Skip to content

chore(deps-dev): bump sequelize from 6.21.2 to 6.37.8 in /services/libs/data-access-layer#3910

Merged
ulemons merged 3 commits intomainfrom
dependabot/npm_and_yarn/services/libs/data-access-layer/sequelize-6.37.8
Mar 26, 2026
Merged

chore(deps-dev): bump sequelize from 6.21.2 to 6.37.8 in /services/libs/data-access-layer#3910
ulemons merged 3 commits intomainfrom
dependabot/npm_and_yarn/services/libs/data-access-layer/sequelize-6.37.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 11, 2026
edited by cursor bot
Loading

Bumps sequelize from 6.21.2 to 6.37.8.

Release notes

Sourced from sequelize's releases.

v6.37.8

6.37.8 (2026-03-07)

Security improvements

v6.37.7

6.37.7 (2025-03-28)

Bug Fixes

  • oracle: fix changeColumn SQL for BLOB to avoid implicit conversion (#17719) (5b7c801)

v6.37.6

6.37.6 (2025-03-04)

Meta

v6.37.5

6.37.5 (2024-10-25)

Bug Fixes

v6.37.4

6.37.4 (2024-10-04)

Bug Fixes

  • oracle: add support for Oracle Database 23ai (#17345) (b9e71a7)
  • oracle: validate input with TO_TIMESTAMP_TZ and TO_DATE (#17516) (5deadd2)

v6.37.3

6.37.3 (2024-04-13)

... (truncated)

Commits
  • cb7f99a fix: validate cast types in JSON where clauses
  • b147528 Merge commit from fork
  • 4b8b5b9 meta: Fix MSSQL CI (#17931)
  • 5b7c801 fix(oracle): fix changeColumn SQL for BLOB to avoid implicit conversion (#17...
  • 5623e2d ci: use ubuntu-22.04 for jobs that use Node 10 (#17724)
  • ef3bffb fix: add call for new maintainers to README (#17701)
  • fce5ad3 fix: cast numbers in DataTypes.STRING to strings (#17564)
  • 78a9733 meta: ignore mssql failures for releasing v6 (#17524)
  • 5deadd2 fix(oracle): validate input with TO_TIMESTAMP_TZ and TO_DATE (#17516)
  • b9e71a7 fix(oracle): add support for Oracle Database 23ai (#17345)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wikirik, a new releaser for sequelize since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Medium Risk
Upgrading the ORM can subtly change query generation, validation, and connection behavior, so regressions may surface at runtime despite being a dependency-only change.

Overview
Updates sequelize from 6.21.2 to 6.37.8 in the backend and @crowd/data-access-layer (and aligns pnpm-lock.yaml).

Lockfile changes pull in updated Sequelize transitive dependencies (e.g., retry-as-promised, moment, debug) and adjust workspace entries, reflecting the new dependency graph.

Written by Cursor Bugbot for commit e4bbb0b. This will update automatically on new commits. Configure here.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 11, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Mar 11, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ dependabot[bot]
❌ ulemons
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 11, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

1 similar comment
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 11, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

@joanagmaia joanagmaia requested a review from ulemons March 23, 2026 17:24
@ulemons ulemons force-pushed the dependabot/npm_and_yarn/services/libs/data-access-layer/sequelize-6.37.8 branch from f1b31d1 to 3bf479e Compare March 26, 2026 10:58
@ulemons ulemons self-assigned this Mar 26, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

2 similar comments
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

dependabot bot and others added 3 commits March 26, 2026 14:58
@dependabot @ulemons
chore(deps-dev): bump sequelize in /services/libs/data-access-layer
2bf4320 
Bumps [sequelize](https://github.com/sequelize/sequelize) from 6.21.2 to 6.37.8.
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Changelog](https://github.com/sequelize/sequelize/blob/main/CHANGELOG.md)
- [Commits](sequelize/sequelize@v6.21.2...v6.37.8)

---
updated-dependencies:
- dependency-name: sequelize
  dependency-version: 6.37.8
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@ulemons
fix: update pnpm lockfile after sequelize bump
5cd30b9 
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
@ulemons
fix: align sequelize to 6.37.8 across workspace
e4bbb0b 
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
@ulemons ulemons force-pushed the dependabot/npm_and_yarn/services/libs/data-access-layer/sequelize-6.37.8 branch from 5018ffd to e4bbb0b Compare March 26, 2026 13:58
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

@ulemons ulemons merged commit a14dbf9 into main Mar 26, 2026
14 checks passed
@ulemons ulemons deleted the dependabot/npm_and_yarn/services/libs/data-access-layer/sequelize-6.37.8 branch March 26, 2026 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ulemons ulemons Awaiting requested review from ulemons

Assignees

@ulemons ulemons

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CLAassistant @ulemons