[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 231 commits.

• 8d0f319 3.0.0
• a835d09 Merge pull request #2780 from strongloop/update-deps-3.0RC
• 9d259ce Update deps to 3.0.0 RC
• 54bf395 Merge pull request #2754 from strongloop/use_common_globalize
• 640f3a8 Update globalization structure
• 2f0dd6d Merge pull request #2758 from strongloop/fix/disableMethodByName
• 0ab33a8 Call new disable remote method from model class.
• 92ed213 Merge pull request #2755 from strongloop/add_translations
• d567966 Add translation strings
• 489ed91 Merge pull request #2298 from strongloop/user-realm-composite-key
• d544ae1 Support uniqueness for realm users
• c3ba632 Merge pull request #2743 from strongloop/docs-for-kv-model
• 8061d12 Merge pull request #2693 from strongloop/sessEmail
• bcc2d99 Invalidate sessions after email change
• 845b73d Add docs for KeyValue model
• 6752dd3 Merge pull request #2703 from strongloop/fix_remoting
• d4b8cf6 Fix remote method inheritance
• 3eb9009 Merge pull request #2738 from strongloop/fix/user-verify-email-with-empty-rest-root
• 21ff383 Fix double-slash in confirmation URL
• eec8536 3.0.0-alpha.5
• 252b6f4 Merge pull request #2696 from strongloop/feature/coercion-overhaul
• 6e1defc Use strong-remoting's new TypeRegistry
• 92a5a08 test/user: don't attach User model twice
• 32bdecc app.enableAuth: correctly detect attached models

See the full diff

Package name: loopback-connector-postgresql

The new version differs by 250 commits.

• 3ca9536 5.0.0
• 0f00046 Merge pull request #433 from strongloop/update-readme
• bf1f573 README: add info about LTS policy
• 12034b0 Merge pull request #432 from strongloop/update-deps
• fd66303 Upgrade dev dependencies
• 126d225 [SEMVER-MAJOR] Upgrade `pg` to `8.0`
• 74dff07 Update dependencies
• 9fb8fd6 Merge pull request #431 from strongloop/update-node-versions
• bf077d6 Add Node.js 13.x to Travis CI matrix
• e76fbf6 Drop support for Node.js 8.x
• 1ce261b Merge pull request #426 from strongloop/update-dep
• 13e5fb6 chore: update strong-globalize version
• e7c121b 3.9.1
• 032a7d0 Merge pull request #425 from strongloop/fix-readme
• d6d217c fix readme layout
• cadbaae Merge pull request #423 from strongloop/dremond_npm_pack
• a487dc1 Merge pull request #424 from strongloop/fix-docs
• 41432b7 fix README display on the site
• 680b188 Exclude 'deps' and '.github' from npm publish
• 700d1bc Merge pull request #422 from strongloop/disc-migr
• 53a3953 fix
• 682facf tests: column should be discovered and mapped
• 9422df0 Merge pull request #420 from strongloop/fixbuildwhere
• ec08dea fix: `DEFAULT` for null values in where clause

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• d19e189 4.17.0
• a456700 Merge tag 'v4.16.0'
• af4f4df Merge pull request #1808 from strongloop/fix/typo
• abdd567 Fix typo introduced by 19048cd7
• 002137d Merge pull request #1799 from jeznag/fix-issue-with-new-array
• b328934 [BUGFIX] Fix issue with with array constructor
• c555ded Merge pull request #1807 from strongloop/fix/datasource-typings
• 19048cd Fix Promise/Callback variants in datasource types
• 2f86757 Merge pull request #1804 from strongloop/update-deps
• 606880b Merge pull request #1803 from strongloop/update-eslint
• a9611a0 chore: update async to v3.x
• 1d4ad27 chore: update strong-globalize to 5.x
• 1b7858a chore: update eslint to 6.x
• 770f11b Merge pull request #1790 from mitsos1os/return-promise-on-error
• 89503bb 4.16.0
• 89a964e feat: applyDefaultOnWrites in nested properties
• b30fbf8 return failed promise on error
• d54d769 Merge pull request #1792 from strongloop/chore/improve-issue-templates
• f921a4f 4.15.0
• 5578ab4 Merge pull request #1783 from frbuceta/fix/lb4-issue-3602
• a1817a4 chore: disable security issue reporting
• b9f0284 Fix generated string id's
• b07bdfc Merge pull request #1791 from strongloop/ci/skip-ibmi-downstream
• 28d457d Remove loopback-connector-ibmi from downstream

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution