yurikrupnik / angular-playground-full

0 stars 0 forks source link

Update dependency sequelize to v6 [SECURITY] #10

Open renovate[bot] opened 3 years ago

renovate[bot] commented 3 years ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sequelize (source) ^3.5.1 -> ^6.29.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-wfp9-vr4j-f49j

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.

Recommendation

Upgrade to version 4.12.0 or later

CVE-2019-10752

Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json() incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example:

return User.findAll({
  where: this.sequelize.json("data.id')) AS DECIMAL) = 1 DELETE YOLO INJECTIONS; -- ", 1)
});

Recommendation

If you are using sequelize 5.x, upgrade to version 5.15.1 or later. If you are using sequelize 4.x, upgrade to version 4.44.3 or later.

GHSA-fw4p-36j9-rrj3

Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.

The following proof-of-concept crashes the Node process:

const Sequelize = require('sequelize');

const sequelize = new Sequelize({
    dialect: 'sqlite',
    storage: 'database.sqlite'
});

const TypeError = sequelize.define('TypeError', {
    name: Sequelize.STRING,
});

TypeError.sync({force: true}).then(() => {
    return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});

Recommendation

Upgrade to version 4.44.4 or later.

CVE-2023-25813

Impact

The SQL injection exploit is related to replacements. Here is such an example:

In the following query, some parameters are passed through replacements, and some are passed directly through the where option.

User.findAll({
  where: or(
    literal('soundex("firstName") = soundex(:firstName)'),
    { lastName: lastName },
  ),
  replacements: { firstName },
})

This is a very legitimate use case, but this query was vulnerable to SQL injection due to how Sequelize processed the query: Sequelize built a first query using the where option, then passed it over to sequelize.query which parsed the resulting SQL to inject all :replacements.

If the user passed values such as

{
  "firstName": "OR true; DROP TABLE users;",
  "lastName": ":firstName"
}

Sequelize would first generate this query:

SELECT * FROM users WHERE soundex("firstName") = soundex(:firstName) OR "lastName" = ':firstName'

Then would inject replacements in it, which resulted in this:

SELECT * FROM users WHERE soundex("firstName") = soundex('OR true; DROP TABLE users;') OR "lastName" = ''OR true; DROP TABLE users;''

As you can see this resulted in arbitrary user-provided SQL being executed.

Patches

The issue was fixed in Sequelize 6.19.1

Workarounds

Do not use the replacements and the where option in the same query if you are not using Sequelize >= 6.19.1

References

See this thread for more information: https://github.com/sequelize/sequelize/issues/14519

Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027

CVE-2023-22580

Due to improper input filtering in the sequelize js library, can malicious queries lead to sensitive information disclosure.

CVE-2023-22579

Impact

Providing an invalid value to the where option of a query caused Sequelize to ignore that option instead of throwing an error.

A finder call like the following did not throw an error:

User.findAll({
  where: new Date(),
});

As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option.

Patches

This issue has been patched in sequelize@6.28.1 & @sequelize/core@7.0.0.alpha-20

References

A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698

CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090

CVE-2023-22578

Impact

Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL

User.findAll({
  attributes: [
    ['count(id)', 'count']
  ]
});

Produced

SELECT count(id) AS "count" FROM "users"

Patches

This feature was deprecated in Sequelize 5, and using it prints a deprecation warning.

This issue has been patched in @sequelize/core@7.0.0.alpha-20 and sequelize@6.29.0.

In Sequelize 7, it now produces the following:

SELECT "count(id)" AS "count" FROM "users"

In Sequelize 6, it throws an error explaining that we had to introduce a breaking change, and requires the user to explicitly opt-in to either the Sequelize 7 behavior (always escape) or the Sequelize 5 behavior (inline attributes that include () without escaping). See https://github.com/sequelize/sequelize/pull/15710 for more information.

Mitigations

Do not use user-provided content to build your list or attributes. If you do, make sure that attribute in question actually exists on your model by checking that it exists in the rawAttributes property of your model first.


