search

Saamstep / modmail

Support tickets managed in Discord with ease.
https://samstep.net
48 stars 25 forks source link

[Snyk] Upgrade sequelize from 6.21.2 to 6.33.0 #70

Open Saamstep opened 1 year ago

Saamstep commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade sequelize from 6.21.2 to 6.33.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **34 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-09-08. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-DOTTIE-3332763](https://snyk.io/vuln/SNYK-JS-DOTTIE-3332763) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Improper Filtering of Special Elements
[SNYK-JS-SEQUELIZE-3324088](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324088) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-SEQUELIZE-3324089](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324089) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Access of Resource Using Incompatible Type ('Type Confusion')
[SNYK-JS-SEQUELIZE-3324090](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: sequelize
  • 6.33.0 - 2023-09-08

    6.33.0 (2023-09-08)

    Bug Fixes

    • types: remove escape from query-interface types (#15944) (2eb7a5d)

    Features

  • 6.32.1 - 2023-06-17

    6.32.1 (2023-06-17)

    Bug Fixes

  • 6.32.0 - 2023-06-01

    6.32.0 (2023-06-01)

    Bug Fixes

    • move types condition to the front (#16085) (99c3530)
    • oracle: For Raw queries avoid converting the input parameters passed (#16067) (fd38e79)
    • oracle: reordered check constraint for unsigned numeric type (#16074) (5c8250e)

    Features

    • oracle: add new error messages introduced in new driver version (#16075) (e07eefb)
    • oracle: add width support for numerictype (#16073) (af4f0ae)
  • 6.31.1 - 2023-05-01
  • 6.31.0 - 2023-04-09
  • 6.30.0 - 2023-03-24
  • 6.29.3 - 2023-03-10
  • 6.29.2 - 2023-03-09
  • 6.29.1 - 2023-03-07
  • 6.29.0 - 2023-02-23
  • 6.28.2 - 2023-02-22
  • 6.28.1 - 2023-02-21
  • 6.28.0 - 2022-12-20
  • 6.27.0 - 2022-12-12
  • 6.26.0 - 2022-11-29
  • 6.25.8 - 2022-11-22
  • 6.25.7 - 2022-11-19
  • 6.25.6 - 2022-11-15
  • 6.25.5 - 2022-11-07
  • 6.25.4 - 2022-11-05
  • 6.25.3 - 2022-10-19
  • 6.25.2 - 2022-10-15
  • 6.25.1 - 2022-10-13
  • 6.25.0 - 2022-10-11
  • 6.24.0 - 2022-10-04
  • 6.23.2 - 2022-09-27
  • 6.23.1 - 2022-09-22
  • 6.23.0 - 2022-09-17
  • 6.22.1 - 2022-09-16
  • 6.22.0 - 2022-09-15
  • 6.21.6 - 2022-09-09
  • 6.21.5 - 2022-09-08
  • 6.21.4 - 2022-08-18
  • 6.21.3 - 2022-07-11
  • 6.21.2 - 2022-06-28
from sequelize GitHub release notes
Commit messages
Package name: sequelize
  • 367caf3 feat(types): add TypeScript 5.2 support (#16442)
  • e4c780c meta: update lockfile (#16265)
  • 2eb7a5d fix(types): remove escape from query-interface types (#15944)
  • a3213f0 fix: bump dependencies (#16119)
  • 99c3530 fix: move `types` condition to the front (#16085)
  • af4f0ae feat(oracle): add width support for numerictype (#16073)
  • e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
  • 5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
  • fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#16067)
  • eb71077 meta: use Node 18 in CI (#16000)
  • a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)
  • f2a4535 feat: add beforePoolAcquire and afterPoolAcquire hooks (#15874)
  • 58576dd fix(postgres): prevent crash if postgres connection emits multiple errors (#15868)
  • 9d864be fix: update Slack invitation link (#15849)
  • 295c297 feat(postgres, sqlite): add conflictWhere option to Model.bulkCreate (#15788)
  • 338ae6a meta(db2): remove node:util (#15819)
  • 2e50bd9 feat(postgres, sqlite): allow override of conflict keys for bulkCreate (#15787)
  • 46d3553 fix: pass CLS transaction to model hooks (#15818)
  • 1e68681 feat(postgres, sqlite): add conflictWhere option to upsert (#15786)
  • 5bda2ce fix: fix unnamed dollar string detection (#15759)
  • 1ad9a64 fix(postgres): escape identifier in createSchema and dropSchema (#15752)
  • 1b94462 fix(postgres): make sync not fail when trying to create existing enum (#15718)
  • d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
  • 53bd9b7 meta: fix null test getWhereConditions (#15705)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/saamstep/project/13c50e71-f715-4e0b-913d-47b8a7304aa8?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/saamstep/project/13c50e71-f715-4e0b-913d-47b8a7304aa8/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/saamstep/project/13c50e71-f715-4e0b-913d-47b8a7304aa8/settings/integration?pkg=sequelize&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)