Bump the npm_and_yarn group in /server with 3 updates

[dependabot]

Bumps the npm_and_yarn group in /server with 3 updates: mongoose, path-to-regexp and express.

Updates mongoose from 8.7.1 to 8.8.4

Release notes

Sourced from mongoose's releases.

8.8.4 / 2024-12-05

• fix: cast using overwritten embedded discriminator key when set #15076 #15051
• fix: avoid throwing error if saveOptions undefined when invalidating subdoc cache #15062

8.8.3 / 2024-11-26

• fix: disallow using $where in match
• perf: cache results from getAllSubdocs() on saveOptions, only loop through known subdoc properties #15055 #15029
• fix(model+query): support overwriteDiscriminatorKey for bulkWrite updateOne and updateMany, allow inferring discriminator key from update #15046 #15040

8.8.2 / 2024-11-18

• fix(model): handle array filters when casting bulkWrite #15036 #14978
• fix(model): make diffIndexes() avoid trying to drop default timeseries collection index #15035 #14984
• fix: save execution stack in query as string #15039 durran
• types(cursor): correct asyncIterator and asyncDispose for TypeScript with lib: 'esnext' #15038
• docs(migrating_to_8): add note about removing findByIdAndRemove #15024 dragontaek-lee

8.8.1 / 2024-11-08

• perf: make a few micro-optimizations to help speed up findOne() #15022 #14906
• fix: apply embedded discriminators to subdoc schemas before compiling top level model so middleware applies correctly #15001 #14961
• fix(query): add overwriteImmutable option to allow updating immutable properties without disabling strict mode #15000 #8619

8.8.0 / 2024-10-31

• feat: upgrade mongodb -> ~6.10 #14991 #14877
• feat(query): add schemaLevelProjections option to query to disable schema-level select: false #14986 #11474
• feat: allow defining virtuals on arrays, not just array elements #14955 #2326
• feat(model): add applyTimestamps() function to apply all schema timestamps, including subdocuments, to a given POJO #14943 #14698
• feat(model): add hideIndexes option to syncIndexes() and cleanIndexes() #14987 #14868
• fix(query): make sanitizeFilter disable implicit $in #14985 #14657
• fix(model): avoid unhandled error if createIndex() throws a sync error #14995
• fix(model): avoid throwing TypeError if bulkSave()'s bulkWrite() fails with a non-BulkWriteError #14993
• types: added toJSON:flattenObjectIds effect #14989
• types: add __v to lean() result type and ModifyResult #14990 #12959
• types: use globalThis instead of global for NativeDate #14992 #14988
• docs(change-streams): fix markdown syntax highlighting for script output example #14994

8.7.3 / 2024-10-25

• fix(cursor): close underlying query cursor when calling destroy() #14982 #14966
• types: add JSONSerialized helper that can convert HydratedDocument to JSON output type #14981 #14451
• types(model): convert InsertManyResult to interface and remove unnecessary insertedIds override #14977
• types(connection): add missing sanitizeFilter option #14975
• types: improve goto definition for inferred schema definitions #14968 forivall
• docs(migration-guide-v7): correct link to the section "Id Setter" #14973 rb-ntnx

8.7.2 / 2024-10-17

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.8.4 / 2024-12-05

• fix: cast using overwritten embedded discriminator key when set #15076 #15051
• fix: avoid throwing error if saveOptions undefined when invalidating subdoc cache #15062

8.8.3 / 2024-11-26

• fix: disallow using $where in match
• perf: cache results from getAllSubdocs() on saveOptions, only loop through known subdoc properties #15055 #15029
• fix(model+query): support overwriteDiscriminatorKey for bulkWrite updateOne and updateMany, allow inferring discriminator key from update #15046 #15040

8.8.2 / 2024-11-18

• fix(model): handle array filters when casting bulkWrite #15036 #14978
• fix(model): make diffIndexes() avoid trying to drop default timeseries collection index #15035 #14984
• fix: save execution stack in query as string #15039 durran
• types(cursor): correct asyncIterator and asyncDispose for TypeScript with lib: 'esnext' #15038
• docs(migrating_to_8): add note about removing findByIdAndRemove #15024 dragontaek-lee

