[Snyk] Security upgrade sequelize from 5.21.5 to 6.6.5 #653
Conversation
…-restapi/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "pg": "^7.11.0", | ||
| "reflect-metadata": "^0.1.13", | ||
| "sequelize": "^5.15.1", | ||
| "sequelize": "^6.6.5", |
There was a problem hiding this comment.
Bug: Incompatible sequelize-typescript version with Sequelize 6 upgrade
The sequelize package was upgraded from 5.x to 6.x, but sequelize-typescript remains at version 0.6.11. This version of sequelize-typescript depends on @types/sequelize 4.28.1 and @types/bluebird, indicating it was built for Sequelize 4/5. Sequelize 6 has breaking changes including removal of Bluebird promises and API modifications. The application uses sequelize-typescript decorators and the Model class throughout, and this incompatibility will cause runtime failures. For Sequelize 6 compatibility, sequelize-typescript needs to be upgraded to version 2.x.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
exercises/udacity-c2-restapi/package.jsonexercises/udacity-c2-restapi/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-VALIDATOR-13653476
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Upgrade
sequelizefrom 5.x to 6.6.5 and update lockfile (lodash, moment(+timezone), validator, semver, sequelize-pool, wkx, inflection); remove Bluebird/CLS-related deps.sequelizeto^6.6.5inexercises/udacity-c2-restapi/package.json.package-lock.json:lodash,moment,moment-timezone,validator,semver,sequelize-pool,wkx,inflection,uuid.bluebird,cls-bluebird,is-bluebird,shimmer.Written by Cursor Bugbot for commit 52b0bd2. This will update automatically on new commits. Configure here.