[Snyk] Fix for 10 vulnerabilities

[dgrant069]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	SQL Injection npm:sql:20180512	Yes	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sequelize

The new version differs by 250 commits.

• 511ae27 release(2.0.0)
• ef15741 Merge pull request #3091 from sequelize/travis-0.12
• a7d4f88 run node.js 0.12 on travis
• 81748fe [ci skip] add io.js to readme
• fa5758c Merge pull request #3090 from sequelize/iojs-travis
• 745a77f match lowercase p in port
• a65fb69 remove mssql as allowed failure
• 7c96f60 remove allow failures for mysql, maria and sqlite
• 583d0b8 log error message
• 6652e5b remove io.js coverage (should not be needed)
• 4e37847 fix auth test expectations
• 761ed19 remove mariasql dependency
• 9fe17a9 Merge branch 'enhancement/add-iojs-support-to-travis-yml' of https://github.com/seegno-forks/sequelize into iojs
• ef5af00 Merge pull request #3087 from sequelize/mariadb-replacement
• 81750a8 Update event emitter deprecation notice
• c1e802b skip bad test for now
• aab0cb3 remove hardcoded connection manager include
• 14c5a95 remove hard require to query generator (should go through dialect instead)
• 390e36c use proper inheritance
• 033e9a4 remove mariadb connector, use mysql instead
• f5f58ec Merge pull request #3014 from sequelize/refactor-data-types
• f535c63 implement review changes
• 07a559c move more logic to data types
• 2e166e6 Implement dialect specific data types

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 SQL Injection