search

srijanone / vega

Vega (ą¤µą„‡ą¤—) is a project scaffolding tool to speed up development process.
Apache License 2.0
9 stars 7 forks source link

[Snyk] Security upgrade sequelize from 6.3.3 to 6.6.5 #182

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sequelize The new version differs by 105 commits.
  • 56bb1d6 fix(dependency): upgrade validator (#13350)
  • b674600 chores: keep only @ papb email in maintainers field
  • 5fa695f meta: empty commit to rerun ci
  • dc3ec53 fix(ci): fix semantic-release usage
  • c7d7ca5 meta: forbid auto major version release
  • cd2de40 fix(typings): make `Transactionable` compatible with `TransactionOptions` (#13334)
  • 1a16b91 fix(utils): clone attributes before mutating them (#13226)
  • 39299a6 docs(read-replication.md): fix typo (#13179)
  • d0d7188 docs(eager-loading.md): fix typo (#13161)
  • 1cfbd33 fix(data-types): use proper field name for `ARRAY(ENUM)` (#13210)
  • 444f06f docs(migrations.md): grammar improvements (#13294)
  • b33d78e fix(typings): fix `ignoreDuplicates` option (#13220)
  • 6b0b532 fix(typings): allow `schema` for queryInterface methods (#13223)
  • 63ceb73 fix(typings): restrict update typings (#13216)
  • 143cc84 fix(typings): `returning` can specify column names (#13215)
  • 8f2a0d5 fix(typings): model init returns model class, not instance (#13214)
  • deeb5c6 fix(plurals): bump inflection dependency (#13260)
  • 421f44d docs(model-querying-basics.md): fix typo (#13256)
  • 68ef453 docs(model-querying-basics.md): fix typo (#13324)
  • 1c1aa33 refactor: nonempty array check style
  • 6dcb565 fix(bulk-create): `ON CONFLICT` with unique index (#13345)
  • 97b3767 meta: improve `contributing.md` and `sscce.js`
  • 0a90312 meta: remove unused Dockerfile
  • aaf3234 meta: refactor mocha configuration
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic