[Snyk] Fix for 1 vulnerabilities

[thonatos]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: semver

The new version differs by 168 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (安装 selenium 模块失败 #566)
• 5c8efbc fix: preserve build in raw after inc (master uncaughtException: Error: channel closed #565)
• 717534e fix: better handling of whitespace (fix registry user auth api #564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (sync by install check referer: 'install pkg@1.0.0' #558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (feat(sync): default sync exist packages #559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (fix(markdown): filter xss readme before markdown render #555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (/package/sonido cause cpu 100% #552)
• 503a4e5 feat: allow identifierBase to be false (npm 与 cnpm 的 --global 安装路径问题 #548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (cnpm 更新了怎么看version不对呢 #546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (node服务不稳定, cnpm安装依赖时较频繁发生 #547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Refactor downloads #545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (2.0.0-rc.3, when click the search result, 'async' always get the error 'Internal Server Error' #538)
• aa516b5 fix: faster parse options (sync user button on user profile page #535)
• 61e6ea1 fix: faster cache key factory for range (master uncaughtException: AssertionError: Resource leak detected. #536)
• f8b8b61 fix: optimistic parse (auto data table upgrade script #541)
• 796cbe2 fix: semver.diff prerelease to release recognition (ER_EMPTY_QUERY: Query was empty #533)
• 3f222b1 fix: reuse comparators on subset (qiniu海外加速 #537)
• 113f513 feat: identifierBase parameter for .inc (waffle.io Badge #532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 901bceb 6.1.0
• 6b32821 6.0.0-beta.7
• 0ca8d72 docs: prepare for v6 release (#12416)
• 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
• c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
• e33d2bd fix(reload): include default scope (#12399)
• 5611ef0 build: update dependencies (#12395)
• e80501d fix(types): transactionType in Options (#12377)
• 4914367 fix(types): add clientMinMessages to Options interface (#12375)
• b71cd05 fix(query): preserve cls context for logger (#12328)
• 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
• ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
• 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
• f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
• 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
• f9e660f docs: update feature request template
• 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
• 65a9e1e fix(types): add Association into OrderItem type (#12332)
• 1b86729 docs: responsive (#12308)
• 59b8a7b fix(include): check if attributes specified for included through model (#12316)
• 6d87cc5 docs(associations): belongs to many create with through table
• a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
• 0769aea refactor: cleanup query generators (#12304)
• 4d9165b feat(postgres): native upsert (#12301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
sequelize	⬆️	3.35.1...6.32.1	filesystem	+9/-9	4.07 MB	sdepold

Footnotes

1. https://docs.socket.dev ↩