[Snyk] Upgrade sequelize from 6.21.2 to 6.33.0

[Saamstep]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sequelize from 6.21.2 to 6.33.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 34 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-09-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-DOTTIE-3332763	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-SEQUELIZE-3324089	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

• 6.33.0 - 2023-09-08

  6.33.0 (2023-09-08)

  Bug Fixes

  • types: remove escape from query-interface types (#15944) (2eb7a5d)

  Features

  • types: add TypeScript 5.2 support (#16442) (367caf3)
• 6.32.1 - 2023-06-17

  6.32.1 (2023-06-17)

  Bug Fixes

  • bump dependencies (#16119) (a3213f0)
• 6.32.0 - 2023-06-01

  6.32.0 (2023-06-01)

  Bug Fixes

  • move types condition to the front (#16085) (99c3530)
  • oracle: For Raw queries avoid converting the input parameters passed (#16067) (fd38e79)
  • oracle: reordered check constraint for unsigned numeric type (#16074) (5c8250e)

  Features

  • oracle: add new error messages introduced in new driver version (#16075) (e07eefb)
  • oracle: add width support for numerictype (#16073) (af4f0ae)
• 6.31.1 - 2023-05-01
• 6.31.0 - 2023-04-09
• 6.30.0 - 2023-03-24
• 6.29.3 - 2023-03-10
• 6.29.2 - 2023-03-09
• 6.29.1 - 2023-03-07
• 6.29.0 - 2023-02-23
• 6.28.2 - 2023-02-22
• 6.28.1 - 2023-02-21
• 6.28.0 - 2022-12-20
• 6.27.0 - 2022-12-12
• 6.26.0 - 2022-11-29
• 6.25.8 - 2022-11-22
• 6.25.7 - 2022-11-19
• 6.25.6 - 2022-11-15
• 6.25.5 - 2022-11-07
• 6.25.4 - 2022-11-05
• 6.25.3 - 2022-10-19
• 6.25.2 - 2022-10-15
• 6.25.1 - 2022-10-13
• 6.25.0 - 2022-10-11
• 6.24.0 - 2022-10-04
• 6.23.2 - 2022-09-27
• 6.23.1 - 2022-09-22
• 6.23.0 - 2022-09-17
• 6.22.1 - 2022-09-16
• 6.22.0 - 2022-09-15
• 6.21.6 - 2022-09-09
• 6.21.5 - 2022-09-08
• 6.21.4 - 2022-08-18
• 6.21.3 - 2022-07-11
• 6.21.2 - 2022-06-28

from sequelize GitHub release notes

Commit messages

Package name: sequelize

• 367caf3 feat(types): add TypeScript 5.2 support (#16442)
• e4c780c meta: update lockfile (#16265)
• 2eb7a5d fix(types): remove escape from query-interface types (#15944)
• a3213f0 fix: bump dependencies (#16119)
• 99c3530 fix: move `types` condition to the front (#16085)
• af4f0ae feat(oracle): add width support for numerictype (#16073)
• e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
• 5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
• fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#16067)
• eb71077 meta: use Node 18 in CI (#16000)
• a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)
• f2a4535 feat: add beforePoolAcquire and afterPoolAcquire hooks (#15874)
• 58576dd fix(postgres): prevent crash if postgres connection emits multiple errors (#15868)
• 9d864be fix: update Slack invitation link (#15849)
• 295c297 feat(postgres, sqlite): add conflictWhere option to Model.bulkCreate (#15788)
• 338ae6a meta(db2): remove node:util (#15819)
• 2e50bd9 feat(postgres, sqlite): allow override of conflict keys for bulkCreate (#15787)
• 46d3553 fix: pass CLS transaction to model hooks (#15818)
• 1e68681 feat(postgres, sqlite): add conflictWhere option to upsert (#15786)
• 5bda2ce fix: fix unnamed dollar string detection (#15759)
• 1ad9a64 fix(postgres): escape identifier in createSchema and dropSchema (#15752)
• 1b94462 fix(postgres): make sync not fail when trying to create existing enum (#15718)
• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
• 53bd9b7 meta: fix null test getWhereConditions (#15705)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs