[Snyk] Upgrade sequelize from 6.3.5 to 6.8.0

[snyk-bot]

Snyk has created this PR to upgrade sequelize from 6.3.5 to 6.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-10-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

• 6.8.0 - 2021-10-24
  

  6.8.0 (2021-10-24)

  Bug Fixes

  • types: allow any values in isIn validator (#12962) (d511d91)
  • allows insert primary key with zero (#13458) (e4aff2f)
  • model: Convert number values only if they aren't null to avoid NaN (199b632)
  • model.d: accept [Op.is] in where (broken in TypeScript 4.4) (#13499) (d685a9a)
  • postgres: fix findCreateFind to work with postgres transactions (#13482) (84421d7)
  • select: do not force set subQuery to false (#13490) (0943339)
  • sqlite: fix wrongly overwriting storage if empty string (#13376) (c3e608b), closes #13375
  • types: add missing upsert hooks (#13394) (5e9c209)
  • types: extend BulkCreateOptions by SearchPathable (#13469) (47c2d05), closes #13454
  • types: typo in model.d.ts (#13574) (31d0fbc)

  Features

  • postgres: support query_timeout dialect option (#13258) (3ca085d)
  • typings: add UnknownConstraintError (#13461) (69d899e)
• 6.7.0 - 2021-10-09
  

  6.7.0 (2021-10-09)

  Bug Fixes

  • deps: upgrade to secure versions of dev deps (#13549) (cf53734)
  • docs: fix typo in documentation for polymorphic associations (#13405) (bbf3d76)
  • types: allow rangable to take a string tuple (#13486) (ca2a11a)

  Features

  • test: add test for nested column in where query (#13478) (26b62c7), closes #13288
  • types: make config type deeply writeable for before connect hook (#13424) (f078f77)
• 6.6.5 - 2021-07-06
  

  6.6.5 (2021-07-06)

  Bug Fixes

  • dependency: upgrade validator (#13350) (56bb1d6)
• 6.6.4 - 2021-06-26
  

  6.6.4 (2021-06-26)

  Bug Fixes

  • typings: make Transactionable compatible with TransactionOptions (#13334) (cd2de40)
  • utils: clone attributes before mutating them (#13226) (1a16b91)
  • data-types: use proper field name for ARRAY(ENUM) (#13210) (1cfbd33)
  • typings: fix ignoreDuplicates option (#13220) (b33d78e)
  • typings: allow schema for queryInterface methods (#13223) (6b0b532)
  • typings: restrict update typings (#13216) (63ceb73)
  • typings: returning can specify column names (#13215) (143cc84)
  • typings: model init returns model class, not instance (#13214) (8f2a0d5)
  • plurals: bump inflection dependency (#13260) (deeb5c6)
  • bulk-create: ON CONFLICT with unique index (#13345) (6dcb565)
• 6.6.2 - 2021-03-23
  

  6.6.2 (2021-03-23)

  Bug Fixes

  • types: fix Model.prototype.previous() (#13042) (5b16b32)
• 6.6.1 - 2021-03-22
  

  6.6.1 (2021-03-22)

  Bug Fixes

  • query-generator: use AND in sql for not/between (#13043) (a663c54)
  • sqlite: retrieve primary key on upsert (#12991) (023e1d9)
  • types: allow (keyof TAttributes)[] in UpdateOptions.returning (#13130) (97ba242)
  • types: models with attributes couldn't be used in some cases (#13010) (de5f21d)
  • types: remove string from Order type (#13057) (ac39f8a)
• 6.6.0 - 2021-03-21
  

  6.6.0 (2021-03-21)

  Bug Fixes

  • types: allow sequelize.col in attributes (#13105) (3fd64cb)
  • types: allow bigints in WhereValue (#13028) (8892507)
  • types: decapitalize queryGenerator property (#13126) (9cb4d7f)
  • types: fix Model#previous type (#13106) (466e361)
  • types: fix ValidationErrorItem types (#13108) (e35a9bf)

  Features

  • add-constraint: add deferrable option (#13096) (f98bd7e)
• 6.5.1 - 2021-03-14
  

  6.5.1 (2021-03-14)

  Bug Fixes

  • mysql: release connection on deadlocks (#13102) (6388507)
    • Note: this complements the work done in 6.5.0, fixing another situation not covered by it with MySQL.
  • types: allow transaction to be null (#13093) (ced4dc7)
• 6.5.0 - 2021-01-27
• 6.4.0 - 2021-01-18
• 6.3.5 - 2020-09-01

from sequelize GitHub release notes

Commit messages

Package name: sequelize

• d511d91 fix(types): allow any values in `isIn` validator (#12962)
• e4aff2f fix: allows insert primary key with zero (#13458)
• 4098eb0 chore(docs): Add documentation for increment method (#13254)
• 66e6d76 chore(probot-stale): reenable auto-close issues bot
• 84421d7 fix(postgres): fix `findCreateFind` to work with postgres transactions (#13482)
• 0943339 fix(select): do not force set `subQuery` to `false` (#13490)
• 31d0fbc fix(types): typo in model.d.ts (#13574)
• 176f4ff refactor(mssql test): Fix 'should not contain views' failing (#13400)
• 1340ea1 docs: add sqlcommenter-sequelize to the list of miscellaneous resources (#13449)
• 3ca085d feat(postgres): support `query_timeout` dialect option (#13258)
• e86c884 refactor(connection-manager): change nullish coalescence implementation (#13568)
• c3e608b fix(sqlite): fix wrongly overwriting storage if empty string (#13376)
• dc67dc9 Add sponsors badge
• 8e98f47 refactor(*): add .gitattributes to force LF line ends (#13377)
• 415989f Update documentation - hooks.md - fixed snippet (#13441)
• 47c2d05 fix(types): extend BulkCreateOptions by SearchPathable (#13469)
• 5e9c209 fix(types): add missing upsert hooks (#13394)
• d685a9a fix(model.d): accept [Op.is] in where (broken in TypeScript 4.4) (#13499)
• 69d899e feat(typings): add UnknownConstraintError (#13461)
• 199b632 fix(model): Convert number values only if they aren't null to avoid NaN
• cf53734 fix(deps): upgrade to secure versions of dev deps (#13549)
• 6f758af docs: removed unnecessary brackets from belongs-to-many docs (#13373)
• f078f77 feat(types): make config type deeply writeable for before connect hook (#13424)
• ca2a11a fix(types): allow rangable to take a string tuple (#13486)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs