chore(deps): bump the npm_and_yarn group across 1 directory with 36 updates

[dependabot]

Bumps the npm_and_yarn group with 26 updates in the / directory:

Package	From	To
aws-sdk	2.368.0	2.814.0
axios	0.16.0	0.28.0
express	4.16.2	4.19.2
log4js	3.0.6	6.4.0
moment-timezone	0.5.26	0.5.35
sequelize	4.41.2	6.29.0
sequelize-cli	4.0.0	5.5.0
@babel/traverse	7.1.6	7.24.7
semver	5.3.0	5.7.2
semver	5.6.0	5.7.2
semver	5.7.1	5.7.2
semver	5.5.0	5.7.2
pg	7.7.1	8.12.0
async	2.6.1	2.6.4
braces	1.8.5	3.0.3
ava	0.25.0	6.1.3
ajv	5.5.2	6.12.6
eslint	4.14.0	9.4.0
ini	1.3.4	1.3.8
hoek	6.1.2	removed
joi	14.3.0	17.13.1
https-proxy-agent	2.2.1	2.2.4
lodash	4.17.11	4.17.21
handlebars	4.0.11	4.7.8
y18n	3.2.1	3.2.2
path-parse	1.0.5	1.0.7
qs	6.5.1	6.11.0
body-parser	1.18.2	1.20.2
xml2js	0.4.19	0.6.2
aws-sdk	2.814.0	2.1638.0

Updates aws-sdk from 2.368.0 to 2.814.0

Changelog

Sourced from aws-sdk's changelog.

2.814.0

• bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to proto
• feature: EC2: EBS io2 volumes now supports Multi-Attach
• feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression.
• feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API.

2.813.0

• feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config
• feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM)
• feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances
• feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder.
• feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response
• feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53.
• feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
• feature: SQS: Amazon SQS adds queue attributes to enable high throughput FIFO.
• feature: ServiceCatalog: Support TagOptions sharing with Service Catalog portfolio sharing.

2.812.0

• feature: CostExplorer: This release updates the "MonitorArnList" from a list of String to be a list of Arn for both CreateAnomalySubscription and UpdateAnomalySubscription APIs
• feature: Location: Initial release of Amazon Location Service. A new geospatial service providing capabilities to render maps, geocode/reverse geocode, track device locations, and detect geofence entry/exit events.
• feature: QuickSight: QuickSight now supports connecting to federated data sources of Athena
• feature: WellArchitected: This is the first release of AWS Well-Architected Tool API support, use to review your workload and compare against the latest AWS architectural best practices.

2.811.0

• feature: Amp: (New Service) Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale.
• feature: GreengrassV2: AWS IoT Greengrass V2 is a new major version of AWS IoT Greengrass. This release adds several updates such as modular components, continuous deployments, and improved ease of use.
• feature: IoTAnalytics: FileFormatConfiguration enables data store to save data in JSON or Parquet format. S3Paths enables you to specify the S3 objects that save your channel messages when you reprocess the pipeline.
• feature: IoTFleetHub: AWS IoT Fleet Hub, a new feature of AWS IoT Device Management that provides a web application for monitoring and managing device fleets connected to AWS IoT at scale.
• feature: IoTWireless: AWS IoT for LoRaWAN enables customers to setup a private LoRaWAN network by connecting their LoRaWAN devices and gateways to the AWS cloud without managing a LoRaWAN Network Server.
• feature: Iot: AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection.
• feature: IotDeviceAdvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
• feature: Lambda: Added support for Apache Kafka as a event source. Added support for TumblingWindowInSeconds for streams event source mappings. Added support for FunctionResponseTypes for streams event source mappings
• feature: SSM: Adding support for Change Manager API content

2.810.0

• feature: DevOpsGuru: Documentation updates for DevOps Guru.
• feature: EC2: Add c5n.metal to ec2 instance types list
• feature: GlobalAccelerator: This release adds support for custom routing accelerators

2.809.0

• feature: AutoScaling: Documentation updates and corrections for Amazon EC2 Auto Scaling API Reference and SDKs.
• feature: CloudTrail: CloudTrailInvalidClientTokenIdException is now thrown when a call results in the InvalidClientTokenId error code. The Name parameter of the AdvancedEventSelector data type is now optional.
• feature: IoTSiteWise: Added the ListAssetRelationships operation and support for composite asset models, which represent structured sets of properties within asset models.

2.808.0

• feature: EC2: TGW connect simplifies connectivity of SD-WAN appliances; IGMP support for TGW multicast; VPC Reachability Analyzer for VPC resources connectivity analysis.
• feature: Kendra: Amazon Kendra now supports adding synonyms to an index through the new Thesaurus resource.
• feature: NetworkManager: This release adds API support for Transit Gateway Connect integration into AWS Network Manager.

