fix(deps): update dependency umzug to v3.8.3

[abrain-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
umzug	3.8.2 → 3.8.3

---

Release Notes

sequelize/umzug (umzug)

v3.8.3

Compare Source

mostly just a security patch update

pnpm audit --prod output before 4272daa:

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Validator is Vulnerable to Incomplete Filtering of One │
│                     │ or More Instances of Special Elements                  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ validator                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <13.15.22                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=13.15.22                                             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > @&#8203;rushstack/ts-command-line@4.19.1 >                │
│                     │ @&#8203;rushstack/terminal@0.10.0 >                           │
│                     │ @&#8203;rushstack/node-core-library@4.0.2 > z-schema@5.0.5 >  │
│                     │ validator@13.11.0                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-vghf-hv5q-vc2g      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Picomatch has a ReDoS vulnerability via extglob        │
│                     │ quantifiers                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ picomatch                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.0.4                                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.0.4                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > tinyglobby@0.2.13 > fdir@6.4.4 > picomatch@4.0.2   │
│                     │                                                        │
│                     │ . > tinyglobby@0.2.13 > picomatch@4.0.2                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-c2c7-rcm5-vvqj      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ validator.js has a URL validation bypass vulnerability │
│                     │ in its isURL function                                  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ validator                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <13.15.20                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=13.15.20                                             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > @&#8203;rushstack/ts-command-line@4.19.1 >                │
│                     │ @&#8203;rushstack/terminal@0.10.0 >                           │
│                     │ @&#8203;rushstack/node-core-library@4.0.2 > z-schema@5.0.5 >  │
│                     │ validator@13.11.0                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-9965-vmph-33xx      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ Picomatch: Method Injection in POSIX Character Classes │
│                     │ causes incorrect Glob Matching                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ picomatch                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.0.4                                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.0.4                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > tinyglobby@0.2.13 > fdir@6.4.4 > picomatch@4.0.2   │
│                     │                                                        │
│                     │ . > tinyglobby@0.2.13 > picomatch@4.0.2                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-3v7f-55p6-f55p      │
└─────────────────────┴────────────────────────────────────────────────────────┘
4 vulnerabilities found
Severity: 2 moderate | 2 high

pnpm audit --prod output after 4272daa:

No known vulnerabilities found

What's Changed

• try fix ci by @​mmkal in #​702
• fix(deps): update dependency fast-glob to v3.3.3 by @​renovate[bot] in #​699
• chore: switch to tinyglobby by @​benmccann in #​705
• bump test timeout? by @​mmkal in #​711
• chore(deps): update dependency lodash to v4.18.1 [security] by @​renovate[bot] in #​721
• chore(deps): update dependency uuid to v14 [security] by @​renovate[bot] in #​719

New Contributors

• @​benmccann made their first contribution in #​705

Full Changelog: sequelize/umzug@v3.8.2...v3.8.3

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.68%. Comparing base (8177a8e) to head (4a03865).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #487   +/-   ##
========================================
  Coverage    63.68%   63.68%           
========================================
  Files           83       83           
  Lines         1005     1005           
  Branches        89       89           
========================================
  Hits           640      640           
  Misses         351      351           
  Partials        14       14           

Flag	Coverage Δ
server	63.68% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.