[Snyk] Fix for 1 vulnerabilities

[sorokh]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

• 7d93b27 3.20.0
• 5a87f8d Merge pull request #3911 from strongloop/update-strong-globalize
• f17346b Update strong-globalize to 4.x
• 995c14e Merge pull request #3585 from mitsos1os/nodemailer-update
• 83fc62c Update nodemailer to v4.x
• 58090b4 Merge pull request #3908 from strongloop/drop-node-4x
• ec46c45 Drop support for Node.js 4.x
• 85aa3fd 3.19.3
• 8c4c91a Merge pull request #3904 from itaditya/patch-1
• cf5b78f Provide link to CODEOWNERS
• c6d8565 Merge pull request #3896 from wolrajhti/patch-2
• cc4fc21 fix bug in User.verify when confirm is disabled
• eb3301a Merge pull request #3899 from strongloop/add-node-10
• 36ef35d Enable Node.js 10.x on Travis CI
• 59b1409 3.19.2
• c2077df Merge pull request #3779 from nitro404/hotfix/case-insensitive-user-email
• b2bc449 Add check for undefined user email in setter
• 3e3092c 3.19.1
• 07e7592 Merge pull request #3883 from strongloop/fix/principal-type-polymorphic-user
• 2aead13 Fix isOwner() bug in multiple-principal setup
• df70f83 3.19.0
• 7a148ca Merge pull request #3858 from strongloop/feature/remove-model
• 0cd380c feat: remove all references to a Model
• 77a3523 3.18.3

See the full diff

Package name: loopback-component-passport

The new version differs by 108 commits.

• 02f72b4 3.9.0
• d2d5bce Merge pull request #260 from strongloop/drop-node
• 8481eb8 chore: update deps and drop node 4
• 59cc03a 3.8.1
• d70d4b9 Merge pull request #255 from strongloop/update-codeowner
• f32cbd9 chore: update CODEOWNERS
• 9f08eec Merge pull request #250 from GhizlaneA/Add-azure-attribute-for-profile-id
• d372492 use simple quotes instead of the double quotes
• 852eac4 handle azure-saml profile id
• 061ac9a 3.8.0
• a18c256 Merge pull request #249 from DerekTBrown/saml_expand
• 0d30c10 Update passport-configurator.js
• e42b171 Update passport-configurator.js
• badb0dc fix grammar of mocha
• 146f51c Added SAML test
• 9f0422f modified saml cert behavior
• 7744fdd 3.7.0
• 6d1450b Merge branch 'jackrvaughan-custom-field-mapping'
• 3463ed1 Merge branch 'custom-field-mapping' of https://github.com/jackrvaughan/loopback-component-passport into jackrvaughan-custom-field-mapping
• ccb9f74 Merge pull request #242 from percenuage/fix/saml
• 1ae90d6 merge from master
• 0fbd4f8 profile to account
• d1bfa33 3.6.0
• 2b28cbb Merge branch 'sancaruso-master'

See the full diff

Package name: loopback-component-storage

The new version differs by 66 commits.

• 7d58ef4 3.4.0
• 7fec4b8 Merge pull request #244 from cory-newleaf/patch-1
• db669b1 added missing tests
• 970ecc7 Updated "getFile" to send a 404 for ENOENT errors
• 537e115 Merge pull request #248 from strongloop/drop-node
• 1854769 chore: update node support and versions
• eb11b4d Merge pull request #229 from Overdrivr/implement-debug-strings
• c105f8a Add some debug strings to handler and service
• bcd6965 Merge pull request #230 from strongloop/license
• ac4a14a chore: update license
• 1e71f7d Merge pull request #228 from timowolf/master
• e1109e3 add AWS S3 options for server side encryption
• 91f6268 Merge pull request #222 from strongloop/document-google-cloud-support
• c2d5a54 Update README.md
• 3508b03 3.3.1
• e48a4b1 Merge pull request #220 from strongloop/fix-upload-args
• 47d5557 Declare container parameter for swagger spec
• 03a5767 3.3.0
• 0ba1595 Merge pull request #219 from strongloop/fix/path-parameters
• 7cf4d88 Mark HTTP path parameters as required
• 0180ac7 Add stalebot configuration
• ea5e980 Create Issue and PR Templates (#218)
• 007b9d5 Merge pull request #216 from strongloop/piiReturnQ32017
• 4d37716 Update translated strings Q3 2017

See the full diff

Package name: loopback-connector-postgresql

The new version differs by 147 commits.

• 0949049 3.4.0
• 494452e Merge pull request #338 from strongloop/update-dep
• 6e3bc95 Drop Node 4 in CI
• b0c5e7e Merge pull request #335 from candytangnb/webfm-0629-000418-cs,pl,ru-translation
• 4ecc142 [WebFM] cs/pl/ru translation
• 424b673 3.3.2
• d88257b Merge pull request #330 from sahilarora946/stop-execution-of-query-after-rollback
• 8a06ce8 rebase the code to latest master
• 5d0caeb Merge pull request #333 from Lambdac0re/patch-1
• f1794b0 typo
• 687ac86 3.3.1
• 6bc809a Merge pull request #331 from strongloop/update-codeowner
• 6d97d87 update CODEOWNERS
• 4904f2a Merge pull request #318 from timgit/master
• 5f2bae7 linting updates
• 4c3e277 add support for UPDATE RETURNING
• 090dff3 3.3.0
• 09030f2 Revert "4.0.0"
• dbcd535 4.0.0
• 6caab41 Merge pull request #305 from ataft/patch-1
• d1a2fd2 Include the SSL Property
• 8d28c0c 3.2.0
• c1aefa5 Merge pull request #306 from strongloop/license
• 4d55010 chore:update license

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• 5d76210 3.22.0
• 751fd7b Merge pull request #1594 from strongloop/upgrade-deps
• 7a8213a Update strong-globalize to 4.x
• 5d8c36e Update remaining dev-dependencies to latest
• d2ee73b Update eslint + config to latest
• e2d75e7 Disable package-lock feature of npm
• 26c795f Travis: add Node.js 10.x to the build matrix
• c479be7 Drop support for Node 4.x
• 77f11cd 3.21.1
• ef3191d Merge pull request #1588 from strongloop/tidy-up-tests
• 2b4b442 Fix tests to ensure compatibility w/ should@10
• dafb8a1 3.21.0
• 41c9a6d Merge pull request #1585 from strongloop/fix-lazy-connect
• 5a66f9a Fix datasource state management
• dd30054 3.20.2
• d31c43b Remove node ref
• eddb176 3.20.1
• 2bb77e6 Update deps
• 965655b 3.20.0
• e49eb47 Merge pull request #1583 from strongloop/fix-ts-defs
• 63f8b3b Fix typescript definitions to be compatible with LB4
• 90163ba Allow toObject() to accept an 'options' argument
• 4aa51e9 3.19.0
• c955802 Merge pull request #1578 from strongloop/ts-definitions

See the full diff

Package name: strong-error-handler

The new version differs by 6 commits.

• b5e9abd 3.0.0
• 0a39f84 Merge pull request #73 from strongloop/array-safefields
• 7828534 Allow safeFields to work with arrays
• a431cf5 Merge pull request #74 from strongloop/drop-node-4
• b7b3961 run lint
• 56d26b3 drop node 4 from travis and update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)