[Snyk] Fix for 1 vulnerabilities

[ajduncan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

• a3287a5 3.5.0
• 89c9f5b Run the latest Node.js 7 version on Travis again
• 5da8075 Merge pull request #3261 from strongloop/add/ann-list
• 3a93167 Merge pull request #3262 from strongloop/fix/ci-on-node-7.7.2
• 6467658 Lock down Travis CI Node 7 version to 7.7.1
• 0448184 Merge pull request #2959 from kobaska/add-multi-tenancy
• 55adb6c README: add a link to our announcements list
• 3f4b5ec Allow custom properties of Change Model
• 011dc1f Merge pull request #3253 from phairow/patch-1
• 0969493 Fix User.verify to convert uid to string
• 48bf16b Merge pull request #3245 from strongloop/fix/token-middleware-custom-model
• b5a8564 Merge pull request #3249 from islamixo/feature-verificationToken
• a22b1e1 Pass options.verificationToken to templateFn
• cf98d37 fix custom token model in token middleware
• 01ce9b5 Merge pull request #3247 from strongloop/update-deps
• 5ebc9b6 Merge pull request #3230 from strongloop/fix/context-passing-for-isOwner
• 8510982 Update runtime dependencies
• ed4f56c Merge pull request #3231 from strongloop/warn-on-misconfigured-accessToken-user
• 79f441b Verify User and AccessToken relations at startup
• f0c9700 Deep-clone model settings in lib/builtin-models
• c45954c Use local registry in test/replication.rest.test
• abf8246 Fix test/access-token.test to use local registry
• 4570626 Fix context passing in OWNER role resolver
• 2570dda 3.4.0

See the full diff

Package name: loopback-component-explorer

The new version differs by 87 commits.

• 1f28c60 6.2.0
• 048319b Merge pull request #248 from strongloop/update-dep
• 174f24a chore: update dependencies
• 2bfc1c2 6.1.0
• 872cb8a Merge pull request #247 from candytangnb/webfm-0629-000348-cs,pl,ru-translation
• 8ec2502 [WebFM] cs/pl/ru translation
• 8f952a5 Merge pull request #244 from strongloop/update-dep
• 911f368 remove package-lock.json
• c595ec3 update dependencies
• 457d957 6.0.1
• 1aaed16 Merge pull request #240 from strongloop/update-lts-info
• 3ebc4c3 Update LTS information in README
• a37cf1d Merge pull request #239 from strongloop/add-nodejs-10
• 6cc1086 Enable Node.js 10 on Travis CI
• b17c942 6.0.0
• 3b5134e Merge pull request #232 from islamixo/explorerDeprecated
• fc43ff6 [SEMVER-MAJOR] Remove deprecated CORS support
• 6419f48 Merge pull request #237 from strongloop/enable-travis
• b4e73bb Add Travis CI configuration
• f497f0b 5.4.0
• 7f90b03 Merge pull request #236 from strongloop/feature/remove-model
• 62a46a0 feat: rebuild swagger after a model was deleted
• efd2a16 Merge pull request #234 from strongloop/fix-link2
• b65e2a4 update link for docs.strongloop.com

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• a9051ef 3.13.0
• b926f28 update strong-globalize to 3.1.0 (#1505)
• e85e0f6 Fix basic-querying (#1509)
• c13f35a Merge pull request #1499 from candytangnb/master
• 3c24dd9 translation return for Q4 drop1
• 3a6ddf9 Merge pull request #1492 from NextFaze/fix/1486-null-data
• 99cea38 Allow passing null to base model ctor
• d213c83 Merge pull request #1490 from strongloop/welcome-zbarbuto
• ed21707 CODEOWNERS: add zbarbuto
• 7423283 Merge pull request #1488 from strongloop/globalize
• 6fe3ba9 update globalize string
• 6d4cb6c 3.12.0
• 12c3e3a Merge pull request #1472 from lehni/feature/better-transactions
• 0ce1fa9 Add a better way to handle transactions
• f18d348 validations: use new regex per evaluation (#1479)
• 94a602d Transaction: Bind timeout to tx instance (#1484)
• 37e7f0c CODEOWNERS: add lehni (#1483)
• c897c24 Merge pull request #1482 from strongloop/travis-8
• 542c6e8 Add node8 support for travis
• 2ab4a26 Merge pull request #1481 from strongloop/enable/coveralls
• d49806a Add nyc coverage, report data to coveralls.io
• 666f9c5 Merge pull request #1477 from strongloop/tvtPIIUpdate
• 0ba720d Update translations from TVT
• b17af8d Merge pull request #1474 from strongloop/hasAndBelongsToMany

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)