-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency sequelize to v6 [SECURITY] #3
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
July 29, 2021 17:52
1400e39
to
51d1b62
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Jul 29, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
July 30, 2021 07:14
51d1b62
to
3e5847e
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Jul 30, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
July 30, 2021 08:46
3e5847e
to
417fa57
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Jul 30, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 4, 2021 10:35
417fa57
to
a0f5f8d
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Aug 4, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 4, 2021 11:42
a0f5f8d
to
b16cb0f
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Aug 4, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 10, 2021 07:41
b16cb0f
to
685e525
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Aug 10, 2021
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v6 [SECURITY] - autoclosed
Aug 10, 2021
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY] - autoclosed
Update dependency sequelize to v6 [SECURITY]
Aug 10, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
2 times, most recently
from
August 10, 2021 13:03
44da980
to
c19463e
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Aug 10, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 12, 2021 12:09
c19463e
to
ed1e3bf
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Aug 12, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 12, 2021 13:20
ed1e3bf
to
2cd6359
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Aug 12, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 13, 2021 13:30
2cd6359
to
2292aae
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Aug 13, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 13, 2021 15:16
2292aae
to
757a8f9
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Aug 13, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
August 16, 2021 12:59
757a8f9
to
98a48e9
Compare
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 6, 2021 11:10
0c29433
to
0f2eb9e
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 6, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 9, 2021 08:46
0f2eb9e
to
edb11e6
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 9, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 9, 2021 09:54
edb11e6
to
2ee0ce7
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 9, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 9, 2021 11:26
2ee0ce7
to
65734b6
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 9, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 9, 2021 13:25
65734b6
to
ebcb819
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 9, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 13, 2021 09:11
ebcb819
to
731d4a3
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 13, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 13, 2021 11:28
731d4a3
to
53fc191
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 13, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 16, 2021 12:23
53fc191
to
6c71617
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 16, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 16, 2021 14:24
6c71617
to
7fcab0f
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 16, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 22, 2021 11:22
7fcab0f
to
c5605b6
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 22, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 22, 2021 12:47
c5605b6
to
866fa97
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 22, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 23, 2021 13:44
866fa97
to
c79c09f
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Sep 23, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
September 23, 2021 14:44
c79c09f
to
0dc11e0
Compare
renovate
bot
changed the title
Update dependency sequelize to v6 [SECURITY]
Update dependency sequelize to v4 [SECURITY]
Sep 23, 2021
renovate
bot
force-pushed
the
renovate/npm-sequelize-vulnerability
branch
from
October 20, 2021 05:23
0dc11e0
to
e68179f
Compare
renovate
bot
changed the title
Update dependency sequelize to v4 [SECURITY]
Update dependency sequelize to v6 [SECURITY]
Oct 20, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^3.30.4
->^6.0.0
GitHub Vulnerability Alerts
GHSA-wfp9-vr4j-f49j
Versions of
sequelize
prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as$gt
are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.Recommendation
Upgrade to version 4.12.0 or later
CVE-2019-10752
Affected versions of
sequelize
are vulnerable to SQL Injection. The functionsequelize.json()
incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example:const Sequelize = require('sequelize');
const sequelize = new Sequelize({
dialect: 'sqlite',
storage: 'database.sqlite'
});
const TypeError = sequelize.define('TypeError', {
name: Sequelize.STRING,
});
TypeError.sync({force: true}).then(() => {
return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});
Database Engine Support
We have updated our minimum supported database engine versions. Using older database engine will show
SEQUELIZE0006
deprecation warning. Please check ENGINE.md for version table.Sequelize
Sequelize.Promise
is no longer available.sequelize.import
method has been removed.Mode
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.