Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 3.7
SNYK-JS-MINIMIST-2429795
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: sequelize
The new version differs by 250 commits.- 23787de 3.21.0
- df8b786 changelog for v3.21.0
- 9ea63e6 Merge pull request #5574 from xdarklight/add-tests-for-model-validation-with-promise
- 7b80ade Support calling setAssociation twice on hasOne. Closes #5315
- 8ab2dd3 [ci skip] babel-preset-es2015@6.6.0. Closes #5505
- f7fa33c Rewriting of the benchmarking feature
- ac9e3d1 Update validation to return null
- c74844e Merge pull request #5622 from KlonD90/master
- 46d4068 Merge pull request #5682 from daniel-pedersen/wellknown-to-terraformer
- eb6ded2 Merge pull request #5665 from sushantdhiman/fix-3534
- b34baea Add unit-tests for custom validation functions
- 4a0a869 (tests) #3534, values modified in validate hooks are saved
- 6486f3c Merge pull request #5632 from philip1986/fix-limit=0
- e8a46cd fix limit=0 issue
- f8f732e Merge pull request #5688 from sequelize/before-connection-hook
- 1656c76 chore: typo in test description
- b73bd2d add: beforeConnect hook
- d894f10 add: support single object as Sequelize constructor parameter
- 32994ee remove dependency on wellknown in favor of terraformer-wkt-parser
- 35e68f6 Update Postgres connect manager (browserify fix).
- 328e2bb Force quoting of savepoint identifiers in the postgres adapter.
- 1d43fb3 Merge pull request #5546 from sequelize/greenkeeper-bluebird-3.3.4
- 095320f Merge pull request #5533 from sequelize/greenkeeper-babel-core-6.6.5
- c3e15c9 Merge pull request #5641 from sequelize/greenkeeper-moment-timezone-0.5.3
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution