Breaking Changes

Support for Node 6 and up

Sequelize v5 will only support Node 6 and up #9015

Secure Operators

With v4 you started to get a deprecation warning String based operators are now deprecated. Also concept of operators was introduced. These operators are Symbols which prevent hash injection attacks.

operators-security

With v5

• Operators are now enabled by default.
• You can still use string operators by passing an operators map in operatorsAliases, but that will give you deprecation warning.
• Op.$raw is removed

Typescript Support

Sequelize now ship official typings #10287. You can consider migrating away from external typings which may get out of sync.

Pooling

With v5 Sequelize now use sequelize-pool which is a modernized fork of generic-pool@2.5. You no longer need to call sequelize.close to shutdown pool, this helps with lambda executions. #8468

Model

Validators

Custom validators defined per attribute (as opposed to the custom validators defined in the model's options) now run when the attribute's value is null and allowNull is true (while previously they didn't run and the validation succeeded immediately). To avoid problems when upgrading, please check all your custom validators defined per attribute, where allowNull is true, and make sure all these validators behave correctly when the value is null. See #9143.

Attributes

Model.attributes now removed, use Model.rawAttributes. #5320

Note: Please don't confuse this with options.attributes, they are still valid

Paranoid Mode

With v5 if deletedAt is set, record will be considered as deleted. paranoid option will only use deletedAt as flag. #8496

Model.bulkCreate

updateOnDuplicate option which used to accept boolean and array, now only accepts non-empty array of attributes. #9288

Underscored Mode

Implementation of Model.options.underscored is changed. You can find full specifications here.

Main outline

• Both underscoredAll and underscored options are merged into single underscored option
• All attributes are now generated with camelcase naming by default. With the underscored option set to true, the field option for attributes will be set as underscored version of attribute name.
• underscored will control all attributes including timestamps, version and foreign keys. It will not affect any attribute which already specifies the field option.#9304

Removed aliases

Many model based aliases has been removed #9372

Datatypes

Range

Now supports only one standard format [{ value: 1, inclusive: true }, { value: 20, inclusive: false }] #9364

Case insensitive text

Added support for CITEXT for Postgres and SQLite

Removed

NONE type has been removed, use VIRTUAL instead

Hooks

Removed aliases

Hooks aliases has been removed #9372

Sequelize

Removed aliases

Prototype references for many constants, objects and classes has been removed #9372

import Sequelize from 'sequelize';
const sequelize = new Sequelize('postgres://user:password@127.0.0.1:mydb');
/**
 * In v4 you can do this
 */
console.log(sequelize.Op === Sequelize.Op) // logs `true`
console.log(sequelize.UniqueConstraintError === Sequelize.UniqueConstraintError) // logs `true`
Model.findAll({
  where: {
    [sequelize.Op.and]: [ // Using sequelize.Op or Sequelize.Op interchangeably
      {
        name: "Abc"
      },
      {
        age: {
          [Sequelize.Op.gte]: 18
        }
      }
    ]
  }
}).catch(sequelize.ConnectionError, () => {
  console.error('Something wrong with connection?');
});
/**
 * In v5 aliases has been removed from Sequelize prototype
 * You should use Sequelize directly to access Op, Errors etc
 */
Model.findAll({
  where: {
    [Sequelize.Op.and]: [ // Don't use sequelize.Op, use Sequelize.Op instead
      {
        name: "Abc"
      },
      {
        age: {
          [Sequelize.Op.gte]: 18
        }
      }
    ]
  }
}).catch(Sequelize.ConnectionError, () => {
  console.error('Something wrong with connection?');
});

Query Interface

• changeColumn no longer generates constraint with _idx suffix. Now Sequelize does not specify any name for constraints thus defaulting to database engine naming. This aligns behavior of sync, createTable and changeColumn.
• addIndex aliases options aliases have been removed, use the following instead.
  • indexName => name
  • indicesType => type
  • indexType/method => using

Others

• Sequelize now use parameterized queries for all INSERT / UPDATE operations (except UPSERT). They provide better protection against SQL Injection attack.
• ValidationErrorItem now holds reference to original error in the original property, rather than the __raw property.
• retry-as-promised has been updated to 3.1.0, which use any-promise. This module repeat all sequelize.query operations. You can configure any-promise to use bluebird for better performance on Node 4 or 6
• Sequelize will throw for all undefined keys in where options, In past versions undefined was converted to null.

Dialect Specific

MSSQL

• Sequelize now works with tedious >= 6.0.0. Old dialectOptions has to be updated to match their new format. Please refer to tedious documentation. An example of new dialectOptions is given below

dialectOptions: {
  authentication: {
    domain: 'my-domain'
  },
  options: {
    requestTimeout: 60000,
    cryptoCredentialsDetails: {
      ciphers: "RC4-MD5"
    }
  }
}

MySQL

• Requires mysql2 >= 1.5.2 for prepared statements

MariaDB

• dialect: 'mariadb' is now supported with mariadb package

Packages

• removed: terraformer-wkt-parser #9545
• removed: generic-pool
• added: sequelize-pool