Update dependency sequelize to v6

[mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sequelize (source)	^4.13.10 → ^6.29.0

By merging this PR, the issue #3 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
Critical	10.0	CVE-2023-22578	Reachable
Critical	10.0	CVE-2023-25813	Reachable
Critical	9.9	CVE-2023-22579	Reachable
High	7.5	CVE-2021-3765	Reachable
High	7.5	CVE-2025-12758	Reachable
Medium	5.3	CVE-2023-22580	Reachable

---

Release Notes

sequelize/sequelize (sequelize)

v6.29.0

Compare Source

Features

• throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#​15710) (d3f5b5a)

v6.28.2

Compare Source

Bug Fixes

• accept undefined in where (#​15703) (13f2e89)

v6.28.1

Compare Source

Bug Fixes

• throw if where receives an invalid value (#​15699) (d9e0728)
• update moment-timezone version (#​15685) (48d6193)

v6.28.0

Compare Source

Features

• types: use retry-as-promised types for retry options to match documentation (#​15484) (fd4afa6)

v6.27.0

Compare Source

Features

• add support for bigints (backport of #​14485) (#​15413) (1247c01)

v6.26.0

Compare Source

Features

• postgres: add support for lock_timeout [#​15345] (#​15355) (94beace)

v6.25.8

Compare Source

Bug Fixes

• oracle: remove hardcoded maxRows value (#​15323) (7885000)

v6.25.7

Compare Source

Bug Fixes

• fix parameters not being replaced when after $$ strings (#​15307) (bc39fd6)

v6.25.6

Compare Source

Bug Fixes

• postgres: invalidate connection after client-side timeout (#​15283) (a205765), closes /github.com/brianc/node-postgres/blob/5538df6b446f4b4f921947b460fe38acb897e579/packages/pg/lib/client.js#L529

v6.25.5

Compare Source

Bug Fixes

• remove options.model overwrite on bulkUpdate (#​15252) (67e69cd), closes #​15231

v6.25.4

Compare Source

Bug Fixes

• types: add instance.dataValues property to model.d.ts (#​15240) (00c6da3)

v6.25.3

Compare Source

Bug Fixes

• don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix (#​15139) (7990095), closes #​14700

v6.25.2

Compare Source

Bug Fixes

• types: fix TS 4.9 excessive depth error on InferAttributes (v6) (#​15135) (851daaf)

v6.25.1

Compare Source

Bug Fixes

• types: expose legacy "types" folder in export alias ( #​15123) (9dd93b8)

v6.25.0

Compare Source

Features

• oracle: add support for dialectOptions.connectString (#​15042) (06ad05d)

v6.24.0

Compare Source

Features

• snowflake: Add support for QueryGenerator#tableExistsQuery (#​15087) (a44772e)

v6.23.2

Compare Source

Bug Fixes

• postgres: add custom order direction to subQuery ordering with minified alias (#​15056) (7203b66)

v6.23.1

Compare Source

Bug Fixes

• oracle: add support for Oracle DB 18c CI (#​15016) (5f621d7), closes #​1 #​7 #​9 #​13 #​14 #​16

v6.23.0

Compare Source

Features

• types: add typescript 4.8 compatibility (#​14990) (3468378)

v6.22.1

Compare Source

Bug Fixes

• types: missing type for oracle dialect in v6 (#​14992) (1da6657), closes #​14991

v6.22.0

Compare Source

Features

• oracle: add oracle dialect support (#​14638) (c230d80), closes #​1 #​7 #​9 #​13 #​14 #​16

v6.21.6

Compare Source

Bug Fixes

• types: backport #​14704 for v6 (#​14964) (33d94b2)

v6.21.5

Compare Source

Bug Fixes

• mariadb: do not automatically parse JSON fields (#​14800) (d047f32)

v6.21.4

Compare Source

Bug Fixes

• minified aliases are now properly referenced in subqueries (v6) (#​14852) (5a257bc), closes #​14804

v6.21.3

Compare Source

Bug Fixes

• postgres: attach postgres error-handler earlier in lifecycle (v6) (#​14731) (90bb694)

v6.21.2

Compare Source

Bug Fixes

• properly escape multiple $ in fn args (#​14678) (7bb60e3)

