Merge pull request #2109 from gchq/dependabot/npm_and_yarn/backend/mongoose-8.13.1

JR40159 · web-flow · commit a65164a0bd7f · 2025-04-09T17:14:17.000+01:00
Bump mongoose from 7.8.6 to 8.13.1 in /backend
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -53,7 +53,7 @@
     "lodash-es": "^4.17.21",
     "mjml": "5.0.0-alpha.6",
     "mongodb": "^6.15.0",
-    "mongoose": "7.8.6",
+    "mongoose": "8.13.1",
     "mongoose-delete": "^1.0.2",
     "morgan": "^1.10.0",
     "nanoid": "^5.1.5",
diff --git a/backend/src/connectors/authorisation/base.ts b/backend/src/connectors/authorisation/base.ts
@@ -1,7 +1,7 @@
 import { AccessRequestDoc } from '../../models/AccessRequest.js'
 import { FileInterface } from '../../models/File.js'
 import { EntryVisibility, ModelDoc } from '../../models/Model.js'
-import { ReleaseDoc } from '../../models/Release.js'
+import { ReleaseDoc, ReleaseInterface } from '../../models/Release.js'
 import { ResponseDoc } from '../../models/Response.js'
 import { SchemaDoc } from '../../models/Schema.js'
 import { UserInterface } from '../../models/User.js'
@@ -178,7 +178,7 @@ export class BasicAuthorisationConnector {
   async releases(
     user: UserInterface,
     model: ModelDoc,
-    releases: Array<ReleaseDoc>,
+    releases: Array<ReleaseDoc | ReleaseInterface>,
     action: ReleaseActionKeys,
   ): Promise<Array<Response>> {
     // We don't have any specific roles dedicated to releases, so we pass it through to the model authorisation checker.
diff --git a/backend/src/models/Token.ts b/backend/src/models/Token.ts
@@ -1,6 +1,6 @@
 import bcrypt from 'bcryptjs'
 import { createHash } from 'crypto'
-import { model, Schema } from 'mongoose'
+import { model, ObjectId, Schema } from 'mongoose'
 import MongooseDelete, { SoftDeleteDocument } from 'mongoose-delete'
 
 import { BadReq } from '../utils/error.js'
@@ -53,6 +53,8 @@ export type HashTypeKeys = (typeof HashType)[keyof typeof HashType]
 // It should be used for plain object representations, e.g. for sending to the
 // client.
 export interface TokenInterface {
+  _id: ObjectId
+
   user: string
   description: string
 
diff --git a/backend/src/services/token.ts b/backend/src/services/token.ts
@@ -127,22 +127,22 @@ export async function validateTokenForUse(token: TokenDoc | undefined, action: T
 
   if (token.scope === TokenScope.Models) {
     return {
-      id: token._id,
+      id: token._id.toString(),
       success: false,
       info: 'This token must not have model restrictions for this endpoint',
     }
   }
 
   if (token.actions && !token.actions.includes(action)) {
     return {
-      id: token._id,
+      id: token._id.toString(),
       success: false,
       info: 'This token may not be used for this action',
     }
   }
 
   return {
-    id: token._id,
+    id: token._id.toString(),
     success: true,
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -127,22 +127,22 @@ export async function validateTokenForUse(token: TokenDoc \| undefined, action: T`
`127`	`127`
`128`	`128`	`if (token.scope === TokenScope.Models) {`
`129`	`129`	`return {`
`130`		`- id: token._id,`
	`130`	`+ id: token._id.toString(),`
`131`	`131`	`success: false,`
`132`	`132`	`info: 'This token must not have model restrictions for this endpoint',`
`133`	`133`	`}`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`if (token.actions && !token.actions.includes(action)) {`
`137`	`137`	`return {`
`138`		`- id: token._id,`
	`138`	`+ id: token._id.toString(),`
`139`	`139`	`success: false,`
`140`	`140`	`info: 'This token may not be used for this action',`
`141`	`141`	`}`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`return {`
`145`		`- id: token._id,`
	`145`	`+ id: token._id.toString(),`
`146`	`146`	`success: true,`
`147`	`147`	`}`
`148`	`148`	`}`