Express 3.8.39 and corresponding plugin packages introduce vulnerabilities to Aggie, including several of high severity. To resolve these vulnerabilities, we need to update Mongoose and corresponding plugins to their latest versions.
Some plugins which are now unmaintained will need to be replaced with a maintained alternative, namely mongoose-auto-increment. Others may also need to be replaced as we perform the upgrade.
Some preliminary work has already been done to update Mongoose. See commits below.
Express 3.8.39 and corresponding plugin packages introduce vulnerabilities to Aggie, including several of high severity. To resolve these vulnerabilities, we need to update Mongoose and corresponding plugins to their latest versions.
Some plugins which are now unmaintained will need to be replaced with a maintained alternative, namely
mongoose-auto-increment. Others may also need to be replaced as we perform the upgrade.Some preliminary work has already been done to update Mongoose. See commits below.