A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15694 CVE: CVE-2023-22578


Release Notes

sequelize/sequelize (sequelize) ### [`v6.29.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.29.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.28.2...v6.29.0) ##### Features - throw an error if attribute includes parentheses (fixes CVE-2023-22578) ([#​15710](https://redirect.github.com/sequelize/sequelize/issues/15710)) ([d3f5b5a](https://redirect.github.com/sequelize/sequelize/commit/d3f5b5a65e297f4b6861e6a6ce335a9830b28781)) ### [`v6.28.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.28.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.28.1...v6.28.2) ##### Bug Fixes - accept undefined in where ([#​15703](https://redirect.github.com/sequelize/sequelize/issues/15703)) ([13f2e89](https://redirect.github.com/sequelize/sequelize/commit/13f2e89f8b6147897e3e43f01487de51aebcde87)) ### [`v6.28.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.28.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.28.0...v6.28.1) ##### Bug Fixes - throw if where receives an invalid value ([#​15699](https://redirect.github.com/sequelize/sequelize/issues/15699)) ([d9e0728](https://redirect.github.com/sequelize/sequelize/commit/d9e0728f2c2c5ae319f337c78091e1081440595d)) - update moment-timezone version ([#​15685](https://redirect.github.com/sequelize/sequelize/issues/15685)) ([48d6193](https://redirect.github.com/sequelize/sequelize/commit/48d619379108320831c9c6a0ec42bfda6586fec5)) ### [`v6.28.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.28.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.27.0...v6.28.0) ##### Features - **types:** use retry-as-promised types for retry options to match documentation ([#​15484](https://redirect.github.com/sequelize/sequelize/issues/15484)) ([fd4afa6](https://redirect.github.com/sequelize/sequelize/commit/fd4afa6a89c111c6d6d0c94f0b98bf421b5357b6)) ### [`v6.27.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.27.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.26.0...v6.27.0) ##### Features - add support for bigints (backport of [#​14485](https://redirect.github.com/sequelize/sequelize/issues/14485)) ([#​15413](https://redirect.github.com/sequelize/sequelize/issues/15413)) ([1247c01](https://redirect.github.com/sequelize/sequelize/commit/1247c01265743e4bdbd6d91a51cf64cd9d1e6617)) ### [`v6.26.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.26.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.8...v6.26.0) ##### Features - **postgres:** add support for lock_timeout \[[#​15345](https://redirect.github.com/sequelize/sequelize/issues/15345)] ([#​15355](https://redirect.github.com/sequelize/sequelize/issues/15355)) ([94beace](https://redirect.github.com/sequelize/sequelize/commit/94beace4ca666765ec9c84a3f7ef0e826e09699d)) ### [`v6.25.8`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.8) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.7...v6.25.8) ##### Bug Fixes - **oracle:** remove hardcoded maxRows value ([#​15323](https://redirect.github.com/sequelize/sequelize/issues/15323)) ([7885000](https://redirect.github.com/sequelize/sequelize/commit/7885000a70eb451100fa8f54d45361887241521c)) ### [`v6.25.7`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.7) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.6...v6.25.7) ##### Bug Fixes - fix parameters not being replaced when after $$ strings ([#​15307](https://redirect.github.com/sequelize/sequelize/issues/15307)) ([bc39fd6](https://redirect.github.com/sequelize/sequelize/commit/bc39fd69919e0af0cb0732ca9bfe3e60691c778a)) ### [`v6.25.6`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.6) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.5...v6.25.6) ##### Bug Fixes - **postgres:** invalidate connection after client-side timeout ([#​15283](https://redirect.github.com/sequelize/sequelize/issues/15283)) ([a205765](https://redirect.github.com/sequelize/sequelize/commit/a20576527b84d4986372b25303b61536fae7479a)), closes [/github.com/brianc/node-postgres/blob/5538df6b446f4b4f921947b460fe38acb897e579/packages/pg/lib/client.js#L529](https://redirect.github.com//github.com/brianc/node-postgres/blob/5538df6b446f4b4f921947b460fe38acb897e579/packages/pg/lib/client.js/issues/L529) ### [`v6.25.5`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.5) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.4...v6.25.5) ##### Bug Fixes - remove options.model overwrite on bulkUpdate ([#​15252](https://redirect.github.com/sequelize/sequelize/issues/15252)) ([67e69cd](https://redirect.github.com/sequelize/sequelize/commit/67e69cdb0e9d3dc16f61449cf0cf4f609c724719)), closes [#​15231](https://redirect.github.com/sequelize/sequelize/issues/15231) ### [`v6.25.4`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.4) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.3...v6.25.4) ##### Bug Fixes - **types:** add instance.dataValues property to model.d.ts ([#​15240](https://redirect.github.com/sequelize/sequelize/issues/15240)) ([00c6da3](https://redirect.github.com/sequelize/sequelize/commit/00c6da326630a85363b6d5e7d5570ac8ca8b31b8)) ### [`v6.25.3`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.3) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.2...v6.25.3) ##### Bug Fixes - don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix ([#​15139](https://redirect.github.com/sequelize/sequelize/issues/15139)) ([7990095](https://redirect.github.com/sequelize/sequelize/commit/7990095e369b226844669ec691cc7bce94c3dbbe)), closes [#​14700](https://redirect.github.com/sequelize/sequelize/issues/14700) ### [`v6.25.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.1...v6.25.2) ##### Bug Fixes - **types:** fix TS 4.9 excessive depth error on `InferAttributes` (v6) ([#​15135](https://redirect.github.com/sequelize/sequelize/issues/15135)) ([851daaf](https://redirect.github.com/sequelize/sequelize/commit/851daafc73ff218f7de4455fe9f96eb896106210)) ### [`v6.25.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.25.0...v6.25.1) ##### Bug Fixes - **types:** expose legacy "types" folder in export alias ( [#​15123](https://redirect.github.com/sequelize/sequelize/issues/15123)) ([9dd93b8](https://redirect.github.com/sequelize/sequelize/commit/9dd93b8461b0ff0452d7db998d0686c3ef176150)) ### [`v6.25.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.25.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.24.0...v6.25.0) ##### Features - **oracle:** add support for `dialectOptions.connectString` ([#​15042](https://redirect.github.com/sequelize/sequelize/issues/15042)) ([06ad05d](https://redirect.github.com/sequelize/sequelize/commit/06ad05df260a745cf97bc8e7365c74aea57e5220)) ### [`v6.24.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.24.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.23.2...v6.24.0) ##### Features - **snowflake:** Add support for `QueryGenerator#tableExistsQuery` ([#​15087](https://redirect.github.com/sequelize/sequelize/issues/15087)) ([a44772e](https://redirect.github.com/sequelize/sequelize/commit/a44772ec58175cfdc2cea84eb359966e48ed1c7b)) ### [`v6.23.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.23.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.23.1...v6.23.2) ##### Bug Fixes - **postgres:** add custom order direction to subQuery ordering with minified alias ([#​15056](https://redirect.github.com/sequelize/sequelize/issues/15056)) ([7203b66](https://redirect.github.com/sequelize/sequelize/commit/7203b6626ed38c06f91f09f73571fb7df56fe348)) ### [`v6.23.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.23.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.23.0...v6.23.1) ##### Bug Fixes - **oracle:** add support for Oracle DB 18c CI ([#​15016](https://redirect.github.com/sequelize/sequelize/issues/15016)) ([5f621d7](https://redirect.github.com/sequelize/sequelize/commit/5f621d72c1f265bb7659b54eb33469db8a4443fd)), closes [#​1](https://redirect.github.com/sequelize/sequelize/issues/1) [#​7](https://redirect.github.com/sequelize/sequelize/issues/7) [#​9](https://redirect.github.com/sequelize/sequelize/issues/9) [#​13](https://redirect.github.com/sequelize/sequelize/issues/13) [#​14](https://redirect.github.com/sequelize/sequelize/issues/14) [#​16](https://redirect.github.com/sequelize/sequelize/issues/16) ### [`v6.23.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.23.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.22.1...v6.23.0) ##### Features - **types:** add typescript 4.8 compatibility ([#​14990](https://redirect.github.com/sequelize/sequelize/issues/14990)) ([3468378](https://redirect.github.com/sequelize/sequelize/commit/34683786d7ec832b179845188076ea2121ea78ff)) ### [`v6.22.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.22.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.22.0...v6.22.1) ##### Bug Fixes - **types:** missing type for oracle dialect in v6 ([#​14992](https://redirect.github.com/sequelize/sequelize/issues/14992)) ([1da6657](https://redirect.github.com/sequelize/sequelize/commit/1da6657de18fc4918dc165f61aedf8888faa3704)), closes [#​14991](https://redirect.github.com/sequelize/sequelize/issues/14991) ### [`v6.22.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.22.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.6...v6.22.0) ##### Features - **oracle:** add oracle dialect support ([#​14638](https://redirect.github.com/sequelize/sequelize/issues/14638)) ([c230d80](https://redirect.github.com/sequelize/sequelize/commit/c230d80676450169d9cd74fe4cdf0da261de77b8)), closes [#​1](https://redirect.github.com/sequelize/sequelize/issues/1) [#​7](https://redirect.github.com/sequelize/sequelize/issues/7) [#​9](https://redirect.github.com/sequelize/sequelize/issues/9) [#​13](https://redirect.github.com/sequelize/sequelize/issues/13) [#​14](https://redirect.github.com/sequelize/sequelize/issues/14) [#​16](https://redirect.github.com/sequelize/sequelize/issues/16) ### [`v6.21.6`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.6) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.5...v6.21.6) ##### Bug Fixes - **types:** backport [#​14704](https://redirect.github.com/sequelize/sequelize/issues/14704) for v6 ([#​14964](https://redirect.github.com/sequelize/sequelize/issues/14964)) ([33d94b2](https://redirect.github.com/sequelize/sequelize/commit/33d94b223988d29bf1032ea2b589797664310839)) ### [`v6.21.5`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.5) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.4...v6.21.5) ##### Bug Fixes - **mariadb:** do not automatically parse JSON fields ([#​14800](https://redirect.github.com/sequelize/sequelize/issues/14800)) ([d047f32](https://redirect.github.com/sequelize/sequelize/commit/d047f3275a451df73294f222c8a2c99ffdd22299)) ### [`v6.21.4`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.4) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.3...v6.21.4) ##### Bug Fixes - minified aliases are now properly referenced in subqueries (v6) ([#​14852](https://redirect.github.com/sequelize/sequelize/issues/14852)) ([5a257bc](https://redirect.github.com/sequelize/sequelize/commit/5a257bc93c7e760f6b0158f55b3cb48878698450)), closes [#​14804](https://redirect.github.com/sequelize/sequelize/issues/14804) ### [`v6.21.3`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.3) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.2...v6.21.3) ##### Bug Fixes - **postgres:** attach postgres error-handler earlier in lifecycle (v6) ([#​14731](https://redirect.github.com/sequelize/sequelize/issues/14731)) ([90bb694](https://redirect.github.com/sequelize/sequelize/commit/90bb69485021344351732dcafe31cb67a54175f7)) ### [`v6.21.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.1...v6.21.2) ##### Bug Fixes - properly escape multiple `$` in `fn` args ([#​14678](https://redirect.github.com/sequelize/sequelize/issues/14678)) ([7bb60e3](https://redirect.github.com/sequelize/sequelize/commit/7bb60e3531127da684cc1f75307410c53dfc9c8c)) ### [`v6.21.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.21.0...v6.21.1) ##### Bug Fixes - **postgres:** use schema set in sequelize config by default ([#​14665](https://redirect.github.com/sequelize/sequelize/issues/14665)) ([2f3b924](https://redirect.github.com/sequelize/sequelize/commit/2f3b9247ad4ef74d1ec1027562eaafb6b1e9755f)) ### [`v6.21.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.21.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.20.1...v6.21.0) ##### Features - exports types to support typescript >= 4.5 nodenext module ([#​14620](https://redirect.github.com/sequelize/sequelize/issues/14620)) ([cbdf73e](https://redirect.github.com/sequelize/sequelize/commit/cbdf73e9ee52ebebf92679b183ce95c760e914db)) ### [`v6.20.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.20.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.20.0...v6.20.1) ##### Bug Fixes - kill connection on commit/rollback error ([#​14535](https://redirect.github.com/sequelize/sequelize/issues/14535)) ([e1a9c28](https://redirect.github.com/sequelize/sequelize/commit/e1a9c28375e3bdd11347835b2f796290638ad58a)) ### [`v6.20.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.20.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.19.2...v6.20.0) ##### Features - support cyclic foreign keys ([#​14499](https://redirect.github.com/sequelize/sequelize/issues/14499)) ([b37df96](https://redirect.github.com/sequelize/sequelize/commit/b37df964333c39b9e19daa9a2c45c1d0bb475433)) ### [`v6.19.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.19.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.19.1...v6.19.2) ##### Bug Fixes - accept replacements in `ARRAY[]` & followed by `;` ([#​14518](https://redirect.github.com/sequelize/sequelize/issues/14518)) ([e37c572](https://redirect.github.com/sequelize/sequelize/commit/e37c57255fbd77244be22dc57d0a86490597831a)) ### [`v6.19.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.19.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.19.0...v6.19.1) ##### Bug Fixes - do not replace `:replacements` inside of strings ([#​14472](https://redirect.github.com/sequelize/sequelize/issues/14472)) ([ccaa399](https://redirect.github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b)) ⚠️ BREAKING CHANGE: This change is a security fix that patches a serious SQL injection vulnerability, however it is possible that your application made use of it and broke as a result of this change. [Please see this issue for more information](https://redirect.github.com/sequelize/sequelize/issues/14519). ### [`v6.19.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.19.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.18.0...v6.19.0) ##### Bug Fixes - **types:** make `WhereOptions` more accurate ([#​14368](https://redirect.github.com/sequelize/sequelize/issues/14368)) ([0d0aade](https://redirect.github.com/sequelize/sequelize/commit/0d0aadec98871d704743563585eacf87b3403517)) ##### Features - **types:** make `Model.init` aware of pre-configured foreign keys ([#​14370](https://redirect.github.com/sequelize/sequelize/issues/14370)) ([5954d2c](https://redirect.github.com/sequelize/sequelize/commit/5954d2cae542f8e4bd3351bc9d55b6880bd751c3)) ### [`v6.18.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.18.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.17.0...v6.18.0) ##### Features - add whereScopeStrategy to merge where scopes with Op.and ([#​14152](https://redirect.github.com/sequelize/sequelize/issues/14152)) ([8349c02](https://redirect.github.com/sequelize/sequelize/commit/8349c02c5130fc431adec265e3a3ad043571f1b9)) ### [`v6.17.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.17.