Update dependency sequelize to v5.15.1 [SECURITY] #113
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.8.5
->5.15.1
GitHub Vulnerability Alerts
CVE-2019-10752
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
Release Notes
sequelize/sequelize
v5.15.1
Compare Source
Security
This fixes a security issue with
sequelize.json()
for MySQL. Old code was still used for formatting sub paths for json queries when used withsequelize.json()
helper functionExample of attack vector
Thanks to @Kirill89 from Snyk Security Research Team for reporting this issue.
v5.15.0
Compare Source
Features
v5.14.0
Compare Source
Features
v5.13.1
Compare Source
Bug Fixes
v5.13.0
Compare Source
Bug Fixes
this
value in getterMethods and setterMethods (#11292) (98a4089)Features
Performance Improvements
v5.12.3
Compare Source
Bug Fixes
v5.12.2
Compare Source
Bug Fixes
v5.12.1
Compare Source
Bug Fixes
2147483
as bigint (#11252) (c32ac01)v5.12.0
Compare Source
Features
v5.11.0
Compare Source
Bug Fixes
Features
v5.10.3
Compare Source
Bug Fixes
v5.10.2
Compare Source
Bug Fixes
v5.10.1
Compare Source
Bug Fixes
v5.10.0
Compare Source
Features
v5.9.5
Compare Source
Bug Fixes
v5.9.4
Compare Source
Bug Fixes
v5.9.3
Compare Source
Bug Fixes
v5.9.2
Compare Source
Bug Fixes
v5.9.1
Compare Source
Bug Fixes
v5.9.0
Compare Source
Features
INSERT
query generation (#11122) (d7c3c7df)v5.8.12
Compare Source
Bug Fixes
v5.8.11
Compare Source
Security Fixes
This release fixes a SQL injection issue with
MySQL/MariaDB
dialect. JSON path keys were not properly escaped for these dialects. We advise all v5 users to update to latest release.Thanks to @Kirill89 from Snyk Security Research Team for reporting this issue.
v5.8.10
Compare Source
Bug Fixes
v5.8.9
Compare Source
Bug Fixes
v5.8.8
Compare Source
Bug Fixes
v5.8.7
Compare Source
Bug Fixes
v5.8.6
Compare Source
Bug Fixes
Renovate configuration
📅 Schedule: "" in timezone Australia/Melbourne.
🚦 Automerge: Enabled.
♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!
".🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.