[Snyk] Security upgrade sequelize from 4.42.0 to 6.6.5#52
[Snyk] Security upgrade sequelize from 4.42.0 to 6.6.5#52
Conversation
…duce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "jsonwebtoken": "^8.3.0", | ||
| "pg": "^7.7.1", | ||
| "sequelize": "^4.42.0", | ||
| "sequelize": "^6.6.5", |
There was a problem hiding this comment.
Bug: Major version upgrade breaks existing Sequelize configuration
Upgrading sequelize from v4.42.0 to v6.6.5 is a breaking change, but the existing configuration in sequelizeConfig.js uses operatorsAliases: false, an option that was removed in Sequelize v5/v6. This will cause the application to fail at startup when Sequelize throws an error about the unrecognized/removed option. The upgrade requires corresponding code changes to remove the deprecated operatorsAliases option from the configuration.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
user-service/package.jsonuser-service/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-VALIDATOR-13653476
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Upgrades sequelize to 6.6.5 in user-service and updates/removes transitive dependencies accordingly.
sequelizefrom^4.42.0to^6.6.5inuser-service/package.json.lodash,moment/moment-timezone,validator,uuid,wkx,retry-as-promised,inflection,semver.sequelize-pool,any-promise.bluebird/cls-bluebird,generic-pool, Geo-related packages (e.g.,terraformer,terraformer-wkt-parser,@types/geojson).Written by Cursor Bugbot for commit 5a4d60f. This will update automatically on new commits. Configure here.