v6.21.1

Compare Source

Bug Fixes

• postgres: use schema set in sequelize config by default (#​14665) (2f3b924)

v6.21.0

Compare Source

Features

• exports types to support typescript >= 4.5 nodenext module (#​14620) (cbdf73e)

v6.20.1

Compare Source

Bug Fixes

• kill connection on commit/rollback error (#​14535) (e1a9c28)

v6.20.0

Compare Source

Features

• support cyclic foreign keys (#​14499) (b37df96)

v6.19.2

Compare Source

Bug Fixes

• accept replacements in ARRAY[] & followed by ; (#​14518) (e37c572)

v6.19.1

Compare Source

Bug Fixes

• do not replace :replacements inside of strings (#​14472) (ccaa399)

⚠️ BREAKING CHANGE: This change is a security fix that patches a serious SQL injection vulnerability, however it is possible that your application made use of it and broke as a result of this change. Please see this issue for more information.

v6.19.0

Compare Source

Bug Fixes

• types: make WhereOptions more accurate (#​14368) (0d0aade)

Features

• types: make Model.init aware of pre-configured foreign keys (#​14370) (5954d2c)

v6.18.0

Compare Source

Features

• add whereScopeStrategy to merge where scopes with Op.and (#​14152) (8349c02)

v6.17.0

Compare Source

Bug Fixes

• fix typo in query-generator.js error message (#​14151) (2d339d0)
• postgres: correctly re-acquire connection for pg-native (#​14090) (82506a6)
• types: drop excess argument for upsert (#​14156) (da8678d)
• types: export GroupedCountResultItem interface (#​14154) (a81b7ab)
• types: update 'replication' option property (#​14126) (7ac1221)
• types: update return type of Model.update (#​14155) (b80aeed)

Features

• types: infer nullable creation attributes as optional (#​14147) (f5c06bd)
• types: make Model.getAttributes stricter (#​14017) (e974e20)

v6.16.3

Compare Source

Bug Fixes

• types: support union in CreationAttributes (#​14146) (d23bd7a)

v6.16.2

Compare Source

Bug Fixes

• types: missing snowflake and db2 dialects (#​14137) (0326c2c)

v6.16.1

Compare Source

Bug Fixes

• correct path to package.json in Sequelize.version (#​14073) (b95c213)

v6.16.0

Compare Source

Features

• gen /lib & /types from /src & drop /dist (v6) (#​14063) (6b8fbb4)

v6.15.1

Compare Source

Bug Fixes

• types: accept $nested.syntax$ in WhereAttributeHash (#​13983) (4a513cf)
• types: correct typing definitions for Sequelize.where (#​14018) (99c612b)
• types: improve branded types (#​13990) (a578ea0)

v6.15.0

Compare Source

Bug Fixes

• types: deduplicate error typings (#​14002) (fc28629)

Features

• add options.rawErrors to Sequelize#query method (#​13881) (7c58851)

v6.14.1

Compare Source

Bug Fixes

• rollback PR #​13951 in v6 (#​14004) (1882f3c)

v6.14.0

Compare Source

Bug Fixes

• don't call overloaded versions of find functions internally (#​13951) (fc53cdb)
• don't call overloaded versions of find functions internally (#​13951) (b253d8e)
• model.d: fix type for count and findAndCountAll (#​13786) (b06c1fc)
• types: add hooks to InstanceDestroyOptions type (#​13491) (dbd9ea8)
• types: add missing fields to FindOr{Create,Build}Options (#​13389) (ef63f8f)
• types: fix QueryInterface#bulkInsert attribute arg type (#​13945) (9e108e3)

Features

• types: add InferAttributes utility type (#​13909) (fd42687)
• types: add typings for DataTypes.TSVECTOR (#​13940) (b8f0463)
• types: drop TypeScript < 4.1 (#​13954) (dd49044)

v6.13.0

Compare Source

Bug Fixes

• fix typings for queries with {plain: true} option (#​13899) (308d017)

