[Snyk] Upgrade sequelize from 6.16.1 to 6.32.1

[fabiosdsilva]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sequelize from 6.16.1 to 6.32.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 45 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2023-06-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	SQL Injection SNYK-JS-SEQUELIZE-2932027	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2959225	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	No Known Exploit
	Prototype Pollution SNYK-JS-DOTTIE-3332763	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Proof of Concept
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	No Known Exploit
	Information Exposure SNYK-JS-SEQUELIZE-3324089	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

• 6.32.1 - 2023-06-17
  

  6.32.1 (2023-06-17)

  Bug Fixes

  • bump dependencies (#16119) (a3213f0)
• 6.32.0 - 2023-06-01
  

  6.32.0 (2023-06-01)

  Bug Fixes

  • move types condition to the front (#16085) (99c3530)
  • oracle: For Raw queries avoid converting the input parameters passed (#16067) (fd38e79)
  • oracle: reordered check constraint for unsigned numeric type (#16074) (5c8250e)

  Features

  • oracle: add new error messages introduced in new driver version (#16075) (e07eefb)
  • oracle: add width support for numerictype (#16073) (af4f0ae)
• 6.31.1 - 2023-05-01
  

  6.31.1 (2023-05-01)

  Bug Fixes

  • postgres: adds support for minifying through join aliases (#15897) (a9fd501)
• 6.31.0 - 2023-04-09
  

  6.31.0 (2023-04-09)

  Bug Fixes

  • postgres: prevent crash if postgres connection emits multiple errors (#15868) (58576dd)
  • update Slack invitation link (#15849) (9d864be)

  Features

  • add beforePoolAcquire and afterPoolAcquire hooks (#15874) (f2a4535)
• 6.30.0 - 2023-03-24
  

  6.30.0 (2023-03-24)

  Bug Fixes

  • pass CLS transaction to model hooks (#15818) (46d3553)

  Features

  • postgres, sqlite: add conflictWhere option to Model.bulkCreate (#15788) (295c297)
  • postgres, sqlite: add conflictWhere option to upsert (#15786) (1e68681)
  • postgres, sqlite: allow override of conflict keys for bulkCreate (#15787) (2e50bd9)
• 6.29.3 - 2023-03-10
• 6.29.2 - 2023-03-09
• 6.29.1 - 2023-03-07
• 6.29.0 - 2023-02-23
• 6.28.2 - 2023-02-22
• 6.28.1 - 2023-02-21
• 6.28.0 - 2022-12-20
• 6.27.0 - 2022-12-12
• 6.26.0 - 2022-11-29
• 6.25.8 - 2022-11-22
• 6.25.7 - 2022-11-19
• 6.25.6 - 2022-11-15
• 6.25.5 - 2022-11-07
• 6.25.4 - 2022-11-05
• 6.25.3 - 2022-10-19
• 6.25.2 - 2022-10-15
• 6.25.1 - 2022-10-13
• 6.25.0 - 2022-10-11
• 6.24.0 - 2022-10-04
• 6.23.2 - 2022-09-27
• 6.23.1 - 2022-09-22
• 6.23.0 - 2022-09-17
• 6.22.1 - 2022-09-16
• 6.22.0 - 2022-09-15
• 6.21.6 - 2022-09-09
• 6.21.5 - 2022-09-08
• 6.21.4 - 2022-08-18
• 6.21.3 - 2022-07-11
• 6.21.2 - 2022-06-28
• 6.21.1 - 2022-06-25
• 6.21.0 - 2022-06-16
• 6.20.1 - 2022-05-27
• 6.20.0 - 2022-05-23
• 6.19.2 - 2022-05-18
• 6.19.1 - 2022-05-17
• 6.19.0 - 2022-04-12
• 6.18.0 - 2022-04-03
• 6.17.0 - 2022-02-25
• 6.16.3 - 2022-02-24
• 6.16.2 - 2022-02-18
• 6.16.1 - 2022-02-09

from sequelize GitHub release notes

Commit messages

Package name: sequelize

• a3213f0 fix: bump dependencies (#16119)
• 99c3530 fix: move `types` condition to the front (#16085)
• af4f0ae feat(oracle): add width support for numerictype (#16073)
• e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
• 5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
• fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#16067)
• eb71077 meta: use Node 18 in CI (#16000)
• a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)
• f2a4535 feat: add beforePoolAcquire and afterPoolAcquire hooks (#15874)
• 58576dd fix(postgres): prevent crash if postgres connection emits multiple errors (#15868)
• 9d864be fix: update Slack invitation link (#15849)
• 295c297 feat(postgres, sqlite): add conflictWhere option to Model.bulkCreate (#15788)
• 338ae6a meta(db2): remove node:util (#15819)
• 2e50bd9 feat(postgres, sqlite): allow override of conflict keys for bulkCreate (#15787)
• 46d3553 fix: pass CLS transaction to model hooks (#15818)
• 1e68681 feat(postgres, sqlite): add conflictWhere option to upsert (#15786)
• 5bda2ce fix: fix unnamed dollar string detection (#15759)
• 1ad9a64 fix(postgres): escape identifier in createSchema and dropSchema (#15752)
• 1b94462 fix(postgres): make sync not fail when trying to create existing enum (#15718)
• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
• 53bd9b7 meta: fix null test getWhereConditions (#15705)
• 13f2e89 fix: accept undefined in where (#15703)
• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs