From f11336d28f6c2287bd6f1a134d0cc014898960bd Mon Sep 17 00:00:00 2001 From: Andrew Koroluk Date: Wed, 27 Jul 2016 16:25:38 -0400 Subject: [PATCH] chore(package): pin sequelize to a higher version fixes SQLI vulnerability --- templates/app/_package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/app/_package.json b/templates/app/_package.json index da24c6ced..9b92a4356 100644 --- a/templates/app/_package.json +++ b/templates/app/_package.json @@ -40,7 +40,7 @@ "mongoose": "^4.1.2", "bluebird": "^3.3.3", "connect-mongo": "^1.2.1",<% } %><% if(filters.sequelize) { %> - "sequelize": "^3.5.1", + "sequelize": "^3.23.6", "sqlite3": "~3.1.1", "express-sequelize-session": "0.4.0",<% } %><% if(filters.auth) { %> "jsonwebtoken": "^7.0.0",