[Snyk] Upgrade sequelize from 6.6.2 to 6.37.1 #7

0xhaaaash · 2024-03-23T15:57:12Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sequelize from 6.6.2 to 6.37.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 77 versions ahead of your current version.
The recommended version was released a month ago, on 2024-02-18.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
SQL Injection SNYK-JS-SEQUELIZE-2932027	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
SQL Injection SNYK-JS-SEQUELIZE-2959225	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
Prototype Pollution SNYK-JS-DOTTIE-3332763	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
Directory Traversal SNYK-JS-MOMENT-2440688	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
Information Exposure SNYK-JS-SEQUELIZE-3324089	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

6.37.1 - 2024-02-18
6.37.1 (2024-02-18)

Bug Fixes
- types: Add definition of returning in SaveOptions. (#16954) (505467b)
6.37.0 - 2024-02-11
6.37.0 (2024-02-11)

Features
- postgres: support connectionTimeoutMillis dialectOption (#14119) (e81200e)
6.36.0 - 2024-02-02
6.36.0 (2024-02-02)

Features
- postgres: backport stream dialectOption to v6 (#16868) (a250058)
6.35.2 - 2023-12-11
6.35.2 (2023-12-11)

Bug Fixes
- sort keys by depth in groupJoinData (#16823) (cb8ea88)
6.35.1 - 2023-11-19
6.35.0 - 2023-11-12
6.34.0 - 2023-11-03
6.33.0 - 2023-09-08
6.32.1 - 2023-06-17
6.32.0 - 2023-06-01
6.31.1 - 2023-05-01
6.31.0 - 2023-04-09
6.30.0 - 2023-03-24
6.29.3 - 2023-03-10
6.29.2 - 2023-03-09
6.29.1 - 2023-03-07
6.29.0 - 2023-02-23
6.28.2 - 2023-02-22
6.28.1 - 2023-02-21
6.28.0 - 2022-12-20
6.27.0 - 2022-12-12
6.26.0 - 2022-11-29
6.25.8 - 2022-11-22
6.25.7 - 2022-11-19
6.25.6 - 2022-11-15
6.25.5 - 2022-11-07
6.25.4 - 2022-11-05
6.25.3 - 2022-10-19
6.25.2 - 2022-10-15
6.25.1 - 2022-10-13
6.25.0 - 2022-10-11
6.24.0 - 2022-10-04
6.23.2 - 2022-09-27
6.23.1 - 2022-09-22
6.23.0 - 2022-09-17
6.22.1 - 2022-09-16
6.22.0 - 2022-09-15
6.21.6 - 2022-09-09
6.21.5 - 2022-09-08
6.21.4 - 2022-08-18
6.21.3 - 2022-07-11
6.21.2 - 2022-06-28
6.21.1 - 2022-06-25
6.21.0 - 2022-06-16
6.20.1 - 2022-05-27
6.20.0 - 2022-05-23
6.19.2 - 2022-05-18
6.19.1 - 2022-05-17
6.19.0 - 2022-04-12
6.18.0 - 2022-04-03
6.17.0 - 2022-02-25
6.16.3 - 2022-02-24
6.16.2 - 2022-02-18
6.16.1 - 2022-02-09
6.16.0 - 2022-02-08
6.15.1 - 2022-02-06
6.15.0 - 2022-01-29
6.14.1 - 2022-01-25
6.14.0 - 2022-01-22
6.13.0 - 2022-01-10
6.12.5 - 2022-01-04
6.12.4 - 2021-12-28
6.12.3 - 2021-12-27
6.12.2 - 2021-12-22
6.12.1 - 2021-12-21
6.12.0 - 2021-12-17
6.12.0-beta.3 - 2021-12-12
6.12.0-beta.2 - 2021-12-10
6.12.0-beta.1 - 2021-12-04
6.12.0-alpha.1 - 2021-11-19
6.11.0 - 2021-11-18
6.10.0 - 2021-11-18
6.9.0 - 2021-11-01
6.8.0 - 2021-10-24
6.7.0 - 2021-10-09
6.6.5 - 2021-07-06
6.6.4 - 2021-06-26
6.6.2 - 2021-03-23

from sequelize GitHub release notes

Commit messages

Package name: sequelize

505467b fix(types): Add definition of `returning` in `SaveOptions`. (#16954)
e81200e feat(postgres): support connectionTimeoutMillis dialectOption (#14119)
a250058 feat(postgres): backport stream dialectOption to v6 (#16868)
cb8ea88 fix: sort keys by depth in groupJoinData (#16823)
47cba67 fix(mssql): allow calling describeTable a table with a dot in its name (#16769)
5bfbb99 feat: backport `findModel` to v6 (#16705)
6c03176 fix(oracle): clean constraints (#16694)
b204b5f fix(oracle): add missing default and not null condition to addColumn (#16619)
b284d37 feat(oracle): add support for lock (#16643)
57025db meta: add node-gyp globally (#16696)
252e6d2 docs: add missing conflictAttributes to bulkCreate (#16573)
367caf3 feat(types): add TypeScript 5.2 support (#16442)
e4c780c meta: update lockfile (#16265)
2eb7a5d fix(types): remove escape from query-interface types (#15944)
a3213f0 fix: bump dependencies (#16119)
99c3530 fix: move `types` condition to the front (#16085)
af4f0ae feat(oracle): add width support for numerictype (#16073)
e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#16067)
eb71077 meta: use Node 18 in CI (#16000)
a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)
f2a4535 feat: add beforePoolAcquire and afterPoolAcquire hooks (#15874)
58576dd fix(postgres): prevent crash if postgres connection emits multiple errors (#15868)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade sequelize from 6.6.2 to 6.37.1. See this package in npm: https://www.npmjs.com/package/sequelize See this project in Snyk: https://app.snyk.io/org/c0r2a-hub/project/778fd27a-abca-4734-8ff3-ac309b9fe8bd?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade sequelize from 6.6.2 to 6.37.1 #7

[Snyk] Upgrade sequelize from 6.6.2 to 6.37.1 #7

0xhaaaash commented Mar 23, 2024

6.37.1 (2024-02-18)

Bug Fixes

6.37.0 (2024-02-11)

Features

6.36.0 (2024-02-02)

Features

6.35.2 (2023-12-11)

Bug Fixes

[Snyk] Upgrade sequelize from 6.6.2 to 6.37.1 #7

Are you sure you want to change the base?

[Snyk] Upgrade sequelize from 6.6.2 to 6.37.1 #7

Conversation

0xhaaaash commented Mar 23, 2024

Snyk has created this PR to upgrade sequelize from 6.6.2 to 6.37.1.

6.37.1 (2024-02-18)

Bug Fixes

6.37.0 (2024-02-11)

Features

6.36.0 (2024-02-02)

Features

6.35.2 (2023-12-11)

Bug Fixes