[Snyk] Security upgrade sequelize from 4.42.0 to 6.1.0#58
[Snyk] Security upgrade sequelize from 4.42.0 to 6.1.0#58
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-15053838
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on February 15
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "jsonwebtoken": "^8.3.0", | ||
| "pg": "^7.7.1", | ||
| "sequelize": "^4.42.0", | ||
| "sequelize": "^6.1.0", |
There was a problem hiding this comment.
Sequelize v6 removes operatorsAliases configuration option
High Severity
Upgrading sequelize from v4 to v6 is a major version upgrade with breaking changes. The existing configuration in user-service/src/config/sequelizeConfig.js uses operatorsAliases: false, which was removed in Sequelize v6. This option was deprecated in v5 (as a no-op) and completely removed in v6. The application will fail to initialize properly or throw errors when trying to instantiate the Sequelize connection with this invalid option.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
user-service/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-LODASH-15053838
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Note
Dependency upgrade
sequelizefrom^4.42.0to^6.1.0inuser-service/package.jsonto remediate a reported vulnerability.Note: This is a major version jump and may require compatibility checks elsewhere in the service.
Written by Cursor Bugbot for commit a459263. This will update automatically on new commits. Configure here.