2.807.0

... (truncated)

Commits

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackups...
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• Additional commits viewable in compare view

Updates axios from 0.16.0 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates express from 4.16.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates log4js from 3.0.6 to 6.4.0

Changelog

Sourced from log4js's changelog.

6.4.0 - BREAKING CHANGE 💥

New default file permissions may cause external applications unable to read logs. A manual code/configuration change is required.

• feat: added warnings when log() is used with invalid levels before fallbacking to INFO - thanks @​abernh
• feat: exposed Recording - thanks @​polo-language
• fix: default file permission to be 0o600 instead of 0o644 - thanks ranjit-git and @​lamweili
  • docs: updated fileSync.md and misc comments - thanks @​lamweili
• fix: file descriptor leak if repeated configure() - thanks @​lamweili
• fix: MaxListenersExceededWarning from NodeJS - thanks @​lamweili
  • test: added assertion for increase of SIGHUP listeners on log4js.configure() - thanks @​lamweili
• fix: missing TCP appender with Webpack and Typescript - thanks @​techmunk
• fix: dateFile appender exiting NodeJS on error - thanks @​4eb0da
  • refactor: using writer.writable instead of alive for checking - thanks @​lamweili
• fix: TCP appender exiting NodeJS on error - thanks @​jhonatanTeixeira
• fix: multiprocess appender exiting NodeJS on error - thanks @​harlentan
• test: update fakeFS.read as graceful-fs uses it - thanks @​lamweili
• test: update fakeFS.realpath as fs-extra uses it - thanks @​lamweili
• test: added tap.tearDown() to clean up test files
  • test: #1143 - thanks @​lamweili
  • test: #1022 - thanks @​abetomo
• type: improved @​types for AppenderModule - thanks @​nicobao
• type: Updated fileSync appender types - thanks @​lamweili
• type: Removed erroneous type in file appender - thanks @​vdmtrv
• type: Updated Logger.log type - thanks @​ZLundqvist
• type: Updated Logger._log type - thanks @​lamweili
• type: Updated Logger.level type - thanks @​lamweili
• type: Updated Levels.getLevel type - thanks @​saulzhong
• chore(deps): bump streamroller from 3.0.1 to 3.0.2 - thanks @​lamweili
• chore(deps): bump date-format from 4.0.2 to 4.0.3 - thanks @​lamweili
• chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0 - thanks @​lamweili
• chore(deps-dev): bump nyc from 14.1.1 to 15.1.0 - thanks @​lamweili
• chore(deps-dev): bump eslint from 5.16.0 to 8.6.0 - thanks @​lamweili
• chore(deps): bump flatted from 2.0.2 to 3.2.4 - thanks @​lamweili
• chore(deps-dev): bump fs-extra from 8.1.0 to 10.0.0 - thanks @​lamweili
• chore(deps): bump streamroller from 2.2.4 to 3.0.1 - thanks @​lamweili
  • fix: compressed file ignores dateFile appender "mode" - thanks @​rnd-debug
  • fix: #1039 where there is an additional separator in filename ([email protected] changelog)
  • fix: #1035, #1080 for daysToKeep naming confusion ([email protected] changelog)
  • refactor: migrated from daysToKeep to numBackups due to streamroller@^3.0.0 - thanks @​lamweili
  • feat: allows for zero backups - thanks @​lamweili
• chore(deps): bump date-format from 3.0.0 to 4.0.2 - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0
  • chore(deps-dev): bump eslint-plugin-prettier from 3.4.1 to 4.0.0
  • chore(deps-dev): bump husky from 3.1.0 to 7.0.4
  • chore(deps-dev): bump prettier from 1.19.0 to 2.5.1
  • chore(deps-dev): bump typescript from 3.9.10 to 4.5.4
• chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0 - thanks @​lamweili

... (truncated)

Commits

• 9fdbed5 6.4.0
• 788c7a8 Merge pull request #1150 from log4js-node/update-changelog
• 7fdb141 chore: updated changelog for 6.4.0
• e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
• ac599e4 allow for zero backup - in sync with https://github.com/log4js-node/streamrol...
• 53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
• 436d9b4 Merge pull request #1148 from log4js-node/update-docs
• d6b017e chore(docs): updated fileSync.md and misc comments
• d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
• 0ad0133 Merge pull request #1147 from log4js-node/update-deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates moment-timezone from 0.5.26 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e

Release 0.5.33

• Updated data to IANA TZDB 2021a

Release 0.5.32

• Updated data to IANA TZDB 2020d

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info.

