Skip to content

[Snyk] Security upgrade sequelize-cli from 4.1.1 to 5.5.0

Juha requested to merge snyk-fix-8ffe28a94ca961439b1e08eab666adeb into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381 		Yes Proof of Concept
Commit messages
Package name: sequelize-cli The new version differs by 36 commits.
  • c46f744 5.5.0
  • 3d1c41e docs: changelog for next release
  • a04ff93 chores: remove extra build from ci
  • cd57b40 fix: special characters in password are not escaped (#722)
  • 0828c1f chore(package): update mocha to version 6.0.0 (#745)
  • c15c81f change: default config for operator aliases (#743)
  • 8dc5a20 fix(package): update yargs to version 13.1.0 (#744)
  • 77a9a76 chore(package): update gulp to version 4.0.0 (#726)
  • c19149f docs: enum type (#728)
  • 139f854 5.4.0
  • a3acaef docs: changelog for v5.4.0
  • 002b564 chores: update dependencies
  • 55a8673 fix: show commands with --help (#719)
  • 9119c79 chore(package): update through2 to version 3.0.0 (#714)
  • fc9bf90 5.3.0
  • d65df7d docs: changelog for v5.3.0
  • ff4e5c3 fix(db:create): syntax errors on mssql create statement (#711)
  • 1a0f15a style: grammar mistake in seeder skeleton (#705)
  • ee4e9db feat(mode:generate) add enum support (#704)
  • 1057191 5.2.0
  • 15dbf8e changelog for v5.2.0
  • aedca52 feat(db:create): support options on db:create with sequelize@4 (#700)
  • e19de05 5.1.0
  • 41aeff6 changelog for v5.1.0

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports