[Snyk] Upgrade sequelize from 6.6.2 to 6.37.3

[0xhaaaash]

Snyk has created this PR to upgrade sequelize from 6.6.2 to 6.37.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 79 versions ahead of your current version.

• The recommended version was released on 5 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-DOTTIE-3332763	482	Proof of Concept
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	482	No Known Exploit
	Directory Traversal SNYK-JS-MOMENT-2440688	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2959225	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	482	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2932027	482	Proof of Concept
	Information Exposure SNYK-JS-SEQUELIZE-3324089	482	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	482	No Known Exploit

Release notes

Package name: sequelize

• 6.37.3 - 2024-04-13
  

  6.37.3 (2024-04-13)

  Bug Fixes

  • postgres: use schema for foreign key constrains of a table (#17099) (6aba382)
• 6.37.2 - 2024-03-29
  

  6.37.2 (2024-03-29)

  Bug Fixes

  • add readOnly to the transaction options types and docs (#17226) (7c8972f)
• 6.37.1 - 2024-02-18
  

  6.37.1 (2024-02-18)

  Bug Fixes

  • types: Add definition of returning in SaveOptions. (#16954) (505467b)
• 6.37.0 - 2024-02-11
  

  6.37.0 (2024-02-11)

  Features

  • postgres: support connectionTimeoutMillis dialectOption (#14119) (e81200e)
• 6.36.0 - 2024-02-02
  

  6.36.0 (2024-02-02)

  Features

  • postgres: backport stream dialectOption to v6 (#16868) (a250058)
• 6.35.2 - 2023-12-11
• 6.35.1 - 2023-11-19
• 6.35.0 - 2023-11-12
• 6.34.0 - 2023-11-03
• 6.33.0 - 2023-09-08
• 6.32.1 - 2023-06-17
• 6.32.0 - 2023-06-01
• 6.31.1 - 2023-05-01
• 6.31.0 - 2023-04-09
• 6.30.0 - 2023-03-24
• 6.29.3 - 2023-03-10
• 6.29.2 - 2023-03-09
• 6.29.1 - 2023-03-07
• 6.29.0 - 2023-02-23
• 6.28.2 - 2023-02-22
• 6.28.1 - 2023-02-21
• 6.28.0 - 2022-12-20
• 6.27.0 - 2022-12-12
• 6.26.0 - 2022-11-29
• 6.25.8 - 2022-11-22
• 6.25.7 - 2022-11-19
• 6.25.6 - 2022-11-15
• 6.25.5 - 2022-11-07
• 6.25.4 - 2022-11-05
• 6.25.3 - 2022-10-19
• 6.25.2 - 2022-10-15
• 6.25.1 - 2022-10-13
• 6.25.0 - 2022-10-11
• 6.24.0 - 2022-10-04
• 6.23.2 - 2022-09-27
• 6.23.1 - 2022-09-22
• 6.23.0 - 2022-09-17
• 6.22.1 - 2022-09-16
• 6.22.0 - 2022-09-15
• 6.21.6 - 2022-09-09
• 6.21.5 - 2022-09-08
• 6.21.4 - 2022-08-18
• 6.21.3 - 2022-07-11
• 6.21.2 - 2022-06-28
• 6.21.1 - 2022-06-25
• 6.21.0 - 2022-06-16
• 6.20.1 - 2022-05-27
• 6.20.0 - 2022-05-23
• 6.19.2 - 2022-05-18
• 6.19.1 - 2022-05-17
• 6.19.0 - 2022-04-12
• 6.18.0 - 2022-04-03
• 6.17.0 - 2022-02-25
• 6.16.3 - 2022-02-24
• 6.16.2 - 2022-02-18
• 6.16.1 - 2022-02-09
• 6.16.0 - 2022-02-08
• 6.15.1 - 2022-02-06
• 6.15.0 - 2022-01-29
• 6.14.1 - 2022-01-25
• 6.14.0 - 2022-01-22
• 6.13.0 - 2022-01-10
• 6.12.5 - 2022-01-04
• 6.12.4 - 2021-12-28
• 6.12.3 - 2021-12-27
• 6.12.2 - 2021-12-22
• 6.12.1 - 2021-12-21
• 6.12.0 - 2021-12-17
• 6.12.0-beta.3 - 2021-12-12
• 6.12.0-beta.2 - 2021-12-10
• 6.12.0-beta.1 - 2021-12-04
• 6.12.0-alpha.1 - 2021-11-19
• 6.11.0 - 2021-11-18
• 6.10.0 - 2021-11-18
• 6.9.0 - 2021-11-01
• 6.8.0 - 2021-10-24
• 6.7.0 - 2021-10-09
• 6.6.5 - 2021-07-06
• 6.6.4 - 2021-06-26
• 6.6.2 - 2021-03-23

from sequelize GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"sequelize","from":"6.6.2","to":"6.37.3"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DOTTIE-3332763","issue_id":"SNYK-JS-DOTTIE-3332763","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEQUELIZE-3324088","issue_id":"SNYK-JS-SEQUELIZE-3324088","priority_score":629,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.3","score":415},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Filtering of Special Elements"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MOMENT-2440688","issue_id":"SNYK-JS-MOMENT-2440688","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MOMENT-2944238","issue_id":"SNYK-JS-MOMENT-2944238","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEQUELIZE-2959225","issue_id":"SNYK-JS-SEQUELIZE-2959225","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"SQL Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VALIDATOR-1090599","issue_id":"SNYK-JS-VALIDATOR-1090599","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VALIDATOR-1090601","issue_id":"SNYK-JS-VALIDATOR-1090601","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VALIDATOR-1090602","issue_id":"SNYK-JS-VALIDATOR-1090602","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEQUELIZE-2932027","issue_id":"SNYK-JS-SEQUELIZE-2932027","priority_score":791,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.4","score":470},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"SQL Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEQUELIZE-3324089","issue_id":"SNYK-JS-SEQUELIZE-3324089","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEQUELIZE-3324090","issue_id":"SNYK-JS-SEQUELIZE-3324090","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access of Resource Using Incompatible Type ('Type Confusion')"}],"prId":"daf1a613-86e9-4e2f-9959-52af7982076b","prPublicId":"daf1a613-86e9-4e2f-9959-52af7982076b","packageManager":"npm","priorityScoreList":[482,629,375,482,564,586,586,586,791,479,529],"projectPublicId":"778fd27a-abca-4734-8ff3-ac309b9fe8bd","projectUrl":"https://app.snyk.io/org/c0r2a-hub/project/778fd27a-abca-4734-8ff3-ac309b9fe8bd?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-DOTTIE-3332763","SNYK-JS-SEQUELIZE-3324088","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-SEQUELIZE-2959225","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","SNYK-JS-SEQUELIZE-2932027","SNYK-JS-SEQUELIZE-3324089","SNYK-JS-SEQUELIZE-3324090"],"upgradeInfo":{"versionsDiff":79,"publishedDate":"2024-04-13T20:54:25.674Z"},"vulns":["SNYK-JS-DOTTIE-3332763","SNYK-JS-SEQUELIZE-3324088","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-SEQUELIZE-2959225","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","SNYK-JS-SEQUELIZE-2932027","SNYK-JS-SEQUELIZE-3324089","SNYK-JS-SEQUELIZE-3324090"]}'