Array is being stored as `[object Object]` in `v5.1.6`

[shubhamp-sf]

Issue Summary

This package had a vulnerability from v5.0.0 - v5.1.4, which is said to be fixed by this commit and published starting the version 5.1.6, but this version came with a breaking change i.e. an array is being stored as [object Object]. As can be seen in sample.log in my reproduction code whereas the same works in 5.1.4.

Steps to Reproduce

Reproduction repo: https://github.com/shubhamp-sf/sequelize-x-sqlite3-5.1.6

Version

5.1.6

Node.js Version

v18.15.0

How did you install the library?

Using npm on Darwin arm64 based machine.

[shubhamp-sf]

@daniellockyer can I have your attention on this please? It's breaking since that vulner.. fix.

[syl-oh]

I have seen the same thing with date being saved as [object Object] since the vulnerability fix. In our case we had to save it as string instead of Date.

[shubhamp-sf]

@syl-oh that's kind of a workaround then, This change should have been introduced as BREAKING by maintainers if they expect us to change all those affected type (date, object etc.). But either way It shouldn't affect the existing types as far as I've read the vulnerability.

[SebSiecz]

an array stored gets returned as [object Object].

Also seeing this with arrays since the vulnerability fix, but not only returned as this, but the actual value stored in the DB file is [object Object] so potential data loss there.

[shubhamp-sf]

@daniellockyer Can you please fix it? It's a major bug.

[mvduin]

Even if stringifying arguments were an actual security vulnerability (it isn't), the correct fix would have been to throw a TypeError, not silently corrupt user data. Nobody wants to insert "[object Object]" into a database.