search

cesardeazevedo / sails-hook-sequelize-blueprints

Sails blueprints for sequelize ORM
MIT License
32 stars 19 forks source link

Update Sequelize dependency to latest version, add peerDependencies #18

Closed joshrickert closed 8 years ago

joshrickert commented 8 years ago

Sequelize 3.5.1 is deprecated due to a security issue: npm WARN deprecated sequelize@3.5.1: security/injection issue with limit/offset fixed in 3.17.0

Also, 3.5.1 is being installed alongside my primary version of Sequelize in node_modules because this module specifically requires Sequelize 3.5.1, so I can't just update my local version and close that security hole.

I also think it makes more sense to specify Sequelize as a peer dependency given that generally those of using this module would prefer to use our project's version of Sequelize.

Similarly, Sails.js and sails-hook-sequelize should also likely be added to the peer dependencies list.

Some reading on peer dependencies.

cesardeazevedo commented 8 years ago

You are right,

done it at version v0.3.0 acf936d0d171f84181807445acdd2019979e8a1e