fix(mariadb): properly escape json path key

[sushantdhiman]

Pull Request check-list

Please make sure to review and check all of these items:

• Does npm run test or npm run test-DIALECT pass with this change (including linting)?
• Does the description below contain a link to an existing issue (Closes #[issue]) or a description of the issue you are solving?
• Have you added new tests to prevent regressions?
• Is a documentation update included (if this change modifies existing APIs, or introduces new ones)?
• Did you follow the commit message conventions explained in CONTRIBUTING.md?

Description of change

Properly escape JSON path keys for mariadb dialect

[codecov]

Codecov Report

Merging #11089 into master will decrease coverage by 2.41%.
The diff coverage is 50%.

@@            Coverage Diff             @@
##           master   #11089      +/-   ##
==========================================
- Coverage   89.55%   87.14%   -2.42%     
==========================================
  Files          92       92              
  Lines        8913     8913              
==========================================
- Hits         7982     7767     -215     
- Misses        931     1146     +215

Impacted Files	Coverage Δ
lib/dialects/abstract/query-generator.js	93.21% <50%> (-0.54%)	⬇️
lib/dialects/mysql/query.js	15.51% <0%> (-82.76%)	⬇️
lib/dialects/mysql/connection-manager.js	29.09% <0%> (-67.28%)	⬇️
lib/dialects/mysql/data-types.js	43.75% <0%> (-54.69%)	⬇️
lib/dialects/mysql/query-generator.js	86.01% <0%> (-11.87%)	⬇️
lib/sequelize.js	92.13% <0%> (-3.15%)	⬇️
lib/dialects/postgres/connection-manager.js	94.36% <0%> (-1.41%)	⬇️
lib/dialects/abstract/query.js	91.44% <0%> (-0.33%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cd8ee56...55df110. Read the comment docs.

[sushantdhiman]

🎉 This PR is included in version 5.8.11 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[shivasurya]

@sushantdhiman thank you for the fix and time.

1. can you please elaborate on the fix and security report. ( i subscribed to snyk for security updates and CVE as this may be helpful for others -> https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222 , https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221 )
2. can we add additional security label and dedicated security release page with alerts in website which will be helpful for getting instant alerts on security release.

Once again thank you for this library and updates 🙏

[jansoltis]

Is there any chance this will be released also as part of Sequelize 4.x?
Thank you for fixing it!

[papb]

@jansoltis - Out of curiosity, may I ask what is preventing you from updating to v5? (just to better understand the problems faced by the user base)

[jansoltis]

@papb That's a good point. Somehow I thought it is difficult for us to update to v5, but now that I'm looking at the release notes it seems doable (there are still quite some changes though). We were planning to update at some point anyway so perhaps it's the right time. Thank you for asking the right questions!

[sushantdhiman]

@jansoltis If you can backport these changes to v4 we can push new release for you

[sushantdhiman]

🎉 This PR is included in version 7.0.0-next.1 🎉

The release is available on:

• npm package (@next dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[papb]

@sushantdhiman Why did semantic-release bot trigger for so many PRs for v7?

[sushantdhiman]

Not sure @papb , I will delete that release