Bump semver, bcrypt, jsonwebtoken, pg, sequelize, sequelize-cli and nodemon

[dependabot]

Bumps semver to 7.5.4 and updates ancestor dependencies semver, bcrypt, jsonwebtoken, pg, sequelize, sequelize-cli and nodemon. These dependencies need to be updated together.

Updates semver from 4.3.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates bcrypt from 3.0.6 to 5.1.0

Release notes

Sourced from bcrypt's releases.

v5.1.0

What's Changed

• Update node-pre-gyp to 1.0.2 by @​feuxfollets1013 in kelektiv/node.bcrypt.js#865
• Update README for inclusion of musl by @​arbourd in kelektiv/node.bcrypt.js#883
• Version bump, security updates to sub dep npmlog by @​adaniels-parabol in kelektiv/node.bcrypt.js#905
• document ESM usage (#892) by @​mariusa in kelektiv/node.bcrypt.js#899
• fix: update travis CI Docker image repository by @​cokia in kelektiv/node.bcrypt.js#930
• Update node versions in appveyor test matrix by @​p-kuen in kelektiv/node.bcrypt.js#936
• chore(appveyor): not use latest npm by @​cokia in kelektiv/node.bcrypt.js#932
• chore: update Appveyor readme badge by @​cokia in kelektiv/node.bcrypt.js#933
• Use Github actions for CI by @​recrsn in kelektiv/node.bcrypt.js#858
• Update dependencies by @​recrsn in kelektiv/node.bcrypt.js#953
• Migrate tests to use Jest by @​recrsn in kelektiv/node.bcrypt.js#958
• Pin NAPI to v3 by @​recrsn in kelektiv/node.bcrypt.js#959

New Contributors

• @​feuxfollets1013 made their first contribution in kelektiv/node.bcrypt.js#865
• @​arbourd made their first contribution in kelektiv/node.bcrypt.js#883
• @​adaniels-parabol made their first contribution in kelektiv/node.bcrypt.js#905
• @​mariusa made their first contribution in kelektiv/node.bcrypt.js#899
• @​cokia made their first contribution in kelektiv/node.bcrypt.js#930
• @​p-kuen made their first contribution in kelektiv/node.bcrypt.js#936

Full Changelog: kelektiv/node.bcrypt.js@v5.0.1...v5.1.0

v5.0.1

Update node-pre-gyp to 1.0.0

v5.0.0

• Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug was unsuccessful.
• Experimental support for z/OS
• Fix a bug related to NUL in password input
• Update node-pre-gyp to 0.15.0

v4.0.1

bcrypt 4.0.1

v4.0.0

NAPI support

v3.0.8

• Update node-pre-gyp to 0.14
• Pre-built binaries for NodeJS 13

v3.0.7

bcrypt 3.0.7

Changelog

Sourced from bcrypt's changelog.

5.1.0 (2022-10-06)

• Update node-pre-gyp to 1.0.10
• Replace nodeunit with jest as the testing library

5.0.1 (2021-02-22)

• Update node-pre-gyp to 1.0.0

5.0.0 (2020-06-02)

• Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug was unsuccessful.
• Experimental support for z/OS
• Fix a bug related to NUL in password input
• Update node-pre-gyp to 0.15.0

4.0.1 (2020-02-27)

• Fix compilation errors in Alpine linux

4.0.0 (2020-02-17)

• Switch to NAPI bcrypt
• Drop support for NodeJS 8

3.0.8 (2019-12-31)

• Update node-pre-gyp to 0.14
• Pre-built binaries for NodeJS 13

3.0.7 (2019-10-18)

• Update nan to 2.14.0
• Update node-pre-gyp to 0.13

Commits

• fc225b1 Merge pull request #960 from kelektiv/release-v5-1-0
• 809ad03 Prepare for v5.1.0
• 9eec9e8 Merge pull request #959 from kelektiv/release-v5-1-0
• b309eaf Pin NAPI to v3
• 9d6516a Merge pull request #958 from kelektiv/jest
• 5a2b952 Increase test timeout
• 8d201d1 Move tests to use Jest
• 5a7082a Merge pull request #955 from kelektiv/github-actions
• fa5bc55 Fix github actions
• 86aa111 Merge pull request #953 from kelektiv/version-update
• Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.1

Changelog

Sourced from jsonwebtoken's changelog.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jake.lacey, a new releaser for jsonwebtoken since your current version.

