2025-12-05
  • 8.20.1 - 2025-11-20
  • 8.20.0 - 2025-11-17
  • 8.19.4 - 2025-11-14
  • 8.19.3 - 2025-11-04
  • 8.19.2 - 2025-10-20
  • 8.19.1 - 2025-10-06
  • 8.19.0 - 2025-10-02
  • 8.18.3 - 2025-09-29
  • 8.18.2 - 2025-09-22
  • 8.18.1 - 2025-09-08
  • 8.18.0 - 2025-08-22
  • 8.17.2 - 2025-08-18
  • 8.17.1 - 2025-08-07
  • 8.17.0 - 2025-07-30
  • 8.16.5 - 2025-07-25
  • 8.16.4 - 2025-07-16
  • 8.16.3 - 2025-07-10
  • 8.16.2 - 2025-07-07
  • 8.16.1 - 2025-06-26
  • 8.16.0 - 2025-06-16
  • 8.15.2 - 2025-06-12
  • 8.15.1 - 2025-05-26
  • 8.15.0 - 2025-05-16
  • 8.14.3 - 2025-05-13
  • 8.14.2 - 2025-05-08
  • 8.14.1 - 2025-04-29
  • 8.14.0 - 2025-04-25
  • 8.13.3 - 2025-04-24
  • 8.13.2 - 2025-04-03
  • 8.13.1 - 2025-03-28
  • 8.13.0 - 2025-03-24
  • 8.12.2 - 2025-03-21
  • 8.12.1 - 2025-03-04
  • 8.12.0 - 2025-03-03
  • 8.11.0 - 2025-02-26
  • 8.10.2 - 2025-02-25
  • 8.10.1 - 2025-02-14
  • 8.10.0 - 2025-02-05
  • 8.9.7 - 2025-02-04
  • 8.9.6 - 2025-01-31
  • 8.9.5 - 2025-01-13
  • 8.9.4 - 2025-01-09
  • 8.9.3 - 2024-12-30
  • 8.9.2 - 2024-12-19
  • 8.9.1 - 2024-12-16
  • 8.9.0 - 2024-12-13
  • 8.8.4 - 2024-12-05
  • 8.8.3 - 2024-11-26
  • 8.8.2 - 2024-11-18
  • 8.8.1 - 2024-11-08
  • 8.8.0 - 2024-10-31
  • 8.7.3 - 2024-10-25
  • 8.7.2 - 2024-10-17
  • 8.7.1 - 2024-10-09
  • 8.7.0 - 2024-09-27
  • 8.6.4 - 2024-09-26
  • 8.6.3 - 2024-09-17
  • 8.6.2 - 2024-09-11
  • 8.6.1 - 2024-09-03
  • 8.6.0 - 2024-08-28
  • 8.5.5 - 2024-08-28
  • 8.5.4 - 2024-08-23
  • 8.5.3 - 2024-08-13
  • 8.5.2 - 2024-07-30
  • 8.5.1 - 2024-07-12
  • 8.5.0 - 2024-07-08
  • 8.4.5 - 2024-07-05
  • 8.4.4 - 2024-06-25
  • 8.4.3 - 2024-06-17
  • 8.4.2 - 2024-06-17
  • 8.4.1 - 2024-05-31
  • 8.4.0 - 2024-05-17
  • 8.3.5 - 2024-05-15
  • 8.3.4 - 2024-05-06
  • 8.3.3 - 2024-04-29
  • 8.3.2 - 2024-04-16
  • 8.3.1 - 2024-04-08
  • 8.3.0 - 2024-04-03
  • 8.2.4 - 2024-03-28
  • 8.2.3 - 2024-03-21
  • 8.2.2 - 2024-03-15
  • 8.2.1 - 2024-03-04
  • 8.2.0 - 2024-02-22
from mongoose GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade mongoose from 8.2.0 to 8.21.0
3631b1b 
Snyk has created this PR to upgrade mongoose from 8.2.0 to 8.21.0.

See this package in npm:
mongoose

See this project in Snyk:
https://app.snyk.io/org/reddotranch/project/84d15f27-d02f-4967-84e1-b8f6e0cc18ce?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade mongoose from 8.2.0 to 8.21.0
6632513 
Snyk has created this PR to upgrade mongoose from 8.2.0 to 8.21.0.

See this package in npm:
mongoose

See this project in Snyk:
https://app.snyk.io/org/reddotranch/project/84d15f27-d02f-4967-84e1-b8f6e0cc18ce?utm_source=github&utm_medium=referral&page=upgrade-pr
@global-tek global-tek closed this Feb 3, 2026
@global-tek global-tek deleted the snyk-upgrade-c1191070e3913970d035f29e89123fed branch February 3, 2026 04:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@global-tek @snyk-bot