search

node-casbin / sequelize-adapter

Sequelize adapter for Casbin
https://github.com/casbin/node-casbin
Apache License 2.0
64 stars 34 forks source link

Chore: Updating sequelize to v6.10.0 #59

Closed samstefan closed 2 years ago

samstefan commented 2 years ago

This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0

https://github.com/advisories/GHSA-qgmg-gppg-76g5

casbin-bot commented 2 years ago

@Gabriel-403 @Zxilly @kingiw @nodece please review

CLAassistant commented 2 years ago

CLA assistant check
All committers have signed the CLA.

hsluoyz commented 2 years ago

@samstefan plz fix:

image

samstefan commented 2 years ago

@hsluoyz I ended up reverting to version Sequelize v6.10.0 as there seems to be quite a lot of breaking changes. The fix for the vulnerability is applied in this commit https://github.com/sequelize/sequelize/commit/d4f7558e6f9e04db52b440399d1d67a8cd46e46c

coveralls commented 2 years ago

Pull Request Test Coverage Report for Build 2234194541

Totals Coverage Status
Change from base Build 1040681555: 0.0%
Covered Lines: 100
Relevant Lines: 108
💛 - Coveralls