Features

• mariadb: add mariadb support in Sequelize.set function (#​13926) (02bda05), closes #​13920
• postgres: drop indices concurrently in Postgres (#​13903) (37f20a6)

v6.12.5

Compare Source

Bug Fixes

• dialect: sequelize pool doesn't take effect in dialect "mssql" (#​13880) (fc155b6)
• model: fix count with grouping typing (#​13884) (49beb29), closes #​13871
• types: improve ModelCtor / ModelStatic typing (#​13890) (34aa808)
• types: omit FK and scope keys in HasManyCreateAssociationMixin (#​13892) (b315ce8)

v6.12.4

Compare Source

Bug Fixes

• mssql/async-queue: fix unable to start mysql due to circular ref (#​13823) (49e8614)

v6.12.3

Compare Source

Bug Fixes

• data-types: moment object throwing error (#​13818) (78c7414)

v6.12.2

Compare Source

Bug Fixes

• abstract: patch jsonb operator for pg if value is json (#​13780) (a2375c5)
• operators: fix ts support for operators.ts (#​13805) (b532ab1)
• postgres: allows usage of schema for ARRAY(ENUM) type name (#​13807) (da5b0ce)
• query-interface: bring back quoteIdentifier(s) to queryInterface (#​13810) (001dc60)

v6.12.1

Compare Source

Bug Fixes

• allow deep imports (#​13795) (1ecdaf9)
• fix invalid ts import style of lib/operators (#​13797) (8acc14f)

v6.12.0

Compare Source

Bug Fixes

• data-types: unnecessary warning when getting data with DATE dataTypes (#​13712) (121884b)
• docs: add aws-lamda route (#​13693) (3059bce)
• example: fix coordinates format as per GeoJson (#​13718) (f9dec20)
• increment: fix key value broken query (#​12985) (fc0b19e)
• model.d: fix findAndCountAll.count type (#​13736) (b7b472e)
• snowflake: fix to prevent disconnect attempt on already disconnected connection (#​13775) (2a9a551)
• types: add Col to where Ops (#​13717) (2d7b865)
• types: add instance member declaration (#​13684) (ae3cde5)
• types: add missing schema field to sequelize options (c7a0839), closes #​12606
• types: allow override json function with custom return type (#​13694) (2c3b384)
• upsert: fall back to DO NOTHING if no update key values provided (#​13594) (4071378)
• upsert: fall back to DO NOTHING if no update key values provided (#​13711) (f9dfaa7), closes #​13594
• wrong interface used within mixin (#​13685) (bd3ddf5)

Features

• dialects: add experimental support for db2 (#​13374) (4443d2a)
• dialect: snowflake dialect support (#​13406) (ad68a5e)
• model: complete getAttributes feature (b6510df)
• typescript: create alpha release with ts (911125e)
• types: transition lib/errors (#​13710) (8cdce6a)
• upsert: add conflictFields option (#​13723) (496bede)

v6.11.0

Compare Source

Features

• option for attributes having dotNotation (#​13670) (41876f1)

v6.10.0

Compare Source

Bug Fixes

• typing on creation within an association (#​13678) (0312f8e)
• logger: change logging depth from 3 to 1 (#​12879) (ddddc24)
• mariadb: fix MariaDB 10.5 JSON (#​13633) (cdd61dd)
• model: clone options object instead of modifying (#​13589) (3be43de)
• mssql: fix sub query issue occurring with renamed primary key fields (#​12801) (73d99ab)
• mssql: sqlserver 2008 fix for using offsets and include criteria (47c4494)
• query: make stacktraces include original calling code (#​13347) (f581543)
• types: Add missing type definitions in models (#​13553) (73ecf6c)
• types: add specifc tojson type in model.d.ts (#​13661) (5924be5)
• types: DataType.TEXT overloading definition (#​13654) (1690801)
• types: include 'paranoid' in IncludeThroughOptions definition (#​13625) (b1fb1f3)
• types: ne op documentation (#​13666) (98485df)
• types: rename types and update CONTRIBUTING docs (#​13348) (1f23924)
• expect result is null but got zero (#​13637) (da3ac09)

Features

• definitions: Adds AbstractQuery and before/afterQuery hook definitions (#​13635) (37a5858)
• postgresql: easier SSL config and options param support (#​13673) (9591573)

v6.9.0

Compare Source

Bug Fixes

• docs: using incorrect esdocs syntax (#​13615) (c3c690b)
• sqlite: quote table names in sqlite getForeignKeysQuery (#​13587) (eeb6a8f)
• upsert: do not overwrite an explcit created_at during upsert (#​13593) (594cee8)

