npm: bump mongoose from 9.1.3 to 9.2.3

[dependabot]

Bumps mongoose from 9.1.3 to 9.2.3.

Release notes

Sourced from mongoose's releases.

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

9.2.2 / 2026-02-23

• fix(document): make pathsToSave filter all update operators and preserve unsaved state #16027
• fix(setDefaultsOnInsert): check child filter paths before applying defaults, fix dot-notation handling, and prevent prototype pollution #16031 #16030
• fix(populate): make refPath work as a function, including map paths with $* #16035 #16028
• perf: optimize pathsToSave and indexed-path checks for subdocuments
• types: remove duplicate definition of UUIDToJSON type #16029
• docs(field-level-encryption): clarify crypt_shared library usage and move extraOptions under autoEncryption #16026 #16015
• test(types): introduce TSTyche for type testing #16024

9.2.1 / 2026-02-11

• types(query): allow assigning QueryFilter<DocType> to QueryFilter<any> #16020
• types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #16023
• types: preserve subdocument toObject() field types when using virtuals + versionKey options #16021 #15965 AbdelrahmanHafez
• docs(mongoose): add missing options to mongoose.set() docs #16019

9.2.0 / 2026-02-09

• feat: add option to skip middleware #15883 #8768 AbdelrahmanHafez
• feat(model): delay "Duplicate schema index" warning until createIndexes runs to include model name in the warning #15979
• feat(model): add strict option to Model.hydrate(...) #15940 #15977
• feat(document): add flattenUUIDs option to toObject() and toJSON() #15864 #15021 AbdelrahmanHafez
• fix(schema): treat undefined as not provided for strict, strictQuery and id options #16004 AbdelrahmanHafez
• types(inferrawdoctype): avoid adding _id to nested paths and handle _id: false in options + schema definition #15989
• types: fix toObject() type inference with timestamps + virtuals #15975 AbdelrahmanHafez
• types(models): remove dead MapReduce and GeoSearch types #15984
• test(types): remove tsd in favor of tsc + test utilities #15951 #15696

9.1.6 / 2026-02-04

• fix: handle other top-level query operators in sanitizeFilter
• fix(types): fix toObject() type inference with timestamps + virtuals #15975 #15965 AbdelrahmanHafez
• fix(populate): defer subpopulate until after match functions to avoid comparing populated subdocs #15981 mongodb-js/mongoose-autopopulate#112
• fix(DocumentArray): correctly clone subdocument when updating document array #15978 #15973
• fix(documentArray): fix change tracking for documentArrays in nested maps #15983 #15970 AbdelrahmanHafez
• docs: clarify that you need to explicitly create timeseries collection before inserting document #15990 #15986

9.1.5 / 2026-01-20

• fix(map): validate map subdocument when loaded with init #15960 #15957 AbdelrahmanHafez
• fix(discriminator): prevent indexes and callQueue duplication with shared nested schemas #15974 #15966 AbdelrahmanHafez
• fix(subdocuments): do not pass parent path on init #15970 #15969 #15682 AbdelrahmanHafez
• types(inferrawdoctype): correct handling for subdocs and doc arrays #15967 #13772
• docs: improve grammar and clarity in TypeScript schema comments #15971 harshsinghpujari

... (truncated)

Changelog

Sourced from mongoose's changelog.

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

9.2.2 / 2026-02-23

• fix(document): make pathsToSave filter all update operators and preserve unsaved state #16027
• fix(setDefaultsOnInsert): check child filter paths before applying defaults, fix dot-notation handling, and prevent prototype pollution #16031 #16030
• fix(populate): make refPath work as a function, including map paths with $* #16035 #16028
• perf: optimize pathsToSave and indexed-path checks for subdocuments
• types: remove duplicate definition of UUIDToJSON type #16029
• docs(field-level-encryption): clarify crypt_shared library usage and move extraOptions under autoEncryption #16026 #16015
• test(types): introduce TSTyche for type testing #16024

9.2.1 / 2026-02-11

• types(query): allow assigning QueryFilter to QueryFilter #16020
• types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #16023
• types: preserve subdocument toObject() field types when using virtuals + versionKey options #16021 #15965 AbdelrahmanHafez
• docs(mongoose): add missing options to mongoose.set() docs #16019

9.2.0 / 2026-02-09

• feat: add option to skip middleware #15883 #8768 AbdelrahmanHafez
• feat(model): delay "Duplicate schema index" warning until createIndexes runs to include model name in the warning #15979
• feat(model): add strict option to Model.hydrate(...) #15940 #15977
• feat(document): add flattenUUIDs option to toObject() and toJSON() #15864 #15021 AbdelrahmanHafez
• fix(schema): treat undefined as not provided for strict, strictQuery and id options #16004 AbdelrahmanHafez
• types(inferrawdoctype): avoid adding _id to nested paths and handle _id: false in options + schema definition #15989
• types: fix toObject() type inference with timestamps + virtuals #15975 AbdelrahmanHafez
• types(models): remove dead MapReduce and GeoSearch types #15984
• test(types): remove tsd in favor of tsc + test utilities #15951 #15696

8.23.0 / 2026-02-09

• feat(document): add flattenUUIDs option to toObject() and toJSON() (backport #15021 to 8.x)

9.1.6 / 2026-02-04

• fix: handle other top-level query operators in sanitizeFilter
• fix(types): fix toObject() type inference with timestamps + virtuals #15975 #15965 AbdelrahmanHafez
• fix(populate): defer subpopulate until after match functions to avoid comparing populated subdocs #15981 mongodb-js/mongoose-autopopulate#112
• fix(DocumentArray): correctly clone subdocument when updating document array #15978 #15973
• fix(documentArray): fix change tracking for documentArrays in nested maps #15983 #15970 AbdelrahmanHafez
• docs: clarify that you need to explicitly create timeseries collection before inserting document #15990 #15986

8.22.1 / 2026-02-04

• fix: handle other top-level query operators in sanitizeFilter
• fix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc #15904 #15901

... (truncated)

Commits

• d3bfc85 chore: release 9.2.3
• 4786f70 Merge pull request #16044 from mrazauskas/stricter-tsconfig
• 7303734 Merge pull request #16040 from Automattic/vkarpov15/gh-16032
• 1812c9e chore: make TSConfig stricter
• 518970c chore: release 9.2.2
• 94ee9f1 Merge pull request #16026 from Automattic/vkarpov15/gh-16015
• 781f5c0 Merge pull request #16014 from Automattic/chore/suppress-test-warnings
• 7c9a03e Merge pull request #16024 from mrazauskas/introduce-tstyche
• 0defff0 clean up script
• 5695978 types(model): make bulkSave() correctly take array of THydratedDocumentType
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)