npm reports Sequelize vulnerability #62
Description
Looks like we need to upgrade the version (apologies for not PR'ing that change, wanted to at least file the issue). However perhaps I'm not understanding this correctly, as I'm not really a JS developer.
$ cd examples-orms/node/sequelize
$ npm install
added 112 packages from 146 contributors and audited 226 packages in 2.523s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
╭───────────────────────────────────────────────────────────────╮
│ │
│ New minor version of npm available! 6.5.0 → 6.9.0 │
│ Changelog: https://github.com/npm/cli/releases/tag/v6.9.0 │
│ Run npm i -g npm to update! │
│ │
╰───────────────────────────────────────────────────────────────╯
$ npm audit
=== npm audit security report ===
# Run npm install [email protected] to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ NoSQL Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ sequelize │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ sequelize │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ sequelize │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/820 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 226 scanned packages
1 vulnerability requires semver-major dependency updates.
$ npm audit fix
up to date in 0.42s
fixed 0 of 1 vulnerability in 226 scanned packages
1 package update for 1 vuln involved breaking changes
(use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)