[Snyk] Fix for 7 vulnerabilities

[chasenlehara]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-1056749](https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749) | Yes | Proof of Concept  | **534/1000**
**Why?** Has a fix available, CVSS 6.4 | Improper Authentication
[SNYK-JS-JSONWEBTOKEN-3180022](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022) | Yes | No Known Exploit  | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment
[SNYK-JS-JSONWEBTOKEN-3180024](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024) | Yes | No Known Exploit  | **554/1000**
**Why?** Has a fix available, CVSS 6.8 | Use of a Broken or Risky Cryptographic Algorithm
[SNYK-JS-JSONWEBTOKEN-3180026](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026) | Yes | No Known Exploit  | **701/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 8.3 | Improper Filtering of Special Elements
[SNYK-JS-SEQUELIZE-3324088](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324088) | Yes | No Known Exploit  | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Information Exposure
[SNYK-JS-SEQUELIZE-3324089](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324089) | Yes | No Known Exploit  | **601/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.3 | Access of Resource Using Incompatible Type ('Type Confusion')
[SNYK-JS-SEQUELIZE-3324090](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @feathersjs/authentication

The new version differs by 250 commits.

• 18872c0 chore(release): publish v4.5.16
• 1936c64 fix(transport-commons): Crow - fix array dispatching (#3073)
• f5f7fae chore: Update publishin dist tag
• 70335c4 fix(dependencies): Update dependencies
• 141ecac chore: Fix changelog name
• e81cad0 chore: Get builds and installation working again
• 1f7ee5c chore: Fix NPM page links an images (#2768)
• 5fe9644 chore: Moving community from slack to discord (#2736)
• 1774fe0 chore: Update changelog
• d0e9600 chore(release): publish v4.5.15
• 849180f chore: Update package-lock.json
• 25b6fb5 chore(release): publish v4.5.14
• 5ec2ec8 fix(transport-commons): Ensure socket queries are always plain objects (#2598)
• 445e804 fix(rest-client): Import errors from @ feathers/errors (#2591)
• b5e94c4 chore(release): publish v4.5.13
• 32356a5 fix: Fix socket.io type dependency (#2526)
• 7fd94ce chore: Fix changelog
• 8697ecc chore(release): publish v4.5.12
• 67a7e31 fix(authentication-oauth): OAuth redirect lost sometimes due to session store race (#2514) (#2515)
• 1c63e6b fix: Update all dependencies for crow release (#2520)
• 12ed64e chore: Get crow build passing again
• 325e633 chore(deps): [security] bump ini from 1.3.5 to 1.3.7 (#2150)
• 64754a7 chore: Update changelog
• de05268 chore(release): publish v4.5.11

See the full diff

Package name: @feathersjs/socketio

The new version differs by 250 commits.

• 90caf63 chore(release): publish v5.0.0
• 2a5b8fe chore: Add additional publishing scripts
• fd44a90 chore(dependencies): Update dependencies (#3072)
• e41f39a chore: V5 final (#3070)
• 4fbbfff fix(koa): Make Koa app inspectable (#3069)
• 612032e fix(generators): Fix typo in service client generator (#3068)
• fefe371 chore: Update changelog
• 7fc8630 chore(release): publish v5.0.0-pre.38
• d614960 chore: Update package-lock.json
• 1bf1544 feat(generators): Final tweaks to the generators (#3060)
• 80dc95f fix(koa): Fix missing dependency on feathers (#3061)
• 1393bed feat(schema): Add schema helper for handling Object ids (#3058)
• 37fe5c4 fix(schema): validateQuery - move next function outside of try-catch (#3053)
• d659858 chore(dependencies): Update all dependencies (#3050)
• ba0e4a9 chore: Update changelog
• 17a8b3b chore(release): publish v5.0.0-pre.37
• bfd8c04 fix(schema): Do not change the hook context in resolvers (#3048)
• ca0994e feat(mongodb): Add Object ID keyword converter and update MongoDB CLI & docs (#3041)
• 77e14dd fix(knex): The method getModel in the knex adapter (#3043)
• 5380a5c docs(guides): creating koajs (not expressjs) server #3040
• 39e0b78 fix(typebox): Allow nested or in and queries (#3029)
• 1bac380 chore(dependencies): Update dependencies (#3038)
• 6db8b24 docs(schema): Fix typo of $all in $and (#3037)
• 7484b16 fix(generators): Add schema selection to CI test matrix (#3035)

See the full diff

Package name: feathers-sequelize

The new version differs by 17 commits.

