fix(deps): update dependency sequelize to v4.44.4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sequelize (source)	4.39.0 -> 4.44.4

GitHub Vulnerability Alerts

CVE-2019-10752

Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json() incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example:

  where: this.sequelize.json("data.id')) AS DECIMAL) = 1 DELETE YOLO INJECTIONS; -- ", 1)
});```

## Recommendation

If you are using `sequelize` 5.x, upgrade to version 5.15.1 or later.
If you are using `sequelize` 4.x, upgrade to version 4.44.3 or later.

#### [CVE-2019-10748](https://nvd.nist.gov/vuln/detail/CVE-2019-10748)

Affected versions of `sequelize` are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects,  which may allow attackers to inject SQL statements and execute arbitrary SQL queries.

## Recommendation

If you are using `sequelize` 5.x, upgrade to version 5.8.11 or later.
If you are using `sequelize` 4.x, upgrade to version 4.44.3 or later.
If you are using `sequelize` 3.x, upgrade to version 3.35.1 or later.

#### [GHSA-fw4p-36j9-rrj3](https://togithub.com/sequelize/sequelize/pull/11877)

Versions of `sequelize` prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a `TypeError` exception for the `results` variable. The `results` value may be undefined and trigger the error on a `.map` call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.  

The following proof-of-concept crashes the Node process:  

const Sequelize = require('sequelize');

const sequelize = new Sequelize({
dialect: 'sqlite',
storage: 'database.sqlite'
});

const TypeError = sequelize.define('TypeError', {
name: Sequelize.STRING,
});

TypeError.sync({force: true}).then(() => {
return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});

## Recommendation

Upgrade to version 4.44.4 or later.

---

### Release Notes

<details>
<summary>sequelize/sequelize</summary>

### [`v4.44.4`](https://togithub.com/sequelize/sequelize/releases/v4.44.4)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.44.3...v4.44.4)

##### Bug Fixes

-   **sqlite:** properly catch errors ([#&#8203;11877](https://togithub.com/sequelize/sequelize/issues/11877)) ([8931bf6](https://togithub.com/sequelize/sequelize/commit/8931bf6c567b4cb3b35de8993cf74c82008b4275))

### [`v4.44.3`](https://togithub.com/sequelize/sequelize/releases/v4.44.3)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.44.2...v4.44.3)

##### Security

This release fixes two security issues for MySQL, both affecting same component.

<https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221>

-   **mysql:** json path security issues ([#&#8203;11332](https://togithub.com/sequelize/sequelize/issues/11332)) ([efd2f40](https://togithub.com/sequelize/sequelize/commit/efd2f40))

### [`v4.44.2`](https://togithub.com/sequelize/sequelize/releases/v4.44.2)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.44.1...v4.44.2)

##### Bug Fixes

-   use files and remove .npmignore ([6674a3c](https://togithub.com/sequelize/sequelize/commit/6674a3c))

### [`v4.44.1`](https://togithub.com/sequelize/sequelize/releases/v4.44.1)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.44.0...v4.44.1)

##### Bug Fixes

-   **pool:** destroy pooled errors properly with replication ([#&#8203;11140](https://togithub.com/sequelize/sequelize/issues/11140)) ([a1ccf04](https://togithub.com/sequelize/sequelize/commit/a1ccf04))

### [`v4.44.0`](https://togithub.com/sequelize/sequelize/releases/v4.44.0)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.43.2...v4.44.0)

##### Bug Fixes

-   **redshift:** allow standard_conforming_strings option ([#&#8203;10816](https://togithub.com/sequelize/sequelize/issues/10816)) ([a32263f](https://togithub.com/sequelize/sequelize/commit/a32263f))

##### Features

-   **postgres:** enable standard conforming strings when required ([#&#8203;10746](https://togithub.com/sequelize/sequelize/issues/10746)) ([c9d3a97](https://togithub.com/sequelize/sequelize/commit/c9d3a97))

### [`v4.43.2`](https://togithub.com/sequelize/sequelize/releases/v4.43.2)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.43.1...v4.43.2)

