Bump mongoose from 9.2.4 to 9.6.2

[dependabot]

Bumps mongoose from 9.2.4 to 9.6.2.

Release notes

Sourced from mongoose's releases.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

9.4.1 / 2026-04-03

• Revert "fix(setDefaultsOnInsert): run setters on default values during upsert" #16218 #16051

9.4.0 / 2026-04-03

• perf(document+model): avoid parallel save error instantiation, simplify resetting atomics, streamline validation and collection handling
• feat(document): add $getChanges() alias, deprecate getChanges() #15959 techcodie
• fix(schema): support toJSONSchema on unions #16179
• fix(schema): implement validation for Union schemas and subdocuments techcodie
• fix(connection): snapshot Date in heartbeat handler and flush queue on recovery #16183 andreialecu
• fix(model): use duck-typing with version check to validate the argument to useConnection() is actually a connection #16098
• fix(setDefaultsOnInsert): run setters on default values during upsert #16051 mahmoodhamdi
• fix(utils): properly compare Set objects in deepEqual KhanjarSingh
• fix(utils): wrap discriminator merge check in parentheses to fix precedence Necro-Rohan
• fix(schema): correct template literal in encryptionType error message Mridul012
• fix(schema): correct error when unsupported query operator with number #16062
• fix(types): make MergeType and UnpackedIntersection distributive over union types techcodie

... (truncated)

Changelog

Sourced from mongoose's changelog.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

8.23.1 / 2026-04-23

• fix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations #16091 #16079
• fix(setDefaultsOnInsert): check child filter paths before applying defaults (backport #16031 to 8.x) #16219 marklai1998
• fix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator #16238 #16236 #15550 #15571

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

9.4.1 / 2026-04-03

• Revert "fix(setDefaultsOnInsert): run setters on default values during upsert" #16218 #16051

9.4.0 / 2026-04-03

• perf(document+model): avoid parallel save error instantiation, simplify resetting atomics, streamline validation and collection handling
• feat(document): add $getChanges() alias, deprecate getChanges() #15959 techcodie
• fix(schema): support toJSONSchema on unions #16179
• fix(schema): implement validation for Union schemas and subdocuments techcodie
• fix(connection): snapshot Date in heartbeat handler and flush queue on recovery #16183 andreialecu
• fix(model): use duck-typing with version check to validate the argument to useConnection() is actually a connection #16098

... (truncated)

Commits

• 45230cc chore: release 9.6.2
• ccac981 Merge pull request #16277 from Automattic/vkarpov15/gh-16273
• a917973 types: handle compiling with exactOptionalPropertyTypes
• 2b7bb96 Merge pull request #16271 from Automattic/vkarpov15/gh-16252
• ca7f2a0 new affiliate links
• aa9a2e3 Merge branch 'master' into vkarpov15/affiliate
• 5f86a12 Merge pull request #16232 from Automattic/vkarpov15/website-relayout
• 378f90b increment latest release numbers
• bef3027 color cleanup and minor fixes from review
• 70f0699 use Mongoose red for links
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)