Updated to mongoose 7.8.9

[DivyanshTrackier]

🛡️ Security Checklist

Review and check all that apply before requesting a review.

• Secrets: I have verified that no API keys, passwords, or certificates are hardcoded.
• Dependencies: I have checked for known vulnerabilities in any new libraries added.
• Data Handling: Sensitive data (PII) is encrypted or masked in logs.
• Input Validation: All user-provided input is sanitized to prevent SQLi or XSS.
• Permissions: New endpoints or features follow the Principle of Least Privilege.

⚙️ Backend & Performance

• Database: I have checked for N+1 query issues and verified index usage.
• Migrations: Database migrations are reversible (where applicable) and tested.
• Error Handling: Errors are caught and returned with appropriate HTTP status codes.
• Scalability: Large datasets are handled via pagination, not loaded entirely into memory.
• Async: Long-running tasks are moved to background workers (if applicable).

🧪 Testing & Quality

• Unit Tests: Added/updated tests for the core logic.
• Integration: Verified that API contracts haven't broken for downstream services.
• Observability: Added logs or metrics to track the success/failure of this feature.
• Documentation: Updated Swagger/OpenAPI specs or internal READMEs.

✍️ Sign-off

• I confirm that I have performed a self-review of this code from a security perspective.

Reviewer Sign-off: (To be completed by the reviewer)

• Security standards verified.

Summary by CodeRabbit

• Chores
  • Bumped package version to 1.6.11.
  • Upgraded MongoDB object mapper dependency to version 7.8.9 (major upgrade).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5815d2c7-790b-4182-9435-684bc4b2afc2

📥 Commits

Reviewing files that changed from the base of the PR and between 2fc7334 and 2aac932.

📒 Files selected for processing (1)

• package.json

✅ Files skipped from review due to trivial changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Mongoose dependency bumped from v6.x to v7.x in package.json. DbUtil.generateMongoId() in src/dbUtil.js now constructs ObjectId with new mongoose.Types.ObjectId() instead of calling it directly.

Changes

Cohort / File(s)	Summary
Dependency Management package.json	Bumped package version and upgraded mongoose from ^6.13.8 to ^7.8.9.
Database Utility src/dbUtil.js	Changed DbUtil.generateMongoId() to return new mongoose.Types.ObjectId() rather than mongoose.Types.ObjectId().

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• Hemant-Mann
• abdullah-trackier

Poem

🐰 I hopped through code with a joyful chew,
Mongoose grew up — version seven, anew.
ObjectIds now born with a proper "new" song,
Quick hops, small tweaks, and we carry on. 🥕✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading mongoose from version 6.13.8 to 7.8.9, which is the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-mongoose-migration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 31: package.json now requires "mongoose": "^7.8.9" but the lockfile still
pins 6.13.8; regenerate and update package-lock.json so the lockfile resolves
Mongoose 7.x. Run npm install (or npm update) locally to refresh
package-lock.json and node_modules, verify package-lock.json lists mongoose
7.8.9 (or a compatible 7.x) and node_modules contains the 7.x package, then
commit the updated package-lock.json (and package-lock changes only) so CI and
installs use the correct major version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0401be35-e3fb-4411-b096-5a44aea10141

📥 Commits

Reviewing files that changed from the base of the PR and between 1877637 and 2fc7334.

📒 Files selected for processing (2)

• package.json
• src/dbUtil.js

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check declared mongoose version in package.json
rg -nP '"mongoose"\s*:\s*".*"' package.json -C1

# Inspect lockfiles (if present) for resolved mongoose versions
fd -HI 'package-lock.json|yarn.lock|pnpm-lock.yaml' . | xargs -r rg -nP 'mongoose(@|":|:)\s*["]?[0-9]+\.[0-9]+\.[0-9]+'

Repository: CloudStuffTech/tracker-utils

Length of output: 157

---

🏁 Script executed:

#!/bin/bash

# List all possible lockfiles in the repository
echo "=== Checking for lockfiles ==="
find . -maxdepth 2 -type f \( -name "package-lock.json" -o -name "yarn.lock" -o -name "pnpm-lock.yaml" \)

echo -e "\n=== Repository structure ==="
ls -la

# If package-lock.json exists, check mongoose versions in it
if [ -f "package-lock.json" ]; then
  echo -e "\n=== Mongoose versions in package-lock.json ==="
  rg -i 'mongoose' package-lock.json | head -20
fi

# If yarn.lock exists, check mongoose versions in it
if [ -f "yarn.lock" ]; then
  echo -e "\n=== Mongoose versions in yarn.lock ==="
  rg -i 'mongoose' yarn.lock | head -20
fi

# If pnpm-lock.yaml exists, check mongoose versions in it
if [ -f "pnpm-lock.yaml" ]; then
  echo -e "\n=== Mongoose versions in pnpm-lock.yaml ==="
  rg -i 'mongoose' pnpm-lock.yaml | head -20
fi

Repository: CloudStuffTech/tracker-utils

Length of output: 1313

---

🏁 Script executed:

#!/bin/bash

# Get all mongoose entries from package-lock.json with context
echo "=== All mongoose entries in package-lock.json ==="
rg -i -B2 -A5 'mongoose' package-lock.json

# Count mongoose versions
echo -e "\n=== Count of mongoose version references ==="
rg -i '"mongoose"' package-lock.json | head -30

Repository: CloudStuffTech/tracker-utils

Length of output: 1031

---

Update lockfile to resolve Mongoose 7.8.9 instead of 6.13.8.

The package-lock.json still declares "mongoose": "^6.13.8" with node_modules resolving to version 6.13.8, while package.json specifies "^7.8.9". This mismatch means npm install will pull Mongoose 6.13.8, causing runtime inconsistencies due to breaking API changes between major versions. Regenerate the lockfile (e.g., npm install or npm update) to align with the package.json update.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 31, package.json now requires "mongoose": "^7.8.9" but
the lockfile still pins 6.13.8; regenerate and update package-lock.json so the
lockfile resolves Mongoose 7.x. Run npm install (or npm update) locally to
refresh package-lock.json and node_modules, verify package-lock.json lists
mongoose 7.8.9 (or a compatible 7.x) and node_modules contains the 7.x package,
then commit the updated package-lock.json (and package-lock changes only) so CI
and installs use the correct major version.