Bump mingo from 6.2.1 to 7.2.2

[dependabot]

Bumps mingo from 6.2.1 to 7.2.2.

Changelog

Sourced from mingo's changelog.

7.2.2 / 2026-06-17

Fixes

• Properly handle NaN in equality checks. (#602)
• Validate object prototype properties in selectors to prevent pollution or unexpected results. (#606)
• fix($strLenCP/$substrCP): index by Unicode code points, not UTF-16 code units (#608)
• fix($replaceAll/$replaceOne): treat find/replacement as literal strings (correctness + ReDoS) (#607)

7.2.1 / 2026-04-03

Fixes

• Update operations handle multiple keys per arrayFilter object.
• $setWindowFields properly handle sort-by validation for unbounded windows.

Improvements

• Added numerous optimizations resulting in ~2x speedup across commonly used operators. (#598)
  • Query: $eq, $gt, $lt, $and, $or, $regex, $elemMatch, $exists, $type, $mod, $not, $nin, $nor, $size.
  • Pipeline: $match, $project, $group, $sort.
  • Update: $set, $inc, $unset, $push, $addToSet.

7.2.0 / 2026-01-26

New

• Added failOnError option to control failure mode when operators resolve expressions to invalid argument types.

Fixes

• Process Olson timezone names correctly. (#587)
• Sort values using valid MongoDB semantics. (#590)
• Properly handle nested projection object graphs and improve validation. (#588, #589)
• Use consistent internal serialization for custom data objects to make comparison and equality checking stable.
• $replaceRoot correctly returns only modifield fields in document when used in updateOne.
• $expMovingAvg correctly handles missing values in data series.
• $substrBytes correctly handles translation between byte index and UTF-16 slices.

Improvements

• Use faster hash implementation.
• Performance improvements for sort.
• Precompile update operators to improve performance of updateMany calls.

7.1.1 / 2025-12-31 (deprecated)

Reason: contains invalid assert imports.

7.1.0 / 2025-12-12

... (truncated)

Commits

• d83572c Release 7.2.2
• b701a52 chore: refresh docs
• 09f3401 chore: Bump version to 7.2.2
• 926bf4b chore: update changelog
• a21f0a1 fix($strLenCP/$substrCP): index by Unicode code points, not UTF-16 code units...
• 641ab9c fix($replaceAll/$replaceOne): treat find/replacement as literal strings (corr...
• 159e7f7 build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 (#612)
• 2d52df5 build(deps-dev): bump markdown-it from 14.1.0 to 14.2.0 (#611)
• 9c084a9 build(deps-dev): bump esbuild from 0.27.2 to 0.28.1 (#609)
• c6c4df6 chore: remove unnecessary array.split calls
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)