Updates pg from 6.4.2 to 8.11.1

Changelog

Sourced from pg's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

pg@8.7.0

• Add optional config to pool to allow process to exit if pool is idle.

pg-cursor@2.7.0

• Convert to es6 class
• Add support for promises to cursor methods

pg@8.6.0

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.
• Fix typescript typedefs with --isolatedModules.

pg-query-stream@4.0.0

• Library has been converted to Typescript. The behavior is identical, but there could be subtle breaking changes due to class names changing or other small inconsistencies introduced by the conversion.

pg@8.5.0

... (truncated)

Commits

• eaafac3 Publish
• d59cd15 fix stack traces of query() to include the async context (#1762) (#2983)
• dee3ae5 feat: add connection parameter nativeConnectionString (#2941)
• 3039f1d Revert "Update utils.js (#2981)"
• 522e2dc Update utils.js (#2981)
• 14b840e Publish
• f206293 Clean up pg-native in Makefile better
• 7152d4d Add example Cloudflare Worker and test
• 0755342 Add Cloudflare Worker compatible socket
• 5532ca5 Use WebCrypto APIs where possible
• Additional commits viewable in compare view

Updates sequelize from 5.15.1 to 6.32.1

Release notes

Sourced from sequelize's releases.

v6.32.1

6.32.1 (2023-06-17)

Bug Fixes

• bump dependencies (#16119) (a3213f0)

v6.32.0

6.32.0 (2023-06-01)

Bug Fixes

• move types condition to the front (#16085) (99c3530)
• oracle: For Raw queries avoid converting the input parameters passed (#16067) (fd38e79)
• oracle: reordered check constraint for unsigned numeric type (#16074) (5c8250e)

Features

• oracle: add new error messages introduced in new driver version (#16075) (e07eefb)
• oracle: add width support for numerictype (#16073) (af4f0ae)

v6.31.1

6.31.1 (2023-05-01)

Bug Fixes

• postgres: adds support for minifying through join aliases (#15897) (a9fd501)

v6.31.0

6.31.0 (2023-04-09)

Bug Fixes

• postgres: prevent crash if postgres connection emits multiple errors (#15868) (58576dd)
• update Slack invitation link (#15849) (9d864be)

Features

• add beforePoolAcquire and afterPoolAcquire hooks (#15874) (f2a4535)

v6.30.0

6.30.0 (2023-03-24)

... (truncated)

Commits

• a3213f0 fix: bump dependencies (#16119)
• 99c3530 fix: move types condition to the front (#16085)
• af4f0ae feat(oracle): add width support for numerictype (#16073)
• e07eefb feat(oracle): add new error messages introduced in new driver version (#16075)
• 5c8250e fix(oracle): reordered check constraint for unsigned numeric type (#16074)
• fd38e79 fix(oracle): For Raw queries avoid converting the input parameters passed (#1...
• eb71077 meta: use Node 18 in CI (#16000)
• a9fd501 fix(postgres): adds support for minifying through join aliases (#15897)
• f2a4535 feat: add beforePoolAcquire and afterPoolAcquire hooks (#15874)
• 58576dd fix(postgres): prevent crash if postgres connection emits multiple errors (#1...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.

