Sequelize 3.5.1 is deprecated due to a security issue:
npm WARN deprecated sequelize@3.5.1: security/injection issue with limit/offset fixed in 3.17.0
Also, 3.5.1 is being installed alongside my primary version of Sequelize in node_modules because this module specifically requires Sequelize 3.5.1, so I can't just update my local version and close that security hole.
I also think it makes more sense to specify Sequelize as a peer dependency given that generally those of using this module would prefer to use our project's version of Sequelize.
Similarly, Sails.js and sails-hook-sequelize should also likely be added to the peer dependencies list.
Sequelize 3.5.1 is deprecated due to a security issue:
npm WARN deprecated sequelize@3.5.1: security/injection issue with limit/offset fixed in 3.17.0
Also, 3.5.1 is being installed alongside my primary version of Sequelize in
node_modules
because this module specifically requires Sequelize 3.5.1, so I can't just update my local version and close that security hole.I also think it makes more sense to specify Sequelize as a peer dependency given that generally those of using this module would prefer to use our project's version of Sequelize.
Similarly, Sails.js and sails-hook-sequelize should also likely be added to the peer dependencies list.
Some reading on peer dependencies.