Bump mongoose from 4.13.6 to 5.0.17

[dependabot-preview]

Bumps mongoose from 4.13.6 to 5.0.17.

Changelog

Sourced from mongoose's changelog.

5.0.17 / 2018-04-30

• docs(migration): certain chars in passwords may cause connection failures #6401 markstos
• fix(document): don't throw when push() on a nested doc array #6398
• fix(model): apply hooks to custom methods if specified #6385
• fix(schema): support opting out of one timestamp field but not the other for insertMany() #6381
• fix(documentarray): handle required: true within documentarray definition #6364
• fix(document): ensure isNew is set before default functions run on init #3793

5.0.16 / 2018-04-23

• docs(api): sort api methods based on their string property #6374 lineus
• docs(connection): fix typo in createCollection() #6370 mattc41190
• docs(document): remove vestigial reference to numAffected #6367 ekulabuhov
• docs(schema): fix typo #6366 dhritzkiv
• docs(schematypes): add missing minlength and maxlength docs #6365 treble-snake
• docs(queries): fix formatting #6360 treble-snake
• docs(api): add cursors to API docs #6353 #6344 lineus
• docs(aggregate): remove reference to non-existent .select() method #6346
• fix(update): handle required array with update validators and $pull #6341
• fix(update): avoid setting __v in findOneAndUpdate if it is $set #5973

5.0.15 / 2018-04-16

• fix: add ability for casting from number to decimal128 #6336 #6331 lineus
• docs(middleware): enumerate the ways to error out in a hook #6315
• fix(document): respect schema-level depopulate option for toObject() #6313
• fix: bump mongodb driver -> 3.0.6 #6310
• fix(number): check for valueOf() function to support Decimal.js #6306 #6299 lineus
• fix(query): run array setters on query if input value is an array #6277
• fix(versioning): don't require matching version when using array.pull() #6190
• fix(document): add toHexString() function so you don't need to check whether a path is populated to get an id #6115

5.0.14 / 2018-04-09

• fix(schema): clone aliases and alternative option syntax correctly
• fix(query): call utils.toObject in query.count like in query.find #6325 lineus
• docs(populate): add middleware examples #6320 BorntraegerMarc
• docs(compatibility): fix dead link #6319 lacivert
• docs(api): fix markdown parsing for parameters #6318 #6314 lineus
• fix(populate): handle space-delimited paths in array populate #6296 #6284 lineus
• fix(populate): support basic virtual populate underneath embedded discriminators #6273

5.0.13 / 2018-04-05

• docs(faq): add middleware to faq arrow function warning #6309 lineus
• docs(schema): add example to loadClass() docs #6308
• docs: clean up misc typos #6304 sfrieson
• fix(document): apply virtuals when calling toJSON() on a nested path #6294
• refactor(connection): use client.db() syntax rather than double-parsing the URI #6292 #6286

... (truncated)

Commits

• e270b9e chore: release 5.0.17
• 54c6c76 fix(document): don't throw when push() on a nested doc array
• 2672e0a test(document): repro #6398
• 0fe5f2a Merge branch 'master' of github.com:Automattic/mongoose
• 20b9a24 chore: bump kareem re: #6385
• c1911e4 fix(model): apply hooks to custom methods if specified
• 621ff38 test(document): repro #6385
• 83014c1 fix(model+query): use _.get() to get schema options in updates
• 97c62ec Merge pull request #6401 from markstos/document-uri-encoding-in-migration-notes
• b07fb8a docs(migration): certain in passwords may cause connection failures
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use [this|these] label[s] will set the current labels as the default for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #53.