• e27ffa0 3.0.2
• 860495e Fix Sequelize dependency (#194)
• dea4725 chore(package): update sqlite3 to version 4.0.0 (#196)
• 1025c4d Update README.md (#192)
• 847bc6b Update Readme on associations (#191)
• fed556d Updating changelog
• 10dd0d9 3.0.1
• 786d618 Add default ES module export for TS compatibility (#190)
• 3c161ba chore(package): update mocha to version 5.0.0 (#187)
• 0153c2f chore(package): update semistandard to version 12.0.0 (#185)
• 9f7cc8a Update README.md
• 4f7b1eb Updating changelog
• 216c167 3.0.0
• 6e560bd Upgrade to Feathers Buzzard (v3) (#183)
• 28bd31e Update to new plugin infrastructure (#182)
• 9d7c871 Update dependencies to enable Greenkeeper 🌴 (#170)
• 7447bf6 Updating changelog

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
• 53bd9b7 meta: fix null test getWhereConditions (#15705)
• 13f2e89 fix: accept undefined in where (#15703)
• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)
• fd4afa6 feat(types): use retry-as-promised types for retry options to match documentation (#15484)
• 1247c01 feat: add support for bigints (backport of #14485) (#15413)
• 94beace feat(postgres): add support for lock_timeout [#15345] (#15355)
• 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
• bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
• a205765 fix(postgres): invalidate connection after client-side timeout (#15283)
• 67e69cd fix: remove options.model overwrite on bulkUpdate (#15252)
• 00c6da3 fix(types): add instance.dataValues property to model.d.ts (#15240)
• bf98d7c meta: swap Slack links (#15159)
• 7990095 fix: don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix (#15139)
• 851daaf fix(types): fix TS 4.9 excessive depth error on `InferAttributes` (v6) (#15135)
• 9dd93b8 fix(types): expose legacy "types" folder in export alias ( #15123)
• 06ad05d feat(oracle): add support for `dialectOptions.connectString` (#15042)
• a44772e feat(snowflake): Add support for `QueryGenerator#tableExistsQuery` (#15087)
• 55051d0 docs: add missing ssl options for sequelize instance (v6) (#15049)
• 5c88734 docs(model): Added paranoid option for Model.BelongsToMany.through (#15065)
• 7203b66 fix(postgres): add custom order direction to subQuery ordering with minified alias (#15056)
• 5f621d7 fix(oracle): add support for Oracle DB 18c CI (#15016)
• 3468378 feat(types): add typescript 4.8 compatibility (#14990)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/chasenlehara/project/cc7408d4-89bd-4d22-a48e-38923d9f711b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/chasenlehara/project/cc7408d4-89bd-4d22-a48e-38923d9f711b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"16d2c6cf-1d4b-4b47-b3e5-1c6b1a8bc769","prPublicId":"16d2c6cf-1d4b-4b47-b3e5-1c6b1a8bc769","dependencies":[{"name":"@feathersjs/authentication","from":"2.1.16","to":"4.5.16"},{"name":"@feathersjs/socketio","from":"3.2.9","to":"5.0.0"},{"name":"feathers-sequelize","from":"2.4.0","to":"3.0.2"},{"name":"sequelize","from":"4.44.4","to":"6.29.0"}],"packageManager":"npm","projectPublicId":"cc7408d4-89bd-4d22-a48e-38923d9f711b","projectUrl":"https://app.snyk.io/org/chasenlehara/project/cc7408d4-89bd-4d22-a48e-38923d9f711b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ENGINEIO-1056749","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026","SNYK-JS-SEQUELIZE-3324088","SNYK-JS-SEQUELIZE-3324089","SNYK-JS-SEQUELIZE-3324090"],"upgrade":["SNYK-JS-ENGINEIO-1056749","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026","SNYK-JS-SEQUELIZE-3324088","SNYK-JS-SEQUELIZE-3324089","SNYK-JS-SEQUELIZE-3324090"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,534,539,554,701,551,601]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Use of a Broken or Risky Cryptographic Algorithm](https://learn.snyk.io/lessons/insecure-hash/javascript/?loc=fix-pr)