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.16.3...v6.17.0) ##### Bug Fixes - fix typo in query-generator.js error message ([#​14151](https://redirect.github.com/sequelize/sequelize/issues/14151)) ([2d339d0](https://redirect.github.com/sequelize/sequelize/commit/2d339d0799d224dca79037e8465cf48abef496a8)) - **postgres:** correctly re-acquire connection for pg-native ([#​14090](https://redirect.github.com/sequelize/sequelize/issues/14090)) ([82506a6](https://redirect.github.com/sequelize/sequelize/commit/82506a68dbb33e4824ed6b8462cedf52d90d8cfc)) - **types:** drop excess argument for upsert ([#​14156](https://redirect.github.com/sequelize/sequelize/issues/14156)) ([da8678d](https://redirect.github.com/sequelize/sequelize/commit/da8678dec6ee6b8e427701e88d7db6810e990f82)) - **types:** export `GroupedCountResultItem` interface ([#​14154](https://redirect.github.com/sequelize/sequelize/issues/14154)) ([a81b7ab](https://redirect.github.com/sequelize/sequelize/commit/a81b7ab38da7fea07e00114e88711fbfed9f9a34)) - **types:** update 'replication' option property ([#​14126](https://redirect.github.com/sequelize/sequelize/issues/14126)) ([7ac1221](https://redirect.github.com/sequelize/sequelize/commit/7ac122163f63ced2e24dac1d73e0be298f686187)) - **types:** update return type of `Model.update` ([#​14155](https://redirect.github.com/sequelize/sequelize/issues/14155)) ([b80aeed](https://redirect.github.com/sequelize/sequelize/commit/b80aeed3c4eccc98da78927e91483ca41035dffe)) ##### Features - **types:** infer nullable creation attributes as optional ([#​14147](https://redirect.github.com/sequelize/sequelize/issues/14147)) ([f5c06bd](https://redirect.github.com/sequelize/sequelize/commit/f5c06bd493670a37ba6d6ed039d44ccdf79b126e)) - **types:** make `Model.getAttributes` stricter ([#​14017](https://redirect.github.com/sequelize/sequelize/issues/14017)) ([e974e20](https://redirect.github.com/sequelize/sequelize/commit/e974e202ca755a008f450c88123fc166a5497bb2)) ### [`v6.16.3`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.16.3) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.16.2...v6.16.3) ##### Bug Fixes - **types:** support union in CreationAttributes ([#​14146](https://redirect.github.com/sequelize/sequelize/issues/14146)) ([d23bd7a](https://redirect.github.com/sequelize/sequelize/commit/d23bd7a7e2aac095f8b210f8d0e0f060c215475f)) ### [`v6.16.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.16.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.16.1...v6.16.2) ##### Bug Fixes - **types:** missing snowflake and db2 dialects ([#​14137](https://redirect.github.com/sequelize/sequelize/issues/14137)) ([0326c2c](https://redirect.github.com/sequelize/sequelize/commit/0326c2caee201ee7288eb917cb3facd5aefd9b12)) ### [`v6.16.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.16.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.16.0...v6.16.1) ##### Bug Fixes - correct path to `package.json` in Sequelize.version ([#​14073](https://redirect.github.com/sequelize/sequelize/issues/14073)) ([b95c213](https://redirect.github.com/sequelize/sequelize/commit/b95c213909ce084ffd98f9e98c9cf881841e27f1)) ### [`v6.16.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.16.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.15.1...v6.16.0) ##### Features - gen /lib & /types from /src & drop /dist (v6) ([#​14063](https://redirect.github.com/sequelize/sequelize/issues/14063)) ([6b8fbb4](https://redirect.github.com/sequelize/sequelize/commit/6b8fbb48d0d12f2c500f69ce79f7f54386c32b40)) ### [`v6.15.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.15.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.15.0...v6.15.1) ##### Bug Fixes - **types:** accept `$nested.syntax$` in WhereAttributeHash ([#​13983](https://redirect.github.com/sequelize/sequelize/issues/13983)) ([4a513cf](https://redirect.github.com/sequelize/sequelize/commit/4a513cfb8d0061fe47864fa70655649a4f1b60ac)) - **types:** correct typing definitions for `Sequelize.where` ([#​14018](https://redirect.github.com/sequelize/sequelize/issues/14018)) ([99c612b](https://redirect.github.com/sequelize/sequelize/commit/99c612bf4ffe61da1564b482b1d3680172ddde34)) - **types:** improve branded types ([#​13990](https://redirect.github.com/sequelize/sequelize/issues/13990)) ([a578ea0](https://redirect.github.com/sequelize/sequelize/commit/a578ea001e0d8f0eddae41badc6814a2a527d9a9)) ### [`v6.15.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.15.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.14.1...v6.15.0) ##### Bug Fixes - **types:** deduplicate error typings ([#​14002](https://redirect.github.com/sequelize/sequelize/issues/14002)) ([fc28629](https://redirect.github.com/sequelize/sequelize/commit/fc2862905a2f34bd8dcbfe78fa66c20693be44b7)) ##### Features - add options.rawErrors to `Sequelize#query` method ([#​13881](https://redirect.github.com/sequelize/sequelize/issues/13881)) ([7c58851](https://redirect.github.com/sequelize/sequelize/commit/7c588511a37af5a5ab8c483bffa39a4060122d37)) ### [`v6.14.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.14.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.14.0...v6.14.1) ##### Bug Fixes - rollback PR [#​13951](https://redirect.github.com/sequelize/sequelize/issues/13951) in v6 ([#​14004](https://redirect.github.com/sequelize/sequelize/issues/14004)) ([1882f3c](https://redirect.github.com/sequelize/sequelize/commit/1882f3cd9c42c245d486950b3a9cb18b761e1536)) ### [`v6.14.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.14.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.13.0...v6.14.0) ##### Bug Fixes - don't call overloaded versions of find functions internally ([#​13951](https://redirect.github.com/sequelize/sequelize/issues/13951)) ([fc53cdb](https://redirect.github.com/sequelize/sequelize/commit/fc53cdbfbbf312d501c03f4268637795e43131d7)) - don't call overloaded versions of find functions internally ([#​13951](https://redirect.github.com/sequelize/sequelize/issues/13951)) ([b253d8e](https://redirect.github.com/sequelize/sequelize/commit/b253d8ed63c91bc2c7143f07806554b5a5ac67eb)) - **model.d:** fix type for `count` and `findAndCountAll` ([#​13786](https://redirect.github.com/sequelize/sequelize/issues/13786)) ([b06c1fc](https://redirect.github.com/sequelize/sequelize/commit/b06c1fc283cbd20af6031199ece075d8b10b0feb)) - **types:** add hooks to InstanceDestroyOptions type ([#​13491](https://redirect.github.com/sequelize/sequelize/issues/13491)) ([dbd9ea8](https://redirect.github.com/sequelize/sequelize/commit/dbd9ea8690d6d2209cf0d000239e87f93d02cbb0)) - **types:** add missing fields to FindOr{Create,Build}Options ([#​13389](https://redirect.github.com/sequelize/sequelize/issues/13389)) ([ef63f8f](https://redirect.github.com/sequelize/sequelize/commit/ef63f8f3900135f9d5d7869ee5a1f78dd4da0e76)) - **types:** fix QueryInterface#bulkInsert attribute arg type ([#​13945](https://redirect.github.com/sequelize/sequelize/issues/13945)) ([9e108e3](https://redirect.github.com/sequelize/sequelize/commit/9e108e3417c56df1b19db322cc7b0168d9bb3b85)) ##### Features - **types:** add `InferAttributes` utility type ([#​13909](https://redirect.github.com/sequelize/sequelize/issues/13909)) ([fd42687](https://redirect.github.com/sequelize/sequelize/commit/fd426876dca4d265f80147b6c2080e7400fa0129)) - **types:** add typings for DataTypes.TSVECTOR ([#​13940](https://redirect.github.com/sequelize/sequelize/issues/13940)) ([b8f0463](https://redirect.github.com/sequelize/sequelize/commit/b8f0463c30cc9ccb9386692e9acd7afbb9de5bd9)) - **types:** drop TypeScript < 4.1 ([#​13954](https://redirect.github.com/sequelize/sequelize/issues/13954)) ([dd49044](https://redirect.github.com/sequelize/sequelize/commit/dd49044bc7a1a0dace3e438881a32416fe68aaf6)) ### [`v6.13.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.13.