Release 0.5.29

• Fixed es6 module loading issue moment/moment-timezone@1fd4234
• Fixed typescript declarations moment/moment-timezone@ed529ea
• Fixed changelog moment/moment-timezone@adb7d7b

Release 0.5.28

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.names() already exists

Release 0.5.27

0.5.27 2019-10-14

• Updated data to IANA TZDB `2019c

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e

0.5.33 2021-02-06

• Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

• Updated data to IANA TZDB 2020d

0.5.31 2020-05-16

• Fixed Travis builds for Node.js 4 and 6

0.5.30 2020-05-16

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @​types/moment-timezone. Check moment/moment-timezone#858 for more info

0.5.29 2020-05-16

• Merged fix of es6 module loading issue moment/moment-timezone@1fd4234
• Merged PR with typescript declarations moment/moment-timezone@ed529ea
• Merged fixes to changelog moment/moment-timezone@adb7d7b

0.5.28 2020-02-21

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.zones() already exists

0.5.27 2019-10-14

• Updated data to IANA TZDB 2019c

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates sequelize from 4.41.2 to 6.29.0

Release notes

Sourced from sequelize's releases.

v6.29.0

6.29.0 (2023-02-23)

Features

• throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710) (d3f5b5a)

v6.28.2

6.28.2 (2023-02-22)

Bug Fixes

• accept undefined in where (#15703) (13f2e89)

v6.28.1

6.28.1 (2023-02-21)

Bug Fixes

• throw if where receives an invalid value (#15699) (d9e0728)
• update moment-timezone version (#15685) (48d6193)

v6.28.0

6.28.0 (2022-12-20)

Features

• types: use retry-as-promised types for retry options to match documentation (#15484) (fd4afa6)

v6.27.0

6.27.0 (2022-12-12)

Features

• add support for bigints (backport of #14485) (#15413) (1247c01)

v6.26.0

6.26.0 (2022-11-29)

Features

• postgres: add support for lock_timeout [#15345] (#15355) (94beace)

v6.25.8

... (truncated)

Commits

• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578)...
• 53bd9b7 meta: fix null test getWhereConditions (#15705)
• 13f2e89 fix: accept undefined in where (#15703)
• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)
• fd4afa6 feat(types): use retry-as-promised types for retry options to match documenta...
• 1247c01 feat: add support for bigints (backport of #14485) (#15413)
• 94beace feat(postgres): add support for lock_timeout #15345 (#15355)
• 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
• bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.

Updates sequelize-cli from 4.0.0 to 5.5.0

Changelog

Sourced from sequelize-cli's changelog.

v5.5.0 - 11th, June 2019

Fixed

• fix: special characters in password are not escaped #722
• change: default config for operator aliases #743

v5.4.0 - 1st, Dec 2018

Fixed

• fix: show commands with --help #719

v5.3.0 - 4th, Nov 2018

Fixed

• fix(db:create): syntax errors with mssql create statement #711
• style: grammar mistake in seeder skeleton #705

Feature

• feat(mode:generate) add enum support #704

v5.2.0 - 20th, Oct 2018

Feature

• feat(db:create): support options on db:create with sequelize@4 #700

v5.1.0 - 14th, Oct 2018

Feature

• feat(postgres): migrationStorageTableSchema #635

v5.0.0 - 13th, Oct 2018

Fixed

• fix(init): relative config path for windows #648
• fix(mode:generate): use force arg correctly #691
• updated dependencies

Breaking

• Node 6 or up is supported

v4.1.0 - 19th, Aug 2018

... (truncated)

Commits

• c46f744 5.5.0
• 3d1c41e docs: changelog for next release
• a04ff93 chores: remove extra build from ci
• cd57b40 fix: special characters in password are not escaped (#722)
• 0828c1f chore(package): update mocha to version 6.0.0 (#745)
• c15c81f change: default config for operator aliases (#743)
• 8dc5a20 fix(package): update yargs to version 13.1.0 (#744)
• 77a9a76 chore(package): update gulp to version 4.0.0 (#726)
• c19149f docs: enum type (#728)
• 139f854 5.4.0
• Additional commits viewable in compare view

Updates @babel/traverse from 7.1.6 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3Description has been truncated

[backstage-catalog-validator]

⚠️ Este repositório ainda não está catalogado no Backstage. ⚠️

Por favor, catalogue-o seguindo as instruções nesta documentação. [Via VPN].

💁 Qualquer problema ou dúvida, estamos no Slack, basta abrir um ticket no canal #help-foundation-platform.

[devsec-app-pagarme]

Gandalf - Continuous AppSec

📌 Lembrete

Este repositório está sendo monitorando de forma automática e contínua em busca de achados que possam comprometer a segurança da aplicação.
Para maiores detalhes, acesse aqui à plataforma.

📋 Resumo de achados no repositório superbowleto

Criticade	Achados
Critical	8
High	14
Medium	0
Low	0