8.8.1 / 2024-11-08

• perf: make a few micro-optimizations to help speed up findOne() #15022 #14906
• fix: apply embedded discriminators to subdoc schemas before compiling top level model so middleware applies correctly #15001 #14961
• fix(query): add overwriteImmutable option to allow updating immutable properties without disabling strict mode #15000 #8619

8.8.0 / 2024-10-31

• feat: upgrade mongodb -> ~6.10 #14991 #14877
• feat(query): add schemaLevelProjections option to query to disable schema-level select: false #14986 #11474
• feat: allow defining virtuals on arrays, not just array elements #14955 #2326
• feat(model): add applyTimestamps() function to apply all schema timestamps, including subdocuments, to a given POJO #14943 #14698
• feat(model): add hideIndexes option to syncIndexes() and cleanIndexes() #14987 #14868
• fix(query): make sanitizeFilter disable implicit $in #14985 #14657
• fix(model): avoid unhandled error if createIndex() throws a sync error #14995
• fix(model): avoid throwing TypeError if bulkSave()'s bulkWrite() fails with a non-BulkWriteError #14993
• types: added toJSON:flattenObjectIds effect #14989
• types: add __v to lean() result type and ModifyResult #14990 #12959
• types: use globalThis instead of global for NativeDate #14992 #14988
• docs(change-streams): fix markdown syntax highlighting for script output example #14994

8.7.3 / 2024-10-25

• fix(cursor): close underlying query cursor when calling destroy() #14982 #14966
• types: add JSONSerialized helper that can convert HydratedDocument to JSON output type #14981 #14451
• types(model): convert InsertManyResult to interface and remove unnecessary insertedIds override #14977
• types(connection): add missing sanitizeFilter option #14975
• types: improve goto definition for inferred schema definitions #14968 forivall
• docs(migration-guide-v7): correct link to the section "Id Setter" #14973 rb-ntnx

... (truncated)

Commits

• 2607904 chore: release 8.8.4
• cf50772 Merge pull request #15076 from Automattic/vkarpov15/gh-15051
• 7cbb295 Update test/model.updateOne.test.js
• 76c745c fix: cast using overwritten embedded discriminator key when set
• 76f92d2 fix: avoid throwing error if saveOptions undefined when invalidating subdoc c...
• f5f7be9 Merge pull request #15066 from Automattic/dependabot/npm_and_yarn/master/mark...
• 41f6bbd chore(deps-dev): bump marked from 14.1.3 to 15.0.3
• 622c49f Merge pull request #15069 from Automattic/dependabot/npm_and_yarn/master/mark...
• 977d7c9 Merge pull request #15063 from Automattic/dependabot/npm_and_yarn/master/type...
• fefa521 Merge branch 'master' into dependabot/npm_and_yarn/master/typescript-5.7.2
• Additional commits viewable in compare view

Updates path-to-regexp from 0.1.10 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Commits

• 640e694 0.1.12
• f01c26a Merge commit from fork
• 0c71192 0.1.11
• 8f09549 Add error on bad input values
• See full diff in compare view

Updates express from 4.21.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: [email protected] by @​blakeembrey in expressjs/express#5956
• deps: bump [email protected] by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: [email protected]
  • Fix backtracking protection
• deps: [email protected]
  • Throws an error on invalid path values

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump [email protected] (#6209)
• 59fc270 deps: [email protected] (#5956)
• 51fc39c docs: add funding (#6065)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

API Coverage LCOV of commit 6929ef2 during Tests #1397

Summary coverage rate:
  lines......: 88.3% (406 of 460 lines)
  functions..: 88.3% (128 of 145 functions)
  branches...: 81.5% (163 of 200 branches)

Files changed coverage rate: n/a

[github-actions]

Website Coverage LCOV of commit 6929ef2 during Tests #1397

Summary coverage rate:
  lines......: 97.2% (889 of 915 lines)
  functions..: 95.1% (366 of 385 functions)
  branches...: 84.2% (149 of 177 branches)

Files changed coverage rate: n/a