Updates sequelize-cli from 4.1.1 to 6.6.1

Release notes

Sourced from sequelize-cli's releases.

v6.6.1

6.6.1 (2023-06-05)

Bug Fixes

• include .cts files when discovering migrations (#1273) (4ddb8d4)

v6.6.0

6.6.0 (2023-01-25)

Bug Fixes

• only show error detail when error.original is defined (#1241) (8ba4748)

Features

• add support for test files colocated with models (#1187) (6ba32e1)

v6.5.2

6.5.2 (2022-10-26)

Bug Fixes

• types: add type declarations to package (#1185) (5dc5df3)

v6.5.1

6.5.1 (2022-09-27)

Bug Fixes

• postgres: add ERROR detail to output of migration (#1142) (497b805)

v6.4.1

6.4.1 (2022-01-15)

Bug Fixes

• fix config import breaking on windows (#995) (acbc66f)

v6.4.0

6.4.0 (2022-01-14)

Bug Fixes

... (truncated)

Changelog

Sourced from sequelize-cli's changelog.

Change Log

All notable changes to this project will be documented in this file.

Future

v6.3.0 - Nov 3rd, 2021

Fixed

• Formatting in documentation
• Fix linting errors

Chore

• Update dependencies

v6.2.0 - 5th, July 2020

Feature

• feat: support migrations files with ts file extension #915

v6.1.0 - 27th, June 2020

Fixed

• fix(timestamps): support for timestamps in migration tables #899

v6.0.0 - 24th, June 2020

Fixed

• fix: support for sequelize@6

v6.0.0-beta.3 - 21st, June 2020

Fixed

• fix: print correct migration name #663

Feature

• feat: modernize skeleton with async #909

v6.0.0-beta.2 - 21st, June 2020

Fixed

• db:seed:undo now reverts last seed #908

... (truncated)

Commits

• dc0317c Merge branch 'main' into v6
• 08a1286 build(deps): lock file maintenance (#1311)
• ab59678 chore(deps): update dependency sequelize to v6.32.0 (#1309)
• f72aabe chore(deps): update commitlint monorepo to v17.6.5 (#1308)
• 9ef5056 build(deps): lock file maintenance (#1307)
• 534f512 chore(deps): update babel monorepo (#1305)
• ead462d build(deps): lock file maintenance (#1288)
• 5ed8eac chore(deps): update commitlint monorepo to v17.6.3 (#1300)
• 4f1b11d meta: pin mysql2 to 3.2.0 (#1294)
• 60a925d chore(deps): update dependency @​babel/core to v7.21.8 (#1299)
• Additional commits viewable in compare view

Updates nodemon from 1.19.1 to 3.0.1

Release notes

Sourced from nodemon's releases.

v3.0.1

3.0.1 (2023-07-09)

Bug Fixes

• restore default ext watch behaviour (95bee00), closes #2124 #1957

v3.0.0

3.0.0 (2023-07-08)

Bug Fixes

• also watch cjs (86d5f40)
• node@10 support back in (af3b9e2)
• semver vuln dep (6bb8766), closes #2119

Features

• always use polling on IBM i (3b58104)

BREAKING CHANGES

• official support for node@8 dropped.

However there's no function being used in semver that breaks node 8, so it's technically still possible to run with node 8, but it will no longer be supported (or tested in CI).

v2.0.22

2.0.22 (2023-03-22)

Bug Fixes

• remove ts mapping if loader present (f7816e4), closes #2083

v2.0.21

2.0.21 (2023-03-02)

Bug Fixes

• remove ts mapping if loader present (1468397), closes #2083

v2.0.20

2.0.20 (2022-09-16)

... (truncated)

Commits

• e4c163f Merge branch 'main' of github.com:remy/nodemon
• 95bee00 fix: restore default ext watch behaviour
• f219dcc test: Update release.yml to use ubuntu-latest (#2123)
• af3b9e2 fix: node@10 support back in
• a3f0e12 test: package wasn't installing
• 8ded28c docs: update test runners and add TODO
• 83ef51d chore: website supporters
• 86d5f40 fix: also watch cjs
• 7881f05 chore: remove legacy .nodemon support
• 04302b8 Merge branch 'Vindeep07-develop'
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.