Features

• mysql: add support for MySQL v8 (#​13618) (35978f0)

v6.8.0

Compare Source

Bug Fixes

• types: allow any values in isIn validator (#​12962) (d511d91)
• allows insert primary key with zero (#​13458) (e4aff2f)
• model: Convert number values only if they aren't null to avoid NaN (199b632)
• model.d: accept [Op.is] in where (broken in TypeScript 4.4) (#​13499) (d685a9a)
• postgres: fix findCreateFind to work with postgres transactions (#​13482) (84421d7)
• select: do not force set subQuery to false (#​13490) (0943339)
• sqlite: fix wrongly overwriting storage if empty string (#​13376) (c3e608b), closes #​13375
• types: add missing upsert hooks (#​13394) (5e9c209)
• types: extend BulkCreateOptions by SearchPathable (#​13469) (47c2d05), closes #​13454
• types: typo in model.d.ts (#​13574) (31d0fbc)

Features

• postgres: support query_timeout dialect option (#​13258) (3ca085d)
• typings: add UnknownConstraintError (#​13461) (69d899e)

v6.7.0

Compare Source

Bug Fixes

• deps: upgrade to secure versions of dev deps (#​13549) (cf53734)
• docs: fix typo in documentation for polymorphic associations (#​13405) (bbf3d76)
• types: allow rangable to take a string tuple (#​13486) (ca2a11a)

Features

• test: add test for nested column in where query (#​13478) (26b62c7), closes #​13288
• types: make config type deeply writeable for before connect hook (#​13424) (f078f77)

v6.6.5

Compare Source

Bug Fixes

• dependency: upgrade validator (#​13350) (56bb1d6)

v6.6.4

Compare Source

Bug Fixes

• typings: make Transactionable compatible with TransactionOptions (#​13334) (cd2de40)
• utils: clone attributes before mutating them (#​13226) (1a16b91)
• data-types: use proper field name for ARRAY(ENUM) (#​13210) (1cfbd33)
• typings: fix ignoreDuplicates option (#​13220) (b33d78e)
• typings: allow schema for queryInterface methods (#​13223) (6b0b532)
• typings: restrict update typings (#​13216) (63ceb73)
• typings: returning can specify column names (#​13215) (143cc84)
• typings: model init returns model class, not instance (#​13214) (8f2a0d5)
• plurals: bump inflection dependency (#​13260) (deeb5c6)
• bulk-create: ON CONFLICT with unique index (#​13345) (6dcb565)

v6.6.2

Compare Source

Bug Fixes

• types: fix Model.prototype.previous() (#​13042) (5b16b32)

v6.6.1

Compare Source

Bug Fixes

• query-generator: use AND in sql for not/between (#​13043) (a663c54)
• sqlite: retrieve primary key on upsert (#​12991) (023e1d9)
• types: allow (keyof TAttributes)[] in UpdateOptions.returning (#​13130) (97ba242)
• types: models with attributes couldn't be used in some cases (#​13010) (de5f21d)
• types: remove string from Order type (#​13057) (ac39f8a)

v6.6.0

Compare Source

Bug Fixes

• types: allow sequelize.col in attributes (#​13105) (3fd64cb)
• types: allow bigints in WhereValue (#​13028) (8892507)
• types: decapitalize queryGenerator property (#​13126) (9cb4d7f)
• types: fix Model#previous type (#​13106) (466e361)
• types: fix ValidationErrorItem types (#​13108) (e35a9bf)

Features

• add-constraint: add deferrable option (#​13096) (f98bd7e)

v6.5.1

Compare Source

Bug Fixes

• mysql: release connection on deadlocks (#​13102) (6388507)
  • Note: this complements the work done in 6.5.0, fixing another situation not covered by it with MySQL.
• types: allow transaction to be null (#​13093) (ced4dc7)

v6.5.0

Compare Source

Second release in 2021! 🎉

Bug Fixes

• mysql, mariadb: release connection on deadlocks (#​12841) (c77b1f3)
• types: allow changing values on before hooks (#​12970) (e5b8929)
• types: typo in sequelize.js and sequelize.d.ts (#​12975) (2fe980e)

Features

• postgres: a