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.5...v6.13.0) ##### Bug Fixes - fix typings for queries with {plain: true} option ([#​13899](https://redirect.github.com/sequelize/sequelize/issues/13899)) ([308d017](https://redirect.github.com/sequelize/sequelize/commit/308d0171ec3b2fd7d329c978e7885e6cc23466d0)) ##### Features - **mariadb:** add mariadb support in Sequelize.set function ([#​13926](https://redirect.github.com/sequelize/sequelize/issues/13926)) ([02bda05](https://redirect.github.com/sequelize/sequelize/commit/02bda05a0757773c0d71fa574e6217210adabecf)), closes [#​13920](https://redirect.github.com/sequelize/sequelize/issues/13920) - **postgres:** drop indices concurrently in Postgres ([#​13903](https://redirect.github.com/sequelize/sequelize/issues/13903)) ([37f20a6](https://redirect.github.com/sequelize/sequelize/commit/37f20a6028eecdd89a61c3db708506784105adfc)) ### [`v6.12.5`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.5) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.4...v6.12.5) ##### Bug Fixes - **dialect:** sequelize pool doesn't take effect in dialect "mssql" ([#​13880](https://redirect.github.com/sequelize/sequelize/issues/13880)) ([fc155b6](https://redirect.github.com/sequelize/sequelize/commit/fc155b627448e09420b4d8308736b8d3a74e2935)) - **model:** fix count with grouping typing ([#​13884](https://redirect.github.com/sequelize/sequelize/issues/13884)) ([49beb29](https://redirect.github.com/sequelize/sequelize/commit/49beb29ae757dde7b5eb531b0d857e39413ffb3b)), closes [#​13871](https://redirect.github.com/sequelize/sequelize/issues/13871) - **types:** improve ModelCtor / ModelStatic typing ([#​13890](https://redirect.github.com/sequelize/sequelize/issues/13890)) ([34aa808](https://redirect.github.com/sequelize/sequelize/commit/34aa808425371c9b7cdf43cfe8ec3141d33ade34)) - **types:** omit FK and scope keys in HasManyCreateAssociationMixin ([#​13892](https://redirect.github.com/sequelize/sequelize/issues/13892)) ([b315ce8](https://redirect.github.com/sequelize/sequelize/commit/b315ce8b967c5f6cf55a4f774aaca60306087bfb)) ### [`v6.12.4`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.4) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.3...v6.12.4) ##### Bug Fixes - **mssql/async-queue:** fix unable to start mysql due to circular ref ([#​13823](https://redirect.github.com/sequelize/sequelize/issues/13823)) ([49e8614](https://redirect.github.com/sequelize/sequelize/commit/49e861459ee88be334b3969f16d0e03582fd16f0)) ### [`v6.12.3`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.3) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.2...v6.12.3) ##### Bug Fixes - **data-types:** moment object throwing error ([#​13818](https://redirect.github.com/sequelize/sequelize/issues/13818)) ([78c7414](https://redirect.github.com/sequelize/sequelize/commit/78c7414ab6bcbb1adec161c0e223f248edb15511)) ### [`v6.12.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.1...v6.12.2) ##### Bug Fixes - **abstract:** patch jsonb operator for pg if value is json ([#​13780](https://redirect.github.com/sequelize/sequelize/issues/13780)) ([a2375c5](https://redirect.github.com/sequelize/sequelize/commit/a2375c5645dd89fb436707e95cc01b5c546eb7fc)) - **operators:** fix ts support for operators.ts ([#​13805](https://redirect.github.com/sequelize/sequelize/issues/13805)) ([b532ab1](https://redirect.github.com/sequelize/sequelize/commit/b532ab1dbdda2bfdb586b4ba0765147e71a86ae1)) - **postgres:** allows usage of schema for ARRAY(ENUM) type name ([#​13807](https://redirect.github.com/sequelize/sequelize/issues/13807)) ([da5b0ce](https://redirect.github.com/sequelize/sequelize/commit/da5b0ce2d35d0381b80e787f977a7aefb7cdca56)) - **query-interface:** bring back quoteIdentifier(s) to queryInterface ([#​13810](https://redirect.github.com/sequelize/sequelize/issues/13810)) ([001dc60](https://redirect.github.com/sequelize/sequelize/commit/001dc6006d24a14817c8e7744baf5d1d40eab520)) ### [`v6.12.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.12.0...v6.12.1) ##### Bug Fixes - allow deep imports ([#​13795](https://redirect.github.com/sequelize/sequelize/issues/13795)) ([1ecdaf9](https://redirect.github.com/sequelize/sequelize/commit/1ecdaf98308ae9b975ec3af7be209fd448043e6e)) - fix invalid ts import style of lib/operators ([#​13797](https://redirect.github.com/sequelize/sequelize/issues/13797)) ([8acc14f](https://redirect.github.com/sequelize/sequelize/commit/8acc14f3c639b2667ad4f79d963a3f365b2897a5)) ### [`v6.12.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.12.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.11.0...v6.12.0) ##### Bug Fixes - **data-types:** unnecessary warning when getting data with DATE dataTypes ([#​13712](https://redirect.github.com/sequelize/sequelize/issues/13712)) ([121884b](https://redirect.github.com/sequelize/sequelize/commit/121884b0d364e0be53e93bfd90d99b7e15449897)) - **docs:** add aws-lamda route ([#​13693](https://redirect.github.com/sequelize/sequelize/issues/13693)) ([3059bce](https://redirect.github.com/sequelize/sequelize/commit/3059bce6003ca77b5e67cf7d6d673597b704db0e)) - **example:** fix coordinates format as per GeoJson ([#​13718](https://redirect.github.com/sequelize/sequelize/issues/13718)) ([f9dec20](https://redirect.github.com/sequelize/sequelize/commit/f9dec20cd1c0f1ace931ca470f8787a7b4046a56)) - **increment:** fix key value broken query ([#​12985](https://redirect.github.com/sequelize/sequelize/issues/12985)) ([fc0b19e](https://redirect.github.com/sequelize/sequelize/commit/fc0b19e3cf95f0c4d749c3bf871077228be64bba)) - **model.d:** fix findAndCountAll.count type ([#​13736](https://redirect.github.com/sequelize/sequelize/issues/13736)) ([b7b472e](https://redirect.github.com/sequelize/sequelize/commit/b7b472e7a0a55ebd402f7bced3e330c3087bc75f)) - **snowflake:** fix to prevent disconnect attempt on already disconnected connection ([#​13775](https://redirect.github.com/sequelize/sequelize/issues/13775)) ([2a9a551](https://redirect.github.com/sequelize/sequelize/commit/2a9a551609be94ee233516a1a9b4119892249d9c)) - **types:** add Col to where Ops ([#​13717](https://redirect.github.com/sequelize/sequelize/issues/13717)) ([2d7b865](https://redirect.github.com/sequelize/sequelize/commit/2d7b8653a82f16eff4ee5a48d1fd6ec9ab785c76)) - **types:** add instance member declaration ([#​13684](https://redirect.github.com/sequelize/sequelize/issues/13684)) ([ae3cde5](https://redirect.github.com/sequelize/sequelize/commit/ae3cde54b62f2bd41f35a002ba7ddf54946ca0ee)) - **types:** add missing schema field to sequelize options ([c7a0839](https://redirect.github.com/sequelize/sequelize/commit/c7a0839ffc2923e2881b8cc31a251709a929a022)), closes [#​12606](https://redirect.github.com/sequelize/sequelize/issues/12606) - **types:** allow override json function with custom return type ([#​13694](https://redirect.github.com/sequelize/sequelize/issues/13694)) ([2c3b384](https://redirect.github.com/sequelize/sequelize/commit/2c3b384cad6d9b6e1527f05560b12fc0338eca87)) - **upsert:** fall back to DO NOTHING if no update key values provided ([#​13594](https://redirect.github.com/sequelize/sequelize/issues/13594)) ([4071378](https://redirect.github.com/sequelize/sequelize/commit/407137822a62897f7366980acd7eeceb443601b9)) - **upsert:** fall back to DO NOTHING if no update key values provided ([#​13711](https://redirect.github.com/sequelize/sequelize/issues/13711)) ([f9dfaa7](https://redirect.github.com/sequelize/sequelize/commit/f9dfaa7c533acad4ae88fd16b47c3a5805fb6e9b)), closes [#​13594](https://redirect.github.com/sequelize/sequelize/issues/13594) - wrong interface used within mixin ([#​13685](https://redirect.github.com/sequelize/sequelize/issues/13685)) ([bd3ddf5](https://redirect.github.com/sequelize/sequelize/commit/bd3ddf5a93a17cb729aa160a89a3ee04c329c0ed)) ##### Features - **dialects:** add experimental support for db2 ([#​13374](https://redirect.github.com/sequelize/sequelize/issues/13374)) ([4443d2a](https://redirect.github.com/sequelize/sequelize/commit/4443d2af14c78b21ff2a70f4aeb69bd9d3f8c2e2)) - **dialect:** snowflake dialect support ([#​13406](https://redirect.github.com/sequelize/sequelize/issues/13406)) ([ad68a5e](https://redirect.github.com/sequelize/sequelize/commit/ad68a5e5f07d7800ece68290de4d15e33ac7579a)) - **model:** complete getAttributes feature ([b6510df](https://redirect.github.com/sequelize/sequelize/commit/b6510df2bdb5fb22c508c3f348e11cbaf7065fbc)) - **typescript:** create alpha release with ts ([911125e](https://redirect.github.com/sequelize/sequelize/commit/911125e4a8daf56cb4f6461fd1281a83f5373f0c)) - **types:** transition lib/errors ([#​13710](https://redirect.github.com/sequelize/sequelize/issues/13710)) ([8cdce6a](https://redirect.github.com/sequelize/sequelize/commit/8cdce6aeb32b09e4bc1359250efcfacc6742501f)) - **upsert:** add conflictFields option ([#​13723](https://redirect.github.com/sequelize/sequelize/issues/13723)) ([496bede](https://redirect.github.com/sequelize/sequelize/commit/496bede2f9e48cce6fe378a1c174a8a9154e2f7e)) ### [`v6.11.