unprofessional
commented
4 years ago Will do testing on this and #10 soon
Closed dependabot[bot] closed 4 years ago
unprofessional
commented
4 years ago Will do testing on this and #10 soon
unprofessional
commented
4 years ago yarnyarn start andyarn testNothing was revealed to be broken. All tests pass. This was a minor update (as opposed to a major version update), so exhaustive testing doesn't seem necessary here.
Bumps sequelize from 5.14.0 to 5.15.1.
Release notes
*Sourced from [sequelize's releases](https://github.com/sequelize/sequelize/releases).* > ## v5.15.1 > ## [5.15.1](https://github.com/sequelize/sequelize/compare/v5.15.0...v5.15.1) (2019-08-18) > > > ### Security > > * **sequelize.json.fn:** use common path extraction for mysql/mariadb/sqlite ([#11329](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11329)) ([9bd0bc1](https://github.com/sequelize/sequelize/commit/9bd0bc1)) > > This fixes a security issue with `sequelize.json()` for MySQL. Old code was still used for formatting sub paths for json queries when used with `sequelize.json()` helper function > > Example of attack vector > > ```js > return User.findAll({ > where: sequelize.json("data.id')) AS DECIMAL) = 1 DELETE YOLO INJECTIONS; -- ", 1) > }); > ``` > > Thanks to [@Kirill89](https://github.com/Kirill89) from Snyk Security Research Team for reporting this issue. > > ## v5.15.0 > # [5.15.0](https://github.com/sequelize/sequelize/compare/v5.14.0...v5.15.0) (2019-08-14) > > > ### Features > > * **associations:** source and target key support for belongs-to-many ([#11311](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11311)) ([83e263b](https://github.com/sequelize/sequelize/commit/83e263b))Commits
- [`9bd0bc1`](https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e) fix(sequelize.json.fn): use common path extraction for mysql/mariadb/sqlite (... - [`83e263b`](https://github.com/sequelize/sequelize/commit/83e263bd4f97860e37cfd8c4a69995a3901b9264) feat(associations): source and target key support for belongs-to-many ([#11311](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11311)) - See full diff in [compare view](https://github.com/sequelize/sequelize/compare/v5.14.0...v5.15.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/amida-tech/api-boilerplate/network/alerts).