[Snyk] Upgrade sequelize from 6.3.0 to 6.6.5 #3

snyk-bot · 2021-07-30T02:45:37Z

Snyk has created this PR to upgrade sequelize from 6.3.0 to 6.6.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 13 versions ahead of your current version.
The recommended version was released 24 days ago, on 2021-07-06.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

6.6.5 - 2021-07-06
6.6.5 (2021-07-06)

Bug Fixes
- dependency: upgrade validator (#13350) (56bb1d6)
6.6.4 - 2021-06-26
6.6.4 (2021-06-26)

Bug Fixes
- typings: make Transactionable compatible with TransactionOptions (#13334) (cd2de40)
- utils: clone attributes before mutating them (#13226) (1a16b91)
- data-types: use proper field name for ARRAY(ENUM) (#13210) (1cfbd33)
- typings: fix ignoreDuplicates option (#13220) (b33d78e)
- typings: allow schema for queryInterface methods (#13223) (6b0b532)
- typings: restrict update typings (#13216) (63ceb73)
- typings: returning can specify column names (#13215) (143cc84)
- typings: model init returns model class, not instance (#13214) (8f2a0d5)
- plurals: bump inflection dependency (#13260) (deeb5c6)
- bulk-create: ON CONFLICT with unique index (#13345) (6dcb565)
6.6.2 - 2021-03-23
6.6.2 (2021-03-23)

Bug Fixes
- types: fix Model.prototype.previous() (#13042) (5b16b32)
6.6.1 - 2021-03-22
6.6.1 (2021-03-22)

Bug Fixes
- query-generator: use AND in sql for not/between (#13043) (a663c54)
- sqlite: retrieve primary key on upsert (#12991) (023e1d9)
- types: allow (keyof TAttributes)[] in UpdateOptions.returning (#13130) (97ba242)
- types: models with attributes couldn't be used in some cases (#13010) (de5f21d)
- types: remove string from Order type (#13057) (ac39f8a)
6.6.0 - 2021-03-21
6.6.0 (2021-03-21)

Bug Fixes
- types: allow sequelize.col in attributes (#13105) (3fd64cb)
- types: allow bigints in WhereValue (#13028) (8892507)
- types: decapitalize queryGenerator property (#13126) (9cb4d7f)
- types: fix Model#previous type (#13106) (466e361)
- types: fix ValidationErrorItem types (#13108) (e35a9bf)
Features
- add-constraint: add deferrable option (#13096) (f98bd7e)
6.5.1 - 2021-03-14
6.5.1 (2021-03-14)

Bug Fixes
- mysql: release connection on deadlocks (#13102) (6388507)
  - Note: this complements the work done in 6.5.0, fixing another situation not covered by it with MySQL.
- types: allow transaction to be null (#13093) (ced4dc7)
6.5.0 - 2021-01-27
6.5.0 (2021-01-27)

Second release in 2021! 🎉

Bug Fixes
- mysql, mariadb: release connection on deadlocks (#12841) (c77b1f3)
- types: allow changing values on before hooks (#12970) (e5b8929)
- types: typo in sequelize.js and sequelize.d.ts (#12975) (2fe980e)
Features
- postgres: add TSVECTOR datatype and @@ operator (#12955) (e45df29)
6.4.0 - 2021-01-18
6.4.0 (2021-01-18)

First release in 2021! 🎉

Bug Fixes
- types: better support for readonly arrays (287607a)
- types: remove part forgotten in #12175 (2249ded)
Features
- query-interface: support composite foreign keys (#12456) (9ecebef)
6.3.5 - 2020-09-01
6.3.4 - 2020-08-01
6.3.3 - 2020-07-11
6.3.2 - 2020-07-11
6.3.1 - 2020-07-10
6.3.0 - 2020-07-04

from sequelize GitHub release notes

Commit messages

Package name: sequelize

56bb1d6 fix(dependency): upgrade validator (#13350)
b674600 chores: keep only @ papb email in maintainers field
5fa695f meta: empty commit to rerun ci
dc3ec53 fix(ci): fix semantic-release usage
c7d7ca5 meta: forbid auto major version release
cd2de40 fix(typings): make `Transactionable` compatible with `TransactionOptions` (#13334)
1a16b91 fix(utils): clone attributes before mutating them (#13226)
39299a6 docs(read-replication.md): fix typo (#13179)
d0d7188 docs(eager-loading.md): fix typo (#13161)
1cfbd33 fix(data-types): use proper field name for `ARRAY(ENUM)` (#13210)
444f06f docs(migrations.md): grammar improvements (#13294)
b33d78e fix(typings): fix `ignoreDuplicates` option (#13220)
6b0b532 fix(typings): allow `schema` for queryInterface methods (#13223)
63ceb73 fix(typings): restrict update typings (#13216)
143cc84 fix(typings): `returning` can specify column names (#13215)
8f2a0d5 fix(typings): model init returns model class, not instance (#13214)
deeb5c6 fix(plurals): bump inflection dependency (#13260)
421f44d docs(model-querying-basics.md): fix typo (#13256)
68ef453 docs(model-querying-basics.md): fix typo (#13324)
1c1aa33 refactor: nonempty array check style
6dcb565 fix(bulk-create): `ON CONFLICT` with unique index (#13345)
97b3767 meta: improve `contributing.md` and `sscce.js`
0a90312 meta: remove unused Dockerfile
aaf3234 meta: refactor mocha configuration

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade sequelize from 6.3.0 to 6.6.5. See this package in npm: https://www.npmjs.com/package/sequelize See this project in Snyk: https://app.snyk.io/org/mystik01/project/75759d97-e7d7-4fd6-985e-23be4ccec985?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade sequelize from 6.3.0 to 6.6.5 #3

[Snyk] Upgrade sequelize from 6.3.0 to 6.6.5 #3

snyk-bot commented Jul 30, 2021

6.6.5 (2021-07-06)

Bug Fixes

6.6.4 (2021-06-26)

Bug Fixes

6.6.2 (2021-03-23)

Bug Fixes

6.6.1 (2021-03-22)

Bug Fixes

6.6.0 (2021-03-21)

Bug Fixes

Features

6.5.1 (2021-03-14)

Bug Fixes

6.5.0 (2021-01-27)

Bug Fixes

Features

6.4.0 (2021-01-18)

Bug Fixes

Features

[Snyk] Upgrade sequelize from 6.3.0 to 6.6.5 #3

Are you sure you want to change the base?

[Snyk] Upgrade sequelize from 6.3.0 to 6.6.5 #3

Conversation

snyk-bot commented Jul 30, 2021

Snyk has created this PR to upgrade sequelize from 6.3.0 to 6.6.5.

6.6.5 (2021-07-06)

Bug Fixes

6.6.4 (2021-06-26)

Bug Fixes

6.6.2 (2021-03-23)

Bug Fixes

6.6.1 (2021-03-22)

Bug Fixes

6.6.0 (2021-03-21)

Bug Fixes

Features

6.5.1 (2021-03-14)

Bug Fixes

6.5.0 (2021-01-27)

Bug Fixes

Features

6.4.0 (2021-01-18)

Bug Fixes

Features