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.11.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.10.0...v6.11.0) ##### Features - option for attributes having dotNotation ([#​13670](https://redirect.github.com/sequelize/sequelize/issues/13670)) ([41876f1](https://redirect.github.com/sequelize/sequelize/commit/41876f11a7ef2dec4f7788d8e39cf9864a9e83cd)) ### [`v6.10.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.10.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.9.0...v6.10.0) ##### Bug Fixes - typing on creation within an association ([#​13678](https://redirect.github.com/sequelize/sequelize/issues/13678)) ([0312f8e](https://redirect.github.com/sequelize/sequelize/commit/0312f8eac982b646842f89f56dc90f6c8f935c84)) - **logger:** change logging depth from 3 to 1 ([#​12879](https://redirect.github.com/sequelize/sequelize/issues/12879)) ([ddddc24](https://redirect.github.com/sequelize/sequelize/commit/ddddc244c2019a765ad889226584b8fb07ff50da)) - **mariadb:** fix MariaDB 10.5 JSON ([#​13633](https://redirect.github.com/sequelize/sequelize/issues/13633)) ([cdd61dd](https://redirect.github.com/sequelize/sequelize/commit/cdd61ddbe83cbfe77dc04a32196dcc66e0052f51)) - **model:** clone options object instead of modifying ([#​13589](https://redirect.github.com/sequelize/sequelize/issues/13589)) ([3be43de](https://redirect.github.com/sequelize/sequelize/commit/3be43deeb9a4e03cffb1d72ebc67a534a3c5dc19)) - **mssql:** fix sub query issue occurring with renamed primary key fields ([#​12801](https://redirect.github.com/sequelize/sequelize/issues/12801)) ([73d99ab](https://redirect.github.com/sequelize/sequelize/commit/73d99ab45c069119478d8ef39ff9391181d5578f)) - **mssql:** sqlserver 2008 fix for using offsets and include criteria ([47c4494](https://redirect.github.com/sequelize/sequelize/commit/47c4494968422585bf265063925d1662ffcd4173)) - **query:** make stacktraces include original calling code ([#​13347](https://redirect.github.com/sequelize/sequelize/issues/13347)) ([f581543](https://redirect.github.com/sequelize/sequelize/commit/f58154334d98038deafbecd017cf5719d1b13b7f)) - **types:** Add missing type definitions in models ([#​13553](https://redirect.github.com/sequelize/sequelize/issues/13553)) ([73ecf6c](https://redirect.github.com/sequelize/sequelize/commit/73ecf6cf33628eca38973c0eeb5c798dbba177e9)) - **types:** add specifc tojson type in model.d.ts ([#​13661](https://redirect.github.com/sequelize/sequelize/issues/13661)) ([5924be5](https://redirect.github.com/sequelize/sequelize/commit/5924be52152232fbd7a925d599c31cac9f90dc6d)) - **types:** DataType.TEXT overloading definition ([#​13654](https://redirect.github.com/sequelize/sequelize/issues/13654)) ([1690801](https://redirect.github.com/sequelize/sequelize/commit/1690801cda2ca15f32aaaf5e9ebd96e800808e36)) - **types:** include 'paranoid' in IncludeThroughOptions definition ([#​13625](https://redirect.github.com/sequelize/sequelize/issues/13625)) ([b1fb1f3](https://redirect.github.com/sequelize/sequelize/commit/b1fb1f32f7d66c013bbf015345a1076893ffd806)) - **types:** ne op documentation ([#​13666](https://redirect.github.com/sequelize/sequelize/issues/13666)) ([98485df](https://redirect.github.com/sequelize/sequelize/commit/98485dfcff501c565dbf453a54868a4dfe60a225)) - **types:** rename types and update CONTRIBUTING docs ([#​13348](https://redirect.github.com/sequelize/sequelize/issues/13348)) ([1f23924](https://redirect.github.com/sequelize/sequelize/commit/1f2392423212ca9a4604772c1d0a2f008606695e)) - expect result is null but got zero ([#​13637](https://redirect.github.com/sequelize/sequelize/issues/13637)) ([da3ac09](https://redirect.github.com/sequelize/sequelize/commit/da3ac091032856f8a74297eff9a9d89e7fc997e5)) ##### Features - **definitions:** Adds AbstractQuery and before/afterQuery hook definitions ([#​13635](https://redirect.github.com/sequelize/sequelize/issues/13635)) ([37a5858](https://redirect.github.com/sequelize/sequelize/commit/37a5858b1e635a28dee1da494f278753d489bbe8)) - **postgresql:** easier SSL config and options param support ([#​13673](https://redirect.github.com/sequelize/sequelize/issues/13673)) ([9591573](https://redirect.github.com/sequelize/sequelize/commit/95915739443f96996841dacfd6861e9d5ba35c1b)) ### [`v6.9.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.9.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.8.0...v6.9.0) ##### Bug Fixes - **docs:** using incorrect esdocs syntax ([#​13615](https://redirect.github.com/sequelize/sequelize/issues/13615)) ([c3c690b](https://redirect.github.com/sequelize/sequelize/commit/c3c690b90688941eab5c9efa6918314d52a9b8ef)) - **sqlite:** quote table names in sqlite getForeignKeysQuery ([#​13587](https://redirect.github.com/sequelize/sequelize/issues/13587)) ([eeb6a8f](https://redirect.github.com/sequelize/sequelize/commit/eeb6a8fbeb6549be038f2dbb0eefb414c7450653)) - **upsert:** do not overwrite an explcit created_at during upsert ([#​13593](https://redirect.github.com/sequelize/sequelize/issues/13593)) ([594cee8](https://redirect.github.com/sequelize/sequelize/commit/594cee88a54ef82709b04c5ffd9a1f03d76b2d18)) ##### Features - **mysql:** add support for MySQL v8 ([#​13618](https://redirect.github.com/sequelize/sequelize/issues/13618)) ([35978f0](https://redirect.github.com/sequelize/sequelize/commit/35978f0633efbefc3749363717378996b806cc95)) ### [`v6.8.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.8.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.7.0...v6.8.0) ##### Bug Fixes - **types:** allow any values in `isIn` validator ([#​12962](https://redirect.github.com/sequelize/sequelize/issues/12962)) ([d511d91](https://redirect.github.com/sequelize/sequelize/commit/d511d9164e0f469ccba40d94b4865b73466f64f5)) - allows insert primary key with zero ([#​13458](https://redirect.github.com/sequelize/sequelize/issues/13458)) ([e4aff2f](https://redirect.github.com/sequelize/sequelize/commit/e4aff2f6270bc52fbdc90bed6269537e2f9714e0)) - **model:** Convert number values only if they aren't null to avoid NaN ([199b632](https://redirect.github.com/sequelize/sequelize/commit/199b632b021830f9d09210fd7430045710638631)) - **model.d:** accept \[Op.is] in where (broken in TypeScript 4.4) ([#​13499](https://redirect.github.com/sequelize/sequelize/issues/13499)) ([d685a9a](https://redirect.github.com/sequelize/sequelize/commit/d685a9a76ad353aef6df61c19e4385aa9ba79368)) - **postgres:** fix `findCreateFind` to work with postgres transactions ([#​13482](https://redirect.github.com/sequelize/sequelize/issues/13482)) ([84421d7](https://redirect.github.com/sequelize/sequelize/commit/84421d7d738176ee6d0de705c493b145b9488532)) - **select:** do not force set `subQuery` to `false` ([#​13490](https://redirect.github.com/sequelize/sequelize/issues/13490)) ([0943339](https://redirect.github.com/sequelize/sequelize/commit/094333910e105bbc363321eb7557a582363a8f6d)) - **sqlite:** fix wrongly overwriting storage if empty