[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

• f30159c 3.15.0
• 64d60fb Merge pull request #3650 from strongloop/update-strong-globalize
• 2f02fba update strong-globalize to 3.1.0
• fb8f3d9 Merge pull request #3647 from lehni/model/fix-updateonly-props-check
• 9176ee2 Merge pull request #3609 from sebastianfelipe/fix/user-verify-duplicated-token
• d0a4941 Fix handling of user verification options
• 826ee2a Handle missing getUpdateOnlyProperties fn
• 8488da2 Merge pull request #3637 from strongloop/fix/build
• 33989d7 test: fix too strict test assertion
• 1dd0ab3 Merge pull request #3636 from SiegfriedEhret/patch-1
• db8130a Fix typo
• c991392 3.14.0
• c453ad5 Merge pull request #3628 from strongloop/declarative-nest-remoting
• c0a0f09 Allow declarative nestRemoting for relations
• fcfaf7e 3.13.0
• 658d228 Merge pull request #3140 from pierreclr/feature/allow-mutiple-owners-resolving
• e17132d Fix OWNER role to handle multiple relations
• ef7175a Merge pull request #3293 from alFReD-NSH/bugfix/acl-checkpermission
• 2128ecd Merge pull request #3625 from strongloop/welcome-zbarbuto
• d2d8fab Fix acl.resolvePermission for wildcard req
• 4c4430e 3.12.0
• 883667c CODEOWNERS: add zbarbuto
• 0f40ca8 Merge pull request #3565 from zbarbuto/fix/shared-glob
• d405432 Fix relation race condition in model glob

See the full diff

Package name: loopback-boot

The new version differs by 28 commits.

• 92d6a1f 3.0.0
• 63a1150 Merge pull request #247 from strongloop/feature/upgrade-deps
• 3bb519d Upgrade deps and fix style issues
• 4803802 Merge pull request #240 from supasate/provide-script-extensions-option
• d68ffc6 Provide scriptExtensions option
• 79d9ddb Merge pull request #234 from strongloop/update-support-URL
• ba688e0 Update paid support URL
• f7c9cbc Merge pull request #181 from strongloop/feature/extensibility
• ac1571c Refactor for modular and pluggable design
• 314dff9 Merge pull request #231 from strongloop/drop-support-node-0x
• ecc2d43 Add Node v7 to Travis CI platforms
• fbea19a Drop support for Node v0.10 and v0.12
• e96b080 Merge pull request #227 from strongloop/update-new-docs-url
• a17c6c5 readme: update URL to new doc site
• 6491cc8 Merge pull request #220 from Sequoia/patch-1
• 94aef17 Merge pull request #221 from strongloop/add_translation3
• 295db6d Update ja translation file
• 63cc0ec Update header-browser.md
• 0d985ba Merge pull request #219 from strongloop/add_translation2
• 5da1420 Update translation files - round#2
• 57e5e64 Merge pull request #214 from strongloop/update-lb-3-rc-1
• 49ed10c Normalize line endings to support both LF and CRLF
• 748a728 Remove "defaultForType" from datasource config
• 58ef169 Update deps to loopback 3.0.0 RC

See the full diff

Package name: loopback-component-storage

The new version differs by 36 commits.

• 6551b74 3.2.0
• 636692a Update deps
• 8287807 3.1.0
• ea1b380 Merge pull request #193 from strongloop/replicate-issue-template
• 98ded2e Merge branch 'hgouveia-master'
• 2cea6a0 Merge branch 'master' of https://github.com/hgouveia/loopback-component-storage into hgouveia-master
• 0f521a1 Merge pull request #186 from jeffora/fix-error-handling
• fe3a677 Merge branch 'obernal-max-fields-size-override'
• 4ef64a8 Merge branch 'max-fields-size-override' of https://github.com/obernal/loopback-component-storage into obernal-max-fields-size-override
• 656fba9 Fix eslint
• aab8159 Merge pull request #182 from ole3021/fix/range-undefined-err
• b6e06db Merge pull request #122 from vergara/fix-user
• 4d4e530 Merge pull request #188 from cfjedimaster/master
• 4d392e8 Replicate new issue_template from loopback
• cbacece Merge pull request #194 from strongloop/Fix-finalNewLine
• b6d837a Fix insert of finalNewLine
• 8a847ea Replicate issue_template from loopback repo
• 1769a2a 3.0.1
• 39e20e5 Merge pull request #189 from strongloop/proper-path
• c697826 Fix path joining/expanding
• ec959d2 fix lint
• 907f83a Support nameConflict and makeUnique options
• 080f18a 3.0.0
• 99fdb64 Fix #185: Validation failures crash server

See the full diff

Package name: loopback-connector-postgresql

The new version differs by 50 commits.

• 70a7504 3.0.0
• e4daade Merge branch 'AccelerationNet-master'
• 501037a Remove console.log
• 0697d87 Monkey patch generic-pool to work through errors
• 2ab4e93 Merge pull request #235 from strongloop/feature/fix-ilike-escape
• 59b1c10 Fix the escape char
• ce88756 Merge pull request #211 from strongloop/replicate-issue-template
• 4160fcc Merge pull request #229 from strongloop/feature/upgrade-to-connector-4.x
• d5283b0 Upgrade to loopback-connector@4.x
• 537df3a Add checkFieldAndIndex for table status (#228)
• 62dc458 Merge pull request #219 from strongloop/refactor-postgresql-migration
• d6b1504 Refactor migration methods
• ff2dff0 Merge pull request #194 from alireza-ahmadi/feature/ilike
• 7f3b4d6 Fix code style inconsistencies in ilike tests
• 2706edd Improve tests for better code style consistency
• 5cbb4ab Add tests for pattern matching operators
• f44dddf Add ILIKE functionality
• edf05de Merge pull request #212 from strongloop/refactor-discovery
• c6922c8 Refactor discovery models
• 6e33b93 Merge pull request #186 from gregdingle/fix-pg-pool-settings
• fbe3edf merge in #216
• f6d8821 Fix unit tests
• f7a9954 Fix linting errors and unnesssary changes.
• 7058807 remove done() calls in test

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• a9051ef 3.13.0
• b926f28 update strong-globalize to 3.1.0 (#1505)
• e85e0f6 Fix basic-querying (#1509)
• c13f35a Merge pull request #1499 from candytangnb/master
• 3c24dd9 translation return for Q4 drop1
• 3a6ddf9 Merge pull request #1492 from NextFaze/fix/1486-null-data
• 99cea38 Allow passing null to base model ctor
• d213c83 Merge pull request #1490 from strongloop/welcome-zbarbuto
• ed21707 CODEOWNERS: add zbarbuto
• 7423283 Merge pull request #1488 from strongloop/globalize
• 6fe3ba9 update globalize string
• 6d4cb6c 3.12.0
• 12c3e3a Merge pull request #1472 from lehni/feature/better-transactions
• 0ce1fa9 Add a better way to handle transactions
• f18d348 validations: use new regex per evaluation (#1479)
• 94a602d Transaction: Bind timeout to tx instance (#1484)
• 37e7f0c CODEOWNERS: add lehni (#1483)
• c897c24 Merge pull request #1482 from strongloop/travis-8
• 542c6e8 Add node8 support for travis
• 2ab4a26 Merge pull request #1481 from strongloop/enable/coveralls
• d49806a Add nyc coverage, report data to coveralls.io
• 666f9c5 Merge pull request #1477 from strongloop/tvtPIIUpdate
• 0ba720d Update translations from TVT
• b17af8d Merge pull request #1474 from strongloop/hasAndBelongsToMany

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution