[Snyk] Upgrade sequelize from 4.44.4 to 6.28.1

[SamsonIdowu]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sequelize from 4.44.4 to 6.28.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 213 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-02-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2932027	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2959225	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Information Exposure SNYK-JS-SEQUELIZE-3324089	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

• 6.28.1 - 2023-02-21
  

  6.28.1 (2023-02-21)

  Bug Fixes

  • throw if where receives an invalid value (#15699) (d9e0728)
  • update moment-timezone version (#15685) (48d6193)
• 6.28.0 - 2022-12-20
  

  6.28.0 (2022-12-20)

  Features

  • types: use retry-as-promised types for retry options to match documentation (#15484) (fd4afa6)
• 6.27.0 - 2022-12-12
  

  6.27.0 (2022-12-12)

  Features

  • add support for bigints (backport of #14485) (#15413) (1247c01)
• 6.26.0 - 2022-11-29
  

  6.26.0 (2022-11-29)

  Features

  • postgres: add support for lock_timeout [#15345] (#15355) (94beace)
• 6.25.8 - 2022-11-22
  

  6.25.8 (2022-11-22)

  Bug Fixes

  • oracle: remove hardcoded maxRows value (#15323) (7885000)
• 6.25.7 - 2022-11-19
  

  6.25.7 (2022-11-19)

  Bug Fixes

  • fix parameters not being replaced when after $$ strings (#15307) (bc39fd6)
• 6.25.6 - 2022-11-15
  

  6.25.6 (2022-11-15)

  Bug Fixes

  • postgres: invalidate connection after client-side timeout (#15283) (a205765), closes /github.com/brianc/node-postgres/blob/5538df6b446f4b4f921947b460fe38acb897e579/packages/pg/lib/client.js#L529
• 6.25.5 - 2022-11-07
  

  6.25.5 (2022-11-07)

  Bug Fixes

  • remove options.model overwrite on bulkUpdate (#15252) (67e69cd), closes #15231
• 6.25.4 - 2022-11-05
• 6.25.3 - 2022-10-19
• 6.25.2 - 2022-10-15
• 6.25.1 - 2022-10-13
• 6.25.0 - 2022-10-11
• 6.24.0 - 2022-10-04
• 6.23.2 - 2022-09-27
• 6.23.1 - 2022-09-22
• 6.23.0 - 2022-09-17
• 6.22.1 - 2022-09-16
• 6.22.0 - 2022-09-15
• 6.21.6 - 2022-09-09
• 6.21.5 - 2022-09-08
• 6.21.4 - 2022-08-18
• 6.21.3 - 2022-07-11
• 6.21.2 - 2022-06-28
• 6.21.1 - 2022-06-25
• 6.21.0 - 2022-06-16
• 6.20.1 - 2022-05-27
• 6.20.0 - 2022-05-23
• 6.19.2 - 2022-05-18
• 6.19.1 - 2022-05-17
• 6.19.0 - 2022-04-12
• 6.18.0 - 2022-04-03
• 6.17.0 - 2022-02-25
• 6.16.3 - 2022-02-24
• 6.16.2 - 2022-02-18
• 6.16.1 - 2022-02-09
• 6.16.0 - 2022-02-08
• 6.15.1 - 2022-02-06
• 6.15.0 - 2022-01-29
• 6.14.1 - 2022-01-25
• 6.14.0 - 2022-01-22
• 6.13.0 - 2022-01-10
• 6.12.5 - 2022-01-04
• 6.12.4 - 2021-12-28
• 6.12.3 - 2021-12-27
• 6.12.2 - 2021-12-22
• 6.12.1 - 2021-12-21
• 6.12.0 - 2021-12-17
• 6.12.0-beta.3 - 2021-12-12
• 6.12.0-beta.2 - 2021-12-10
• 6.12.0-beta.1 - 2021-12-04
• 6.12.0-alpha.1 - 2021-11-19
• 6.11.0 - 2021-11-18
• 6.10.0 - 2021-11-18
• 6.9.0 - 2021-11-01
• 6.8.0 - 2021-10-24
• 6.7.0 - 2021-10-09
• 6.6.5 - 2021-07-06
• 6.6.4 - 2021-06-26
• 6.6.2 - 2021-03-23
• 6.6.1 - 2021-03-22
• 6.6.0 - 2021-03-21
• 6.5.1 - 2021-03-14
• 6.5.0 - 2021-01-27
• 6.4.0 - 2021-01-18
• 6.3.5 - 2020-09-01
• 6.3.4 - 2020-08-01
• 6.3.3 - 2020-07-11
• 6.3.2 - 2020-07-11
• 6.3.1 - 2020-07-10
• 6.3.0 - 2020-07-04
• 6.2.4 - 2020-07-01
• 6.2.3 - 2020-06-28
• 6.2.2 - 2020-06-27
• 6.2.1 - 2020-06-27
• 6.2.0 - 2020-06-26
• 6.1.1 - 2020-06-26
• 6.1.0 - 2020-06-24
• 6.0.0-beta.7 - 2020-06-24
• 6.0.0-beta.6 - 2020-05-17
• 6.0.0-beta.5 - 2020-02-20
• 6.0.0-beta.4 - 2019-12-12
• 6.0.0-beta.3 - 2019-10-20
• 6.0.0-beta.2 - 2019-10-19
• 6.0.0-beta.1 - 2019-06-12
• 5.22.5 - 2021-12-21
• 5.22.4 - 2021-03-14
• 5.22.3 - 2020-06-30
• 5.22.2 - 2020-06-27
• 5.22.1 - 2020-06-26
• 5.22.0 - 2020-06-24
• 5.21.13 - 2020-06-14
• 5.21.12 - 2020-06-05
• 5.21.11 - 2020-05-26
• 5.21.10 - 2020-05-19
• 5.21.9 - 2020-05-14
• 5.21.8 - 2020-05-10
• 5.21.7 - 2020-04-23
• 5.21.6 - 2020-04-04
• 5.21.5 - 2020-02-20
• 5.21.4 - 2020-02-07
• 5.21.3 - 2019-12-13
• 5.21.2 - 2019-10-29
• 5.21.1 - 2019-10-19
• 5.21.0 - 2019-10-18
• 5.20.0 - 2019-10-18
• 5.19.8 - 2019-10-17
• 5.19.7 - 2019-10-16
• 5.19.6 - 2019-10-11
• 5.19.5 - 2019-10-09
• 5.19.4 - 2019-10-07
• 5.19.3 - 2019-10-05
• 5.19.2 - 2019-10-01
• 5.19.1 - 2019-09-27
• 5.19.0 - 2019-09-19
• 5.18.4 - 2019-09-08
• 5.18.3 - 2019-09-08
• 5.18.2 - 2019-09-07
• 5.18.1 - 2019-09-03
• 5.18.0 - 2019-08-31
• 5.17.2 - 2019-08-30
• 5.17.1 - 2019-08-29
• 5.17.0 - 2019-08-28
• 5.16.0 - 2019-08-22
• 5.15.2 - 2019-08-21
• 5.15.1 - 2019-08-18
• 5.15.0 - 2019-08-14
• 5.14.0 - 2019-08-13
• 5.13.1 - 2019-08-11
• 5.13.0 - 2019-08-09
• 5.12.3 - 2019-08-04
• 5.12.2 - 2019-07-31
• 5.12.1 - 2019-07-30
• 5.12.0 - 2019-07-30
• 5.11.0 - 2019-07-27
• 5.10.3 - 2019-07-25
• 5.10.2 - 2019-07-23
• 5.10.1 - 2019-07-14
• 5.10.0 - 2019-07-11
• 5.9.5 - 2019-07-11
• 5.9.4 - 2019-07-06
• 5.9.3 - 2019-07-05
• 5.9.2 - 2019-07-02
• 5.9.1 - 2019-07-02
• 5.9.0 - 2019-06-28
• 5.8.12 - 2019-06-22
• 5.8.11 - 2019-06-21
• 5.8.10 - 2019-06-17
• 5.8.9 - 2019-06-11
• 5.8.8 - 2019-06-10
• 5.8.7 - 2019-05-29
• 5.8.6 - 2019-05-12
• 5.8.5 - 2019-05-05
• 5.8.4 - 2019-05-03
• 5.8.3 - 2019-05-03
• 5.8.2 - 2019-05-01
• 5.8.1 - 2019-04-30
• 5.8.0 - 2019-04-29
• 5.7.6 - 2019-04-26
• 5.7.5 - 2019-04-24
• 5.7.4 - 2019-04-22
• 5.7.3 - 2019-04-22
• 5.7.2 - 2019-04-22
• 5.7.1 - 2019-04-20
• 5.7.0 - 2019-04-18
• 5.6.1 - 2019-04-17
• 5.6.0 - 2019-04-16
• 5.5.1 - 2019-04-16
• 5.5.0 - 2019-04-15
• 5.4.0 - 2019-04-15
• 5.3.5 - 2019-04-12
• 5.3.4 - 2019-04-12
• 5.3.3 - 2019-04-12
• 5.3.2 - 2019-04-11
• 5.3.1 - 2019-04-11
• 5.3.0 - 2019-04-10
• 5.2.15 - 2019-04-09
• 5.2.14 - 2019-04-09
• 5.2.13 - 2019-04-08
• 5.2.12 - 2019-04-04
• 5.2.11 - 2019-04-03
• 5.2.10 - 2019-04-03
• 5.2.9 - 2019-04-02
• 5.2.8 - 2019-03-31
• 5.2.7 - 2019-03-30
• 5.2.6 - 2019-03-29
• 5.2.5 - 2019-03-29
• 5.2.4 - 2019-03-29
• 5.2.3 - 2019-03-28
• 5.2.2 - 2019-03-28
• 5.2.1 - 2019-03-27
• 5.2.0 - 2019-03-26
• 5.1.1 - 2019-03-23
• 5.1.0 - 2019-03-13
• 5.0.0-beta.17 - 2019-03-13
• 5.0.0-beta.16 - 2019-01-18
• 5.0.0-beta.15 - 2018-12-09
• 5.0.0-beta.14 - 2018-11-04
• 5.0.0-beta.13 - 2018-10-20
• 5.0.0-beta.12 - 2018-09-08
• 5.0.0-beta.11 - 2018-08-28
• 5.0.0-beta.10 - 2018-07-22
• 5.0.0-beta.9 - 2018-06-24
• 5.0.0-beta.8 - 2018-06-17
• 5.0.0-beta.7 - 2018-05-28
• 5.0.0-beta.6 - 2018-05-19
• 5.0.0-beta.5 - 2018-05-06
• 5.0.0-beta.4 - 2018-04-29
• 5.0.0-beta.3 - 2018-04-18
• 5.0.0-beta.2 - 2018-04-08
• 5.0.0-beta.1 - 2018-03-29
• 5.0.0-beta - 2018-03-24
• 5.0.0-0 - 2018-03-10
• 4.44.4 - 2020-02-21

from sequelize GitHub release notes

Commit messages

Package name: sequelize

• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)
• fd4afa6 feat(types): use retry-as-promised types for retry options to match documentation (#15484)
• 1247c01 feat: add support for bigints (backport of #14485) (#15413)
• 94beace feat(postgres): add support for lock_timeout [#15345] (#15355)
• 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
• bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
• a205765 fix(postgres): invalidate connection after client-side timeout (#15283)
• 67e69cd fix: remove options.model overwrite on bulkUpdate (#15252)
• 00c6da3 fix(types): add instance.dataValues property to model.d.ts (#15240)
• bf98d7c meta: swap Slack links (#15159)
• 7990095 fix: don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix (#15139)
• 851daaf fix(types): fix TS 4.9 excessive depth error on `InferAttributes` (v6) (#15135)
• 9dd93b8 fix(types): expose legacy "types" folder in export alias ( #15123)
• 06ad05d feat(oracle): add support for `dialectOptions.connectString` (#15042)
• a44772e feat(snowflake): Add support for `QueryGenerator#tableExistsQuery` (#15087)
• 55051d0 docs: add missing ssl options for sequelize instance (v6) (#15049)
• 5c88734 docs(model): Added paranoid option for Model.BelongsToMany.through (#15065)
• 7203b66 fix(postgres): add custom order direction to subQuery ordering with minified alias (#15056)
• 5f621d7 fix(oracle): add support for Oracle DB 18c CI (#15016)
• 3468378 feat(types): add typescript 4.8 compatibility (#14990)
• 1da6657 fix(types): missing type for oracle dialect in v6 (#14992)
• c230d80 feat(oracle): add oracle dialect support (#14638)
• 33d94b2 fix(types): backport #14704 for v6 (#14964)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs