Bump mongoose from 4.13.6 to 5.0.18

[dependabot-preview]

Bumps mongoose from 4.13.6 to 5.0.18.

Changelog

Sourced from mongoose's changelog.

5.0.18 / 2018-05-09

• fix(update): stop clobbering $in when casting update #6441 #6339 lineus
• fix: upgrade mongodb driver -> 3.0.8 to fix session issue #6437 #6357 simllll
• fix: upgrade bson -> 1.0.5 re: https://snyk.io/vuln/npm:bson:20180225 #6423 ChristianMurphy
• fix: look for valueOf() when casting to Decimal128 #6419 #6418 lineus
• fix: populate array of objects with space separated paths #6414 lineus
• test: add coverage for mongoose.pluralize() #6412 FastDeath
• fix(document): avoid running default functions on init() if path has value #6410
• fix(document): allow saving document with null id #6406
• fix: prevent casting of populated docs in document.init #6390 lineus
• fix: remove toHexString() helper that was added in 5.0.15 #6359

5.0.17 / 2018-04-30

• docs(migration): certain chars in passwords may cause connection failures #6401 markstos
• fix(document): don't throw when push() on a nested doc array #6398
• fix(model): apply hooks to custom methods if specified #6385
• fix(schema): support opting out of one timestamp field but not the other for insertMany() #6381
• fix(documentarray): handle required: true within documentarray definition #6364
• fix(document): ensure isNew is set before default functions run on init #3793

5.0.16 / 2018-04-23

• docs(api): sort api methods based on their string property #6374 lineus
• docs(connection): fix typo in createCollection() #6370 mattc41190
• docs(document): remove vestigial reference to numAffected #6367 ekulabuhov
• docs(schema): fix typo #6366 dhritzkiv
• docs(schematypes): add missing minlength and maxlength docs #6365 treble-snake
• docs(queries): fix formatting #6360 treble-snake
• docs(api): add cursors to API docs #6353 #6344 lineus
• docs(aggregate): remove reference to non-existent .select() method #6346
• fix(update): handle required array with update validators and $pull #6341
• fix(update): avoid setting __v in findOneAndUpdate if it is $set #5973

5.0.15 / 2018-04-16

• fix: add ability for casting from number to decimal128 #6336 #6331 lineus
• docs(middleware): enumerate the ways to error out in a hook #6315
• fix(document): respect schema-level depopulate option for toObject() #6313
• fix: bump mongodb driver -> 3.0.6 #6310
• fix(number): check for valueOf() function to support Decimal.js #6306 #6299 lineus
• fix(query): run array setters on query if input value is an array #6277
• fix(versioning): don't require matching version when using array.pull() #6190
• fix(document): add toHexString() function so you don't need to check whether a path is populated to get an id #6115

5.0.14 / 2018-04-09

• fix(schema): clone aliases and alternative option syntax correctly
• fix(query): call utils.toObject in query.count like in query.find #6325 lineus

... (truncated)

Commits

• 37146c2 chore: release 5.0.18
• da198b0 Merge pull request #6441 from lineus/fix-6439
• 13f6ed5 Merge pull request #6423 from ChristianMurphy/chore/update-bson-and-nsp
• cfeb2dc Merge pull request #6430 from lineus/fix-6414
• 20e9988 fixes #6439 - stop clobbering $in when casting doc in query
• 2a1c44f fixing test, removing erroneous comment adding meaningful 2nd path
• e238457 chore: update bson
• 065f16d Merge pull request #6437 from simllll/patch-2
• 63adc1a mongodb upgrade to 3.0.8 to fix #6357
• c3b6588 fixes #6414 - populates array of objects with space separated paths
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use (this|these) label[s] will set the current labels as the default for future PRs for this repo and language
• @dependabot tag (this|these) reviewer[s] will set the current reviewers as the default to be assigned for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #56.