##### Bug Fixes

-   **mssql:** subquery handling for order ([#&#8203;10769](https://togithub.com/sequelize/sequelize/issues/10769)) ([73d7a65](https://togithub.com/sequelize/sequelize/commit/73d7a65))

### [`v4.43.1`](https://togithub.com/sequelize/sequelize/releases/v4.43.1)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.43.0...v4.43.1)

##### Bug Fixes

-   **mysql:** boolean TINYINT support ([#&#8203;10660](https://togithub.com/sequelize/sequelize/issues/10660)) ([2f92e21](https://togithub.com/sequelize/sequelize/commit/2f92e21))

### [`v4.43.0`](https://togithub.com/sequelize/sequelize/releases/v4.43.0)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.42.1...v4.43.0)

##### Features

-   **datatypes:** handle numbers passed as objects for bigint ([#&#8203;10496](https://togithub.com/sequelize/sequelize/issues/10496)) ([de39cff](https://togithub.com/sequelize/sequelize/commit/de39cff))

### [`v4.42.1`](https://togithub.com/sequelize/sequelize/releases/v4.42.1)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.42.0...v4.42.1)

##### Bug Fixes

-   locking generic-pool to 3.5.0 ([00e4984](https://togithub.com/sequelize/sequelize/commit/00e4984))

### [`v4.42.0`](https://togithub.com/sequelize/sequelize/releases/v4.42.0)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.41.2...v4.42.0)

##### Features

-   **transaction:** afterCommit hook ([#&#8203;10260](https://togithub.com/sequelize/sequelize/issues/10260)) ([d2428dd](https://togithub.com/sequelize/sequelize/commit/d2428dd))

### [`v4.41.2`](https://togithub.com/sequelize/sequelize/releases/v4.41.2)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.41.1...v4.41.2)

##### Bug Fixes

-   **query-generator:** add offset to unioned queries ([#&#8203;10149](https://togithub.com/sequelize/sequelize/issues/10149)) ([34e9fe1](https://togithub.com/sequelize/sequelize/commit/34e9fe1))

### [`v4.41.1`](https://togithub.com/sequelize/sequelize/releases/v4.41.1)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.41.0...v4.41.1)

##### Bug Fixes

-   **syntax:** correct parentheses around union ([#&#8203;9813](https://togithub.com/sequelize/sequelize/issues/9813)) ([#&#8203;10003](https://togithub.com/sequelize/sequelize/issues/10003)) ([#&#8203;10121](https://togithub.com/sequelize/sequelize/issues/10121)) ([4ff79dc](https://togithub.com/sequelize/sequelize/commit/4ff79dc))

### [`v4.41.0`](https://togithub.com/sequelize/sequelize/releases/v4.41.0)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.40.0...v4.41.0)

##### Features

-   deprecate aliases removed from v5.beta ([1bc8b0e](https://togithub.com/sequelize/sequelize/commit/1bc8b0e)) ([c6c2d17](https://togithub.com/sequelize/sequelize/commit/c6c2d17))

### [`v4.40.0`](https://togithub.com/sequelize/sequelize/releases/v4.40.0)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.39.1...v4.40.0)

##### Features

-   **associations:** enable overwrite unique constraint key name ([#&#8203;10045](https://togithub.com/sequelize/sequelize/issues/10045)) ([43ab707](https://togithub.com/sequelize/sequelize/commit/43ab707))

### [`v4.39.1`](https://togithub.com/sequelize/sequelize/releases/v4.39.1)

[Compare Source](https://togithub.com/sequelize/sequelize/compare/v4.39.0...v4.39.1)

##### Bug Fixes

-   **validators:** backport memory leak fix for isImmutable ([#&#8203;9973](https://togithub.com/sequelize/sequelize/issues/9973)) ([#&#8203;10031](https://togithub.com/sequelize/sequelize/issues/10031)) ([8fe475b](https://togithub.com/sequelize/sequelize/commit/8fe475b))

</details>

---

### Renovate configuration

:date: **Schedule**: "" (UTC).

:vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

:recycle: **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/wise-team/steem-wise-sql).