string ([#​13376](https://redirect.github.com/sequelize/sequelize/issues/13376)) ([c3e608b](https://redirect.github.com/sequelize/sequelize/commit/c3e608b95a130b661ca01f9af42beaac5995d986)), closes [#​13375](https://redirect.github.com/sequelize/sequelize/issues/13375) - **types:** add missing upsert hooks ([#​13394](https://redirect.github.com/sequelize/sequelize/issues/13394)) ([5e9c209](https://redirect.github.com/sequelize/sequelize/commit/5e9c209cc8eaa1d38f33bb3ac2de8b8ab33929f2)) - **types:** extend BulkCreateOptions by SearchPathable ([#​13469](https://redirect.github.com/sequelize/sequelize/issues/13469)) ([47c2d05](https://redirect.github.com/sequelize/sequelize/commit/47c2d057f857e1eb197ac317f295798313dcedc0)), closes [#​13454](https://redirect.github.com/sequelize/sequelize/issues/13454) - **types:** typo in model.d.ts ([#​13574](https://redirect.github.com/sequelize/sequelize/issues/13574)) ([31d0fbc](https://redirect.github.com/sequelize/sequelize/commit/31d0fbce032073917b4b41f1bdde4fb1fe562f97)) ##### Features - **postgres:** support `query_timeout` dialect option ([#​13258](https://redirect.github.com/sequelize/sequelize/issues/13258)) ([3ca085d](https://redirect.github.com/sequelize/sequelize/commit/3ca085db318201fa59422a2ce191bcf76e5f37dc)) - **typings:** add UnknownConstraintError ([#​13461](https://redirect.github.com/sequelize/sequelize/issues/13461)) ([69d899e](https://redirect.github.com/sequelize/sequelize/commit/69d899e27b733adb24e4300b48c9bae91455932f)) ### [`v6.7.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.7.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.6.5...v6.7.0) ##### Bug Fixes - **deps:** upgrade to secure versions of dev deps ([#​13549](https://redirect.github.com/sequelize/sequelize/issues/13549)) ([cf53734](https://redirect.github.com/sequelize/sequelize/commit/cf537342b55bd4cf432f16b4b524737a6cb68ab4)) - **docs:** fix typo in documentation for polymorphic associations ([#​13405](https://redirect.github.com/sequelize/sequelize/issues/13405)) ([bbf3d76](https://redirect.github.com/sequelize/sequelize/commit/bbf3d76474f8520aa9d16d51bd35730774866e13)) - **types:** allow rangable to take a string tuple ([#​13486](https://redirect.github.com/sequelize/sequelize/issues/13486)) ([ca2a11a](https://redirect.github.com/sequelize/sequelize/commit/ca2a11aed603572f3277c2262d445ec9f464b326)) ##### Features - **test:** add test for nested column in where query ([#​13478](https://redirect.github.com/sequelize/sequelize/issues/13478)) ([26b62c7](https://redirect.github.com/sequelize/sequelize/commit/26b62c7c3e76fca81c76cabcaf58fff00b7c4da0)), closes [#​13288](https://redirect.github.com/sequelize/sequelize/issues/13288) - **types:** make config type deeply writeable for before connect hook ([#​13424](https://redirect.github.com/sequelize/sequelize/issues/13424)) ([f078f77](https://redirect.github.com/sequelize/sequelize/commit/f078f772d447e9148442ca4e9feae887e65adea0)) ### [`v6.6.5`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.6.5) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.6.4...v6.6.5) ##### Bug Fixes - **dependency:** upgrade validator ([#​13350](https://redirect.github.com/sequelize/sequelize/issues/13350)) ([56bb1d6](https://redirect.github.com/sequelize/sequelize/commit/56bb1d6ef9827f604d7bcef945abb7e213f2322d)) ### [`v6.6.4`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.6.4) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.6.2...v6.6.4) ##### Bug Fixes - **typings**: make `Transactionable` compatible with `TransactionOptions` ([#​13334](https://redirect.github.com/sequelize/sequelize/issues/13334)) ([cd2de40](https://redirect.github.com/sequelize/sequelize/commit/cd2de40)) - **utils**: clone attributes before mutating them ([#​13226](https://redirect.github.com/sequelize/sequelize/issues/13226)) ([1a16b91](https://redirect.github.com/sequelize/sequelize/commit/1a16b91)) - **data-types**: use proper field name for `ARRAY(ENUM)` ([#​13210](https://redirect.github.com/sequelize/sequelize/issues/13210)) ([1cfbd33](https://redirect.github.com/sequelize/sequelize/commit/1cfbd33)) - **typings**: fix `ignoreDuplicates` option ([#​13220](https://redirect.github.com/sequelize/sequelize/issues/13220)) ([b33d78e](https://redirect.github.com/sequelize/sequelize/commit/b33d78e)) - **typings**: allow `schema` for queryInterface methods ([#​13223](https://redirect.github.com/sequelize/sequelize/issues/13223)) ([6b0b532](https://redirect.github.com/sequelize/sequelize/commit/6b0b532)) - **typings**: restrict update typings ([#​13216](https://redirect.github.com/sequelize/sequelize/issues/13216)) ([63ceb73](https://redirect.github.com/sequelize/sequelize/commit/63ceb73)) - **typings**: `returning` can specify column names ([#​13215](https://redirect.github.com/sequelize/sequelize/issues/13215)) ([143cc84](https://redirect.github.com/sequelize/sequelize/commit/143cc84)) - **typings**: model init returns model class, not instance ([#​13214](https://redirect.github.com/sequelize/sequelize/issues/13214)) ([8f2a0d5](https://redirect.github.com/sequelize/sequelize/commit/8f2a0d5)) - **plurals**: bump inflection dependency ([#​13260](https://redirect.github.com/sequelize/sequelize/issues/13260)) ([deeb5c6](https://redirect.github.com/sequelize/sequelize/commit/deeb5c6)) - **bulk-create**: `ON CONFLICT` with unique index ([#​13345](https://redirect.github.com/sequelize/sequelize/issues/13345)) ([6dcb565](https://redirect.github.com/sequelize/sequelize/commit/6dcb565)) ### [`v6.6.2`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.6.2) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.6.1...v6.6.2) ##### Bug Fixes - **types:** fix `Model.prototype.previous()` ([#​13042](https://redirect.github.com/sequelize/sequelize/issues/13042)) ([5b16b32](https://redirect.github.com/sequelize/sequelize/commit/5b16b32259f0599a6af2d1eb625622da9054265e)) ### [`v6.6.1`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.6.1) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.6.0...v6.6.1) ##### Bug Fixes - **query-generator:** use `AND` in sql for `not`/`between` ([#​13043](https://redirect.github.com/sequelize/sequelize/issues/13043)) ([a663c54](https://redirect.github.com/sequelize/sequelize/commit/a663c54989de6dc873fdc1825d77e3e9731451ad)) - **sqlite:** retrieve primary key on upsert ([#​12991](https://redirect.github.com/sequelize/sequelize/issues/12991)) ([023e1d9](https://redirect.github.com/sequelize/sequelize/commit/023e1d9aefe10d3c708f1580a979fb2b754bd0d3)) - **types:** allow `(keyof TAttributes)[]` in `UpdateOptions.returning` ([#​13130](https://redirect.github.com/sequelize/sequelize/issues/13130)) ([97ba242](https://redirect.github.com/sequelize/sequelize/commit/97ba2422f2b14f100e202b86e07c6f13cf926e38)) - **types:** models with attributes couldn't be used in some cases ([#​13010](https://redirect.github.com/sequelize/sequelize/issues/13010)) ([de5f21d](https://redirect.github.com/sequelize/sequelize/commit/de5f21dce6e3324f370d578a29b3ec94632e7b5d)) - **types:** remove `string` from `Order` type ([#​13057](https://redirect.github.com/sequelize/sequelize/issues/13057)) ([ac39f8a](https://redirect.github.com/sequelize/sequelize/commit/ac39f8ac753d2d445b115b8c79dc47e24fd112a5)) ### [`v6.6.0`](https://redirect.github.com/sequelize/sequelize/releases/tag/v6.6.0) [Compare Source](https://redirect.github.com/sequelize/sequelize/compare/v6.5.1...v6.6.0) ##### Bug Fixes - **types:** allow `sequelize.col` in `attributes` ([#​13105](https://redirect.github.com/sequelize/sequelize/issues/13105)) ([3fd64cb](https://redirect.github.com/sequelize/sequelize/commit/3fd64cbdfb882b1fb14124b72de62791b2c9c4a5)) - **types:** allow bigints in `WhereValue` ([#​13028](https://redirect.github.com/sequelize/sequelize/issues/13028)) ([8892507](https://redirect.github.com/sequelize/sequelize/commit/88925077eba182814af2ec8f6fa66

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

secure-code-warrior-for-github[bot] commented 3 years ago

Micro-Learning Topic: NoSQL injection (Detected by phrase)

What is this? (2min video)

NoSQL is a variation of data-management technologies, grouped arbitrarily under this name, that really means “non-relational database systems”. This includes graph databases (Cassandra), document databases (MongoDB), key-value stores (Amazon DynamoDB) amongst others.

NoSQL injection happens when an application uses input to build a query or statement without proper filtering or encoding. This may allow an attacker to modify the instruction that is sent to the non-relational database system by supplying specially constructed values, resulting in unauthorised retrieval or modification of data records.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: SQL injection (Detected by phrase)

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: SQLi (Detected by phrase)

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try this challenge in Secure Code Warrior

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: NoSQL injection (Detected by phrase)

Matched on "NoSQL Injection"

What is this? (2min video)

NoSQL is a variation of data-management technologies, grouped arbitrarily under this name, that really means “non-relational database systems”. This includes graph databases (Cassandra), document databases (MongoDB), key-value stores (Amazon DynamoDB) amongst others.

NoSQL injection happens when an application uses input to build a query or statement without proper filtering or encoding. This may allow an attacker to modify the instruction that is sent to the non-relational database system by supplying specially constructed values, resulting in unauthorised retrieval or modification of data records.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "SQL Injection"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try this challenge in Secure Code Warrior

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: NoSQL injection (Detected by phrase)

Matched on "NoSQL Injection"

What is this? (2min video)

NoSQL is a variation of data-management technologies, grouped arbitrarily under this name, that really means “non-relational database systems”. This includes graph databases (Cassandra), document databases (MongoDB), key-value stores (Amazon DynamoDB) amongst others.

NoSQL injection happens when an application uses input to build a query or statement without proper filtering or encoding. This may allow an attacker to modify the instruction that is sent to the non-relational database system by supplying specially constructed values, resulting in unauthorised retrieval or modification of data records.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "SQL Injection"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try this challenge in Secure Code Warrior

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "information disclosure"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

coderabbitai[bot] commented 5 months ago

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


🪧 Tips ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit , please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.