JavaScript: fix reported mysql/handlebars vulns (#4918)

* JavaScript: fix reported mysql/handlebars vulns

* sequelize > 5 uses findByPk instead of findById

frameworks/JavaScript/express/package.json

@@ -12,10 +12,10 @@
     "graphql-tools": "3.1.1",
     "mongoose": "5.0.6",
     "mysql": "2.16.0",
-    "mysql2": "1.6.1",
+    "mysql2": "1.6.5",
     "pg": "4.5.7",
     "pg-promise": "8.4.6",
     "pug": "2.0.1",
-    "sequelize": "3.32.1"
+    "sequelize": "5.10.0"
   }
 }

frameworks/JavaScript/express/resolver.js

@@ -55,7 +55,7 @@ async function arrayOfRandomWorlds(totalWorldToReturn) {
 
     return new Promise(async (resolve, reject) => {
         for(var i = 0; i < totalIterations; i++) {
-            let world = await World.findById(helper.randomizeNum());
+            let world = await World.findByPk(helper.randomizeNum());
             arr.push(world);
         }
         if(arr.length == totalIterations) {
@@ -72,7 +72,7 @@ async function updateRandomWorlds(totalToUpdate) {
     return new Promise(async (resolve, reject) => {
         for(var i = 0; i < total; i++) {
 
-            const world = await World.findById(helper.randomizeNum());
+            const world = await World.findByPk(helper.randomizeNum());
             world.updateAttributes({
                 randomNumber: helper.randomizeNum()
             })
@@ -96,9 +96,9 @@ module.exports = {
     Query: {
         helloWorld: () => sayHello(),
         getAllWorlds: async() => await World.findAll(),
-        singleDatabaseQuery: async() => await World.findById(helper.randomizeNum()),
+        singleDatabaseQuery: async() => await World.findByPk(helper.randomizeNum()),
         multipleDatabaseQueries: async(parent, args) => await arrayOfRandomWorlds(args.total),
-        getWorldById: async(parent, args) => await World.findById(args.id),
+        getWorldById: async(parent, args) => await World.findByPk(args.id),
         getAllFortunes: async() => await Fortune.findAll(),
         getRandomAndUpdate: async(parent, args) => await updateRandomWorlds(args.total)
     },
@@ -111,4 +111,4 @@ module.exports = {
             return await World.update({id: args.id, randomNumber: args.randomNumber});
         }
     }
-}
+}

frameworks/JavaScript/hapi/package.json

@@ -5,13 +5,14 @@
   "dependencies": {
     "async": "2.1.5",
     "bluebird": "3.4.7",
-    "handlebars": "4.0.14",
+    "handlebars": "4.1.2",
     "hapi": "16.1.1",
     "vision": "4.1.0",
     "mongoose": "5.0.6",
     "mysql": "2.16.0",
+    "mysql2": "1.6.5",
     "pg": "6.1.6",
     "pg-hstore": "2.3.2",
-    "sequelize": "3.30.2"
+    "sequelize": "5.10.0"
   }
 }

frameworks/JavaScript/koa/package.json

@@ -6,7 +6,7 @@
   "private": true,
   "dependencies": {
     "bluebird": "3.5.1",
-    "handlebars": "4.0.14",
+    "handlebars": "4.1.2",
     "koa": "2.5.0",
     "koa-bodyparser": "4.2.0",
     "koa-hbs": "1.0.0",
@@ -15,6 +15,6 @@
     "mysql2": "1.5.3",
     "pg": "7.4.1",
     "pg-hstore": "2.3.2",
-    "sequelize": "4.37.3"
+    "sequelize": "5.10.0"
   }
 }

frameworks/JavaScript/nodejs/package.json

@@ -4,14 +4,15 @@
   "private": true,
   "dependencies": {
     "async": "2.5.0",
-    "handlebars": "4.0.14",
+    "handlebars": "4.1.2",
     "mongodb": "2.2.33",
     "mongoose": "4.12.4",
     "mysql": "2.16.0",
+    "mysql2": "1.6.5",
     "parseurl": "1.3.2",
     "pg": "6.1.6",
     "pg-hstore": "2.3.2",
-    "sequelize": "3.32.1",
+    "sequelize": "5.10.0",
     "node-cache": "4.1.1"
   },
   "main": "app.js"

frameworks/JavaScript/sailsjs/package.json

@@ -8,14 +8,15 @@
     "async": "1.5.2",
     "bluebird": "3.4.1",
     "ejs": "2.5.7",
-    "handlebars": "4.0.14",
+    "handlebars": "4.1.2",
     "mysql": "2.16.0",
+    "mysql2": "1.6.5",
     "pg": "6.0.5",
     "pg-hstore": "2.3.2",
     "rc": "1.1.6",
     "sails": "0.12.7",
     "sails-disk": "0.10.10",
-    "sequelize": "3.32.1"
+    "sequelize": "5.10.0"
   },
   "scripts": {
     "start": "node app.js",