[Snyk] Upgrade sequelize from 6.3.5 to 6.37.3

[GLOBAL-FINTECH]

Snyk has created this PR to upgrade sequelize from 6.3.5 to 6.37.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 85 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2024-04-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Code Injection SNYK-JS-LODASH-1040724	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2959225	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	No Known Exploit
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	No Known Exploit
	Directory Traversal SNYK-JS-MOMENT-2440688	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Prototype Pollution SNYK-JS-DOTTIE-3332763	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Information Exposure SNYK-JS-SEQUELIZE-3324089	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2932027	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sequelize

• 6.37.3 - 2024-04-13
  

  6.37.3 (2024-04-13)

  Bug Fixes

  • postgres: use schema for foreign key constrains of a table (#17099) (6aba382)
• 6.37.2 - 2024-03-29
  

  6.37.2 (2024-03-29)

  Bug Fixes

  • add readOnly to the transaction options types and docs (#17226) (7c8972f)
• 6.37.1 - 2024-02-18
  

  6.37.1 (2024-02-18)

  Bug Fixes

  • types: Add definition of returning in SaveOptions. (#16954) (505467b)
• 6.37.0 - 2024-02-11
  

  6.37.0 (2024-02-11)

  Features

  • postgres: support connectionTimeoutMillis dialectOption (#14119) (e81200e)
• 6.36.0 - 2024-02-02
• 6.35.2 - 2023-12-11
• 6.35.1 - 2023-11-19
• 6.35.0 - 2023-11-12
• 6.34.0 - 2023-11-03
• 6.33.0 - 2023-09-08
• 6.32.1 - 2023-06-17
• 6.32.0 - 2023-06-01
• 6.31.1 - 2023-05-01
• 6.31.0 - 2023-04-09
• 6.30.0 - 2023-03-24
• 6.29.3 - 2023-03-10
• 6.29.2 - 2023-03-09
• 6.29.1 - 2023-03-07
• 6.29.0 - 2023-02-23
• 6.28.2 - 2023-02-22
• 6.28.1 - 2023-02-21
• 6.28.0 - 2022-12-20
• 6.27.0 - 2022-12-12
• 6.26.0 - 2022-11-29
• 6.25.8 - 2022-11-22
• 6.25.7 - 2022-11-19
• 6.25.6 - 2022-11-15
• 6.25.5 - 2022-11-07
• 6.25.4 - 2022-11-05
• 6.25.3 - 2022-10-19
• 6.25.2 - 2022-10-15
• 6.25.1 - 2022-10-13
• 6.25.0 - 2022-10-11
• 6.24.0 - 2022-10-04
• 6.23.2 - 2022-09-27
• 6.23.1 - 2022-09-22
• 6.23.0 - 2022-09-17
• 6.22.1 - 2022-09-16
• 6.22.0 - 2022-09-15
• 6.21.6 - 2022-09-09
• 6.21.5 - 2022-09-08
• 6.21.4 - 2022-08-18
• 6.21.3 - 2022-07-11
• 6.21.2 - 2022-06-28
• 6.21.1 - 2022-06-25
• 6.21.0 - 2022-06-16
• 6.20.1 - 2022-05-27
• 6.20.0 - 2022-05-23
• 6.19.2 - 2022-05-18
• 6.19.1 - 2022-05-17
• 6.19.0 - 2022-04-12
• 6.18.0 - 2022-04-03
• 6.17.0 - 2022-02-25
• 6.16.3 - 2022-02-24
• 6.16.2 - 2022-02-18
• 6.16.1 - 2022-02-09
• 6.16.0 - 2022-02-08
• 6.15.1 - 2022-02-06
• 6.15.0 - 2022-01-29
• 6.14.1 - 2022-01-25
• 6.14.0 - 2022-01-22
• 6.13.0 - 2022-01-10
• 6.12.5 - 2022-01-04
• 6.12.4 - 2021-12-28
• 6.12.3 - 2021-12-27
• 6.12.2 - 2021-12-22
• 6.12.1 - 2021-12-21
• 6.12.0 - 2021-12-17
• 6.12.0-beta.3 - 2021-12-12
• 6.12.0-beta.2 - 2021-12-10
• 6.12.0-beta.1 - 2021-12-04
• 6.12.0-alpha.1 - 2021-11-19
• 6.11.0 - 2021-11-18
• 6.10.0 - 2021-11-18
• 6.9.0 - 2021-11-01
• 6.8.0 - 2021-10-24
• 6.7.0 - 2021-10-09
• 6.6.5 - 2021-07-06
• 6.6.4 - 2021-06-26
• 6.6.2 - 2021-03-23
• 6.6.1 - 2021-03-22
• 6.6.0 - 2021-03-21
• 6.5.1 - 2021-03-14
• 6.5.0 - 2021-01-27
• 6.4.0 - 2021-01-18
• 6.3.5 - 2020-09-01

from sequelize GitHub release notes

Commit messages

Package name: sequelize

• 6aba382 fix(postgres): use schema for foreign key constrains of a table (#17099)
• 7c8972f fix: add `readOnly` to the transaction options types and docs (#17226)
• 505467b fix(types): Add definition of `returning` in `SaveOptions`. (#16954)
• e81200e feat(postgres): support connectionTimeoutMillis dialectOption (#14119)
• a250058 feat(postgres): backport stream dialectOption to v6 (#16868)
• cb8ea88 fix: sort keys by depth in groupJoinData (#16823)
• 47cba67 fix(mssql): allow calling describeTable a table with a dot in its name (#16769)
• 5bfbb99 feat: backport `findModel` to v6 (#16705)
• 6c03176 fix(oracle): clean constraints (#16694)
• b204b5f fix(oracle): add missing default and not null condition to addColumn (#16619)
• b284d37 feat(oracle): add support for lock (#16643)
• 57025db meta: add node-gyp globally (#16696)
• 252e6d2 docs: add missing conflictAttributes to bulkCreate (#16573)
• 367caf3 feat(types): add TypeScript 5.2 support (#16442)
• e4c780c meta: update lockfile (#16265)
• 2eb7a5d fix(types): remove escape from query-interface types (#15944)
• a3213f0 fix: bump dependencies (#16119)
• 99c3530 fix: move `types` condition to the front (#16085)
• af4f0ae feat(oracle): add width support for numerictype (#16073)
• e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
• 5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
• fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#16067)
• eb71077 meta: use Node 18 in CI (#16000)
• a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[openzeppelin-code]

[Snyk] Upgrade sequelize from 6.3.5 to 6.37.3

Generated at commit: 3c560c9f9c1e48b326d6a6b321e9d60da349926c

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector