build(deps): bump mongoose from 9.4.1 to 9.5.0

[dependabot]

Bumps mongoose from 9.4.1 to 9.5.0.

Release notes

Sourced from mongoose's releases.

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

Changelog

Sourced from mongoose's changelog.

9.5.0 / 2026-04-20

• feat(debug): add timestamp option to debug output #16216 rejunp
• feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
• feat(query): extend defaults query option to find() #16226 sderrow
• fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
• fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
• fix(queryHelpers): pass default options to discriminators #16227 #16226
• fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054
• fix(model): throw ObjectParameterError in insertOne() if doc is not an object #16221 IshitaSingh0822
• fix(cast): preserve reason in CastError message after setModel() #16167 White-Devil2839
• perf(model): remove unnecessary clone in findOneAndUpdate() #16230
• perf: use kareem 3.3.0 mongoosejs/kareem#45 #16229
• chore: use TSTyche assertions #16222 mrazauskas

Commits

• b949826 chore: release 9.5.0
• a35104a Merge pull request #16230 from Automattic/vkarpov15/gh-16202-2
• 841eea1 Merge branch 'vkarpov15/gh-16202-2' of github.com:Automattic/mongoose into vk...
• 1db8455 address code review comments
• e1d8e43 Apply suggestion from @​Copilot
• 279cbf8 feat(query): add cloneUpdate option that tells Mongoose explicitly to not clo...
• 2d5cf49 Merge branch 'master' into vkarpov15/gh-16202-2
• 5800081 Merge pull request #16229 from Automattic/vkarpov15/kareem-3.3
• 32675b3 further reduce min-release-age for kareem
• 6a24e3f chore: temp reduce min-release-age for kareem
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Alexandrbig1]

Your pull request has been reviewed and approved.