Skip to content

Releases: sequelize/umzug

v3.8.3

Choose a tag to compare

@mmkal mmkal released this 01 May 22:22

mostly just a security patch update

pnpm audit --prod output before 4272daa:

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Validator is Vulnerable to Incomplete Filtering of One │
│                     │ or More Instances of Special Elements                  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ validator                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <13.15.22                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=13.15.22                                             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > @rushstack/ts-command-line@4.19.1 >                │
│                     │ @rushstack/terminal@0.10.0 >                           │
│                     │ @rushstack/node-core-library@4.0.2 > z-schema@5.0.5 >  │
│                     │ validator@13.11.0                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-vghf-hv5q-vc2g      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Picomatch has a ReDoS vulnerability via extglob        │
│                     │ quantifiers                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ picomatch                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.0.4                                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.0.4                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > tinyglobby@0.2.13 > fdir@6.4.4 > picomatch@4.0.2   │
│                     │                                                        │
│                     │ . > tinyglobby@0.2.13 > picomatch@4.0.2                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-c2c7-rcm5-vvqj      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ validator.js has a URL validation bypass vulnerability │
│                     │ in its isURL function                                  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ validator                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <13.15.20                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=13.15.20                                             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > @rushstack/ts-command-line@4.19.1 >                │
│                     │ @rushstack/terminal@0.10.0 >                           │
│                     │ @rushstack/node-core-library@4.0.2 > z-schema@5.0.5 >  │
│                     │ validator@13.11.0                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-9965-vmph-33xx      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ Picomatch: Method Injection in POSIX Character Classes │
│                     │ causes incorrect Glob Matching                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ picomatch                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.0.4                                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.0.4                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > tinyglobby@0.2.13 > fdir@6.4.4 > picomatch@4.0.2   │
│                     │                                                        │
│                     │ . > tinyglobby@0.2.13 > picomatch@4.0.2                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-3v7f-55p6-f55p      │
└─────────────────────┴────────────────────────────────────────────────────────┘
4 vulnerabilities found
Severity: 2 moderate | 2 high

pnpm audit --prod output after 4272daa:

No known vulnerabilities found

What's Changed

New Contributors

Full Changelog: v3.8.2...v3.8.3

v3.8.2

Choose a tag to compare

@mmkal mmkal released this 23 Sep 17:46
  • fix: resolve esm file path issue and '<<cwd>>' (example tests) on windows (#678) 3baccd6

v3.8.1...v3.8.2

v3.8.1

Choose a tag to compare

@mmkal mmkal released this 04 Jun 16:39

What's Changed

  • fix: use undefined when charset and collate options are not supported by @EinfachHans in #673

New Contributors

Full Changelog: v3.8.0...v3.8.1

v3.8.0

Choose a tag to compare

@mmkal mmkal released this 04 Apr 01:58

What's Changed

Full Changelog: v3.7.0...v3.8.0

v3.7.0

Choose a tag to compare

@mmkal mmkal released this 13 Feb 18:40
  • create: allow specifying content directly 543a45d

v3.6.1...v3.7.0

v3.6.1

Choose a tag to compare

@mmkal mmkal released this 31 Jan 18:30

v3.6.0...v3.6.1

v3.6.0

Choose a tag to compare

@mmkal mmkal released this 31 Jan 18:18

What's Changed

  • fix(deps): update dependency glob to v8.1.0 by @renovate in #639
  • Fix DeprecationWarning for Sequelize V7 by @anroypaul in #644
  • fix(deps): update dependency type-fest to v4 by @renovate in #647
  • fix(deps): update dependency pony-cause to v2.1.10 by @renovate in #616

New Contributors

  • @anroypaul made their first contribution in #644

Full Changelog: v3.5.1...v3.6.0

v3.5.1

Choose a tag to compare

@mmkal mmkal released this 31 Jan 18:17

What's Changed

  • Snowflake does not explicitly support collation in the same way as some other databases by @lbazetto in #641

New Contributors

Full Changelog: v3.5.0...v3.5.1

v3.5.0

Choose a tag to compare

@mmkal mmkal released this 15 Dec 03:14

What's Changed

  • stop using super-old import x = require('x') syntax in #629
  • document ts-command-line error handling in #633
  • feat: non-breaking ESM support 🤝 in #613

Full Changelog: v3.4.0...v3.5.0

v3.5.0-0

v3.5.0-0 Pre-release
Pre-release

Choose a tag to compare

@mmkal mmkal released this 06 Nov 18:48

Better ESM support: #613