Bump mongoose from 5.9.7 to 5.13.0

[dependabot-preview]

Bumps mongoose from 5.9.7 to 5.13.0.

Changelog

Sourced from mongoose's changelog.

5.13.0 / 2021-06-28

• feat(query): add sanitizeProjection option to opt in to automatically sanitizing untrusted query projections #10243
• feat(model): add bulkSave() function that saves multiple docs in 1 bulkWrite() #9727 #9673 AbdelrahmanHafez
• feat(document): allow passing a list of virtuals or pathsToSkip to apply in toObject() and toJSON() #10120
• fix(model): make Model.validate use object under validation as context by default #10360 AbdelrahmanHafez
• feat(document): add support for pathsToSkip in validate and validateSync #10375 AbdelrahmanHafez
• feat(model): add diffIndexes() function that calculates what indexes syncIndexes() will create/drop without actually executing any changes #10362 IslandRhythms
• feat(document): avoid using sessions that have ended, so you can use documents that were loaded in the session after calling endSession() #10306

5.12.15 / 2021-06-25

• fix(index.d.ts): add extra TInstanceMethods generic param to Schema for cases when we can't infer from Model #10358
• fix(index.d.ts): added typings for near() in model aggregation #10373 tbhaxor
• fix(index.d.ts): correct function signature for Query#cast() #10388 lkho
• docs(transactions): add import statement #10365 JimLynchCodes
• docs(schema): add missing discriminatorKey schema option #10386 #10376 IslandRhythms
• docs(index.d.ts): fix typo #10363 houssemchebeb

5.12.14 / 2021-06-15

• fix(schema): check that schema type is an object when setting isUnderneathDocArray #10361 vmo-khanus
• fix(document): avoid infinite recursion when setting single nested subdoc to array #10351
• fix(populate): allow populating nested path in schema using Model.populate() #10335
• fix(drivers): emit operation-start/operation-end events to allow inspecting when operations start and end
• fix(index.d.ts): improve typings for virtuals #10350 thiagokisaki
• fix(index.d.ts): correct constructor type for Document #10328
• fix(index.d.ts): add ValidationError as a possible type for ValidationError#errors #10320 IslandRhythms
• fix: remove unnecessary async devDependency that's causing npm audit warnings #10281
• docs(typescript): add schemas guide #10308
• docs(model): add options parameter description to Model.exists() #10336 Aminoiz

5.12.13 / 2021-06-04

• perf(document): avoid creating nested paths when running $getAllSubdocs() #10275
• fix: make returnDocument option work with findOneAndUpdate() #10232 #10231 cnwangjie
• fix(document): correctly reset subdocument when resetting a map subdocument underneath a single nested subdoc after save #10295
• perf(query): avoid setting non-null sessions to avoid overhead from $getAllSubdocs() #10275
• perf(document): pre split schematype paths when compiling schema to avoid extra overhead of splitting when hydrating documents #10275
• perf(schema): pre-calculate mapPaths to avoid looping over every path for each path when initing doc #10275
• fix(index.d.ts): drill down into nested arrays when creating LeanDocument type #10293

5.12.12 / 2021-05-28

• fix(documentarray): retain atomics when setting to a new array #10272
• fix(query+model): fix deprecation warning for returnOriginal with findOneAndUpdate() #10298 #10297 #10292 #10285 IslandRhythms
• fix(index.d.ts): make map() result an array if used over an array #10288 quantumsheep

5.12.11 / 2021-05-24

... (truncated)

Commits

• 0496de9 chore: release 5.13.0
• e03eb91 Merge pull request #10399 from Automattic/5.13
• d486ca1 Merge branch '5.13' of github.com:Automattic/mongoose into 5.13
• 7616f27 Merge branch 'master' into 5.13
• 012808c chore: release 5.12.15
• 5138fd2 Merge pull request #10360 from AbdelrahmanHafez/gh-10346-fix
• 08f9b61 style: fix lint
• 03aa1d0 Merge pull request #10388 from lkho/pr/typescript
• fa42803 Merge pull request #10386 from Automattic/gh-10376
• 37fe808 Merge pull request #10375 from AbdelrahmanHafez/feat/pathsToSkip
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #293.