Skip to content

Comments

Upgrade mongoose versions to patch vuln#412

Merged
seanspeaks merged 1 commit intofriggframework:version-0from
brendanrmoore:brendanrmoore/patch-mongoose
Aug 29, 2025
Merged

Upgrade mongoose versions to patch vuln#412
seanspeaks merged 1 commit intofriggframework:version-0from
brendanrmoore:brendanrmoore/patch-mongoose

Conversation

@brendanrmoore
Copy link

@brendanrmoore brendanrmoore commented Aug 28, 2025

Upgrade mongoose versions to patch search injection vulnerability.

https://www.cve.org/CVERecord?id=CVE-2025-23061

@sonarqubecloud
Copy link

@brendanrmoore
Copy link
Author

@seanspeaks

@seanspeaks seanspeaks added the release Create a release when this pr is merged label Aug 28, 2025
Copy link
Contributor

@seanspeaks seanspeaks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, the release tag in theory should still work when you merge in (or let me know if I need to merge). And run some tests locally to confirm there's no breaking issues... mongoose got finicky from 6 => 7 => 8 but I think we're safe here.

@brendanrmoore
Copy link
Author

I'm having a lot of trouble getting the test suite to run. But I realized that "^6.5.2" and "^6.13.6" should resolve to the same version anyway due to the caret allowing minor version upgrades. So I'm pretty sure this won't change anything.

BTW, I'm not able to merge this PR myself.

@seanspeaks seanspeaks merged commit c6c694b into friggframework:version-0 Aug 29, 2025
6 of 7 checks passed
@seanspeaks
Copy link
Contributor

🚀 PR was released in @friggframework/api-module-activecampaign@0.11.3, @friggframework/api-module-airwallex@0.11.3, @friggframework/api-module-attentive@0.11.3, @friggframework/api-module-clyde@0.11.3, @friggframework/api-module-connectwise@0.11.3, @friggframework/api-module-crossbeam@0.11.3, @friggframework/api-module-fastspring-iq@0.11.3, @friggframework/api-module-front@0.11.3, @friggframework/api-module-frontify@1.3.3, @friggframework/api-module-google-calendar@0.3.3, @friggframework/api-module-google-drive@0.6.1, @friggframework/api-module-gorgias@0.11.3, @friggframework/api-module-hubspot@0.13.1, @friggframework/api-module-huggg@0.11.3, @friggframework/api-module-ironclad@0.3.3, @friggframework/api-module-marketo@0.11.3, @friggframework/api-module-microsoft-sharepoint@0.3.3, @friggframework/api-module-microsoft-teams@0.4.7, @friggframework/api-module-monday@0.11.3, @friggframework/api-module-netx@0.11.3, @friggframework/api-module-outreach@0.11.3, @friggframework/api-module-personio@0.11.3, @friggframework/api-module-pipedrive@0.11.3, @friggframework/api-module-qbo@0.11.3, @friggframework/api-module-rev-io@0.11.3, @friggframework/api-module-rollworks@0.11.3, @friggframework/api-module-salesforce@0.11.3, @friggframework/api-module-salesloft@0.11.3, @friggframework/api-module-slack@0.4.3, @friggframework/api-module-terminus@0.11.3, @friggframework/api-module-yotpo@0.3.3, @friggframework/api-module-zoom@0.11.3, @friggframework/integrations@1.2.6, @friggframework/module-plugin@1.1.5, @friggframework/types@0.2.6 🚀

@seanspeaks seanspeaks added the released This issue/pull request has been released. label Aug 29, 2025
@seanspeaks
Copy link
Contributor

@brendanrmoore Hmm... what errors on the test suite? or, is there a certain class of errors?

On the caret, good catch 😅 Just merged to test the release, we can do a follow-on

@brendanrmoore
Copy link
Author

@brendanrmoore Hmm... what errors on the test suite? or, is there a certain class of errors?

On the caret, good catch 😅 Just merged to test the release, we can do a follow-on

In manager.test.ts in the integrations package, the test kept hanging on the beforeAll hook. Seems like Mongo was hanging for some reason, but I couldn't figure out why. Not sure if there's some setup I have to do to get it to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release Create a release when this pr is merged released This issue/pull request has been released.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants