jgentes / startupcommunity

StartupCommunity.org
1 stars 0 forks source link

Bump sequelize from 4.37.8 to 5.15.1 #63

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 5 years ago

Bumps sequelize from 4.37.8 to 5.15.1.

Release notes *Sourced from [sequelize's releases](https://github.com/sequelize/sequelize/releases).* > ## v5.15.1 > ## [5.15.1](https://github.com/sequelize/sequelize/compare/v5.15.0...v5.15.1) (2019-08-18) > > > ### Security > > * **sequelize.json.fn:** use common path extraction for mysql/mariadb/sqlite ([#11329](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11329)) ([9bd0bc1](https://github.com/sequelize/sequelize/commit/9bd0bc1)) > > This fixes a security issue with `sequelize.json()` for MySQL. Old code was still used for formatting sub paths for json queries when used with `sequelize.json()` helper function > > Example of attack vector > > ```js > return User.findAll({ > where: sequelize.json("data.id')) AS DECIMAL) = 1 DELETE YOLO INJECTIONS; -- ", 1) > }); > ``` > > Thanks to [@​Kirill89](https://github.com/Kirill89) from Snyk Security Research Team for reporting this issue. > > ## v5.15.0 > # [5.15.0](https://github.com/sequelize/sequelize/compare/v5.14.0...v5.15.0) (2019-08-14) > > > ### Features > > * **associations:** source and target key support for belongs-to-many ([#11311](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11311)) ([83e263b](https://github.com/sequelize/sequelize/commit/83e263b)) > > ## v5.14.0 > # [5.14.0](https://github.com/sequelize/sequelize/compare/v5.13.1...v5.14.0) (2019-08-13) > > > ### Features > > * support include option in bulkInsert ([#11307](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11307)) ([4f09899](https://github.com/sequelize/sequelize/commit/4f09899)) > > ## v5.13.1 > ## [5.13.1](https://github.com/sequelize/sequelize/compare/v5.13.0...v5.13.1) (2019-08-11) > > > ### Bug Fixes > > * **count:** fix null count with includes ([#11295](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11295)) ([592099d](https://github.com/sequelize/sequelize/commit/592099d)) > > ## v5.13.0 > # [5.13.0](https://github.com/sequelize/sequelize/compare/v5.12.3...v5.13.0) (2019-08-09) > > > ### Bug Fixes > > ... (truncated)
Commits - [`9bd0bc1`](https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e) fix(sequelize.json.fn): use common path extraction for mysql/mariadb/sqlite (... - [`83e263b`](https://github.com/sequelize/sequelize/commit/83e263bd4f97860e37cfd8c4a69995a3901b9264) feat(associations): source and target key support for belongs-to-many ([#11311](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11311)) - [`4f09899`](https://github.com/sequelize/sequelize/commit/4f0989987730b61d2a992653819bc63aaefd94a8) feat: support include option in bulkInsert ([#11307](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11307)) - [`de06ac3`](https://github.com/sequelize/sequelize/commit/de06ac3fd714f7c7eeb10db5774724007928f0c1) docs(security): grammar mistakes - [`29eb1c8`](https://github.com/sequelize/sequelize/commit/29eb1c85ad00201e8b036ab492b7d418fa706606) docs(security): add responsible disclosure policy ([#11300](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11300)) - [`592099d`](https://github.com/sequelize/sequelize/commit/592099dd7b5078bdc6deccbdd19be0e02f38cfd6) fix(count): fix null count with includes ([#11295](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11295)) - [`80d3625`](https://github.com/sequelize/sequelize/commit/80d362578c94da6c961f2d08e32df19cdecec3f7) docs(query-interface): fix typo with remove-column parameter ([#11294](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11294)) - [`a39c63a`](https://github.com/sequelize/sequelize/commit/a39c63a44201e13a44a75e6acd7ba3b08d7643d7) fix(types): return a usable type when using the sequelize.models lookup ([#11293](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11293)) - [`98a4089`](https://github.com/sequelize/sequelize/commit/98a40891effb8ae8d76ad1c091414e906f38cca9) fix(types): use correct `this` value in getterMethods and setterMethods ([#11292](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11292)) - [`dd428a0`](https://github.com/sequelize/sequelize/commit/dd428a06d32a39273b3cfb018214f7cfa372e4ac) refactor(association): name model that association is missing from ([#11290](https://github-redirect.dependabot.com/sequelize/sequelize/issues/11290)) - Additional commits viewable in [compare view](https://github.com/sequelize/sequelize/compare/v4.37.8...v5.15.1)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jgentes/startupcommunity/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.