From 63c96e7359fff1cbb6198ac0d684cff0cc675667 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Fri, 12 Apr 2019 12:05:32 +0800 Subject: fix: upgrade sequelize to latest version to fix CVE Signed-off-by: BoHong Li --- package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'package.json') diff --git a/package.json b/package.json index bb516a2e..7fce9527 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "codemirror": "git+https://github.com/hackmdio/CodeMirror.git", "compression": "^1.6.2", "connect-flash": "^0.1.1", - "connect-session-sequelize": "^4.1.0", + "connect-session-sequelize": "^6.0.0", "cookie": "0.3.1", "cookie-parser": "1.4.3", "deep-freeze": "^0.0.1", @@ -113,8 +113,7 @@ "scrypt-async": "^2.0.1", "scrypt-kdf": "^2.0.1", "select2": "^3.5.2-browserify", - "sequelize": "^3.28.0", - "sequelize-cli": "^2.5.1", + "sequelize": "5.3.2", "shortid": "2.2.8", "socket.io": "~2.1.1", "socket.io-client": "~2.1.1", @@ -194,6 +193,7 @@ "mocha": "^5.2.0", "mock-require": "^3.0.3", "optimize-css-assets-webpack-plugin": "^5.0.0", + "sequelize-cli": "^5.4.0", "script-loader": "^0.7.2", "string-loader": "^0.0.1", "style-loader": "^0.21.0", -- cgit v1.2.3