[Snyk] Fix for 1 vulnerabilities

[arealmaas]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

• f30159c 3.15.0
• 64d60fb Merge pull request #3650 from strongloop/update-strong-globalize
• 2f02fba update strong-globalize to 3.1.0
• fb8f3d9 Merge pull request #3647 from lehni/model/fix-updateonly-props-check
• 9176ee2 Merge pull request #3609 from sebastianfelipe/fix/user-verify-duplicated-token
• d0a4941 Fix handling of user verification options
• 826ee2a Handle missing getUpdateOnlyProperties fn
• 8488da2 Merge pull request #3637 from strongloop/fix/build
• 33989d7 test: fix too strict test assertion
• 1dd0ab3 Merge pull request #3636 from SiegfriedEhret/patch-1
• db8130a Fix typo
• c991392 3.14.0
• c453ad5 Merge pull request #3628 from strongloop/declarative-nest-remoting
• c0a0f09 Allow declarative nestRemoting for relations
• fcfaf7e 3.13.0
• 658d228 Merge pull request #3140 from pierreclr/feature/allow-mutiple-owners-resolving
• e17132d Fix OWNER role to handle multiple relations
• ef7175a Merge pull request #3293 from alFReD-NSH/bugfix/acl-checkpermission
• 2128ecd Merge pull request #3625 from strongloop/welcome-zbarbuto
• d2d8fab Fix acl.resolvePermission for wildcard req
• 4c4430e 3.12.0
• 883667c CODEOWNERS: add zbarbuto
• 0f40ca8 Merge pull request #3565 from zbarbuto/fix/shared-glob
• d405432 Fix relation race condition in model glob

See the full diff

Package name: loopback-boot

The new version differs by 28 commits.

• 92d6a1f 3.0.0
• 63a1150 Merge pull request #247 from strongloop/feature/upgrade-deps
• 3bb519d Upgrade deps and fix style issues
• 4803802 Merge pull request #240 from supasate/provide-script-extensions-option
• d68ffc6 Provide scriptExtensions option
• 79d9ddb Merge pull request #234 from strongloop/update-support-URL
• ba688e0 Update paid support URL
• f7c9cbc Merge pull request #181 from strongloop/feature/extensibility
• ac1571c Refactor for modular and pluggable design
• 314dff9 Merge pull request #231 from strongloop/drop-support-node-0x
• ecc2d43 Add Node v7 to Travis CI platforms
• fbea19a Drop support for Node v0.10 and v0.12
• e96b080 Merge pull request #227 from strongloop/update-new-docs-url
• a17c6c5 readme: update URL to new doc site
• 6491cc8 Merge pull request #220 from Sequoia/patch-1
• 94aef17 Merge pull request #221 from strongloop/add_translation3
• 295db6d Update ja translation file
• 63cc0ec Update header-browser.md
• 0d985ba Merge pull request #219 from strongloop/add_translation2
• 5da1420 Update translation files - round#2
• 57e5e64 Merge pull request #214 from strongloop/update-lb-3-rc-1
• 49ed10c Normalize line endings to support both LF and CRLF
• 748a728 Remove "defaultForType" from datasource config
• 58ef169 Update deps to loopback 3.0.0 RC

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• a9051ef 3.13.0
• b926f28 update strong-globalize to 3.1.0 (#1505)
• e85e0f6 Fix basic-querying (#1509)
• c13f35a Merge pull request #1499 from candytangnb/master
• 3c24dd9 translation return for Q4 drop1
• 3a6ddf9 Merge pull request #1492 from NextFaze/fix/1486-null-data
• 99cea38 Allow passing null to base model ctor
• d213c83 Merge pull request #1490 from strongloop/welcome-zbarbuto
• ed21707 CODEOWNERS: add zbarbuto
• 7423283 Merge pull request #1488 from strongloop/globalize
• 6fe3ba9 update globalize string
• 6d4cb6c 3.12.0
• 12c3e3a Merge pull request #1472 from lehni/feature/better-transactions
• 0ce1fa9 Add a better way to handle transactions
• f18d348 validations: use new regex per evaluation (#1479)
• 94a602d Transaction: Bind timeout to tx instance (#1484)
• 37e7f0c CODEOWNERS: add lehni (#1483)
• c897c24 Merge pull request #1482 from strongloop/travis-8
• 542c6e8 Add node8 support for travis
• 2ab4a26 Merge pull request #1481 from strongloop/enable/coveralls
• d49806a Add nyc coverage, report data to coveralls.io
• 666f9c5 Merge pull request #1477 from strongloop/tvtPIIUpdate
• 0ba720d Update translations from TVT
• b17af8d Merge pull request #1474 from strongloop/hasAndBelongsToMany

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution