Skip to content

[codex] Upgrade Mongoose#141

Closed
coder13 wants to merge 1 commit into
masterfrom
mongoose-upgrade
Closed

[codex] Upgrade Mongoose#141
coder13 wants to merge 1 commit into
masterfrom
mongoose-upgrade

Conversation

@coder13

@coder13 coder13 commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Summary

  • Upgrade the server from Mongoose 5.x to mongoose@6.13.9 to address the direct Mongoose audit findings.
  • Remove obsolete Mongoose 5 connection options now handled by Mongoose 6 defaults.
  • Set strictQuery explicitly to preserve the app's existing Mongoose 5-style query behavior.
  • Fix pre-existing lint formatting in server/middlewares/auth.js so the server lint check passes on this branch.

Deployment notes

Mongoose 6 uses the MongoDB Node driver 4.x. Based on the migration guide, this should not require a MongoDB server upgrade by itself, but deployment should verify the app Node version is compatible and the deployed MongoDB version is known before rollout.

Validation

  • cd server && npm run lint
  • cd server && npm audit --omit=dev --json confirms there is no remaining direct mongoose vulnerability entry.

Residual audit count after this change: 49 production vulnerabilities remain, driven by other dependency paths such as the old session/MongoDB stack.

Move the server to Mongoose 6.13.9 to clear the direct Mongoose audit findings. Remove obsolete Mongoose 5 connection options and set strictQuery explicitly to preserve existing query behavior.
@coder13 coder13 marked this pull request as ready for review July 9, 2026 12:31
@coder13

coder13 commented Jul 9, 2026

Copy link
Copy Markdown
Owner Author

Closing this standalone PR because the Mongoose upgrade has been merged into the long-lived dep-upgrade branch instead. Future dependency tech debt will continue there.

@coder13 coder13 closed this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant