Bump mongoose from 4.13.7 to 5.1.0

[dependabot-preview]

Bumps mongoose from 4.13.7 to 5.1.0.

Changelog

Sourced from mongoose's changelog.

5.1.0 / 2018-05-10

• feat(ObjectId): add _id getter so you can get a usable id whether or not the path is populated #6415 #6115
• feat(model): add Model.startSession() #6362
• feat(document): add doc.$session() and set session on doc after query #6362
• feat: add Map type that supports arbitrary keys #6287 #681
• feat: add cloneSchemas option to mongoose global to opt in to always cloning schemas before use #6274
• feat(model): add findOneAndDelete() and findByIdAndDelete() #6164
• feat(document): support $ignore() on single nested and array subdocs #6152
• feat(document): add warning about calling save() on subdocs #6152
• fix(model): make save() use updateOne() instead of update() #6031
• feat(error): add version number to VersionError #5966
• fix(query): allow [] as a value for $in when casting #5913
• fix(document): avoid running validators on single nested paths if only a child path is modified #5885
• feat(schema): print warning if method conflicts with mongoose internals #5860

5.0.18 / 2018-05-09

• fix(update): stop clobbering $in when casting update #6441 #6339 lineus
• fix: upgrade mongodb driver -> 3.0.8 to fix session issue #6437 #6357 simllll
• fix: upgrade bson -> 1.0.5 re: https://snyk.io/vuln/npm:bson:20180225 #6423 ChristianMurphy
• fix: look for valueOf() when casting to Decimal128 #6419 #6418 lineus
• fix: populate array of objects with space separated paths #6414 lineus
• test: add coverage for mongoose.pluralize() #6412 FastDeath
• fix(document): avoid running default functions on init() if path has value #6410
• fix(document): allow saving document with null id #6406
• fix: prevent casting of populated docs in document.init #6390 lineus
• fix: remove toHexString() helper that was added in 5.0.15 #6359

5.0.17 / 2018-04-30

• docs(migration): certain chars in passwords may cause connection failures #6401 markstos
• fix(document): don't throw when push() on a nested doc array #6398
• fix(model): apply hooks to custom methods if specified #6385
• fix(schema): support opting out of one timestamp field but not the other for insertMany() #6381
• fix(documentarray): handle required: true within documentarray definition #6364
• fix(document): ensure isNew is set before default functions run on init #3793

5.0.16 / 2018-04-23

• docs(api): sort api methods based on their string property #6374 lineus
• docs(connection): fix typo in createCollection() #6370 mattc41190
• docs(document): remove vestigial reference to numAffected #6367 ekulabuhov
• docs(schema): fix typo #6366 dhritzkiv
• docs(schematypes): add missing minlength and maxlength docs #6365 treble-snake
• docs(queries): fix formatting #6360 treble-snake
• docs(api): add cursors to API docs #6353 #6344 lineus
• docs(aggregate): remove reference to non-existent .select() method #6346
• fix(update): handle required array with update validators and $pull #6341
• fix(update): avoid setting __v in findOneAndUpdate if it is $set #5973

... (truncated)

Commits

• 9b1fed5 chore: release 5.1.0
• 2623702 Merge pull request #6442 from Automattic/5.1
• 446bed5 test: fix tests on node 10
• a7a0b5e chore: add node 10.x to build matrix
• 920b134 docs(schematypes): correct comment
• 238e30b Merge branch 'master' into 5.1
• abc7ff7 chore: now working on 5.0.19
• 37146c2 chore: release 5.0.18
• da198b0 Merge pull request #6441 from lineus/fix-6439
• 13f6ed5 Merge pull request #6423 from ChristianMurphy/chore/update-bson-and-nsp
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use (this|these) label[s] will set the current labels as the default for future PRs for this repo and language
• @dependabot use (this|these) reviewer[s] will set the current reviewers as the default to be assigned for future PRs for this repo and language
• @dependabot use (this|these) assignees[s] will set the current assignees as the default for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #121.