[Snyk] Fix for 1 vulnerabilities

[arealmaas]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request #496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: engine.io

The new version differs by 46 commits.

• b3f3590 [chore] Release 3.1.5
• 0d4e79e [chore] Bump dependencies (#549)
• ea318b8 [chore] Bump accepts to version 1.3.4 (#548)
• d7aaf2b [docs] Update test command in README (#547)
• c107ffe [chore] Bump uws to version 9.14.0 (#545)
• 8d0ce5f [refactor] Add some checks to prevent usage of undefined properties (#540)
• 1a685c0 [chore] Release 3.1.4
• b3f1d35 [chore] Bump ws to version 3.3.1 (#543)
• 3ee803a [chore] Release 3.1.3
• 49362ab [fix] Fix undefined remoteAddress when using uws (#533)
• 3c77780 [chore] Bump debug to version 2.6.9 (#532)
• bf24359 [chore] Release 3.1.2
• a8ff89c [chore] Release 3.1.1
• e0d720c [fix] Check whether 'Origin' header has invalid characters (#531)
• 38d639a [fix] Use explicit require of wsEngine (#523)
• f9d3f06 [docs] Fix wsEngine default value in README (#526)
• fd20b91 [test] Use npm scripts instead of gulp (#530)
• 7f63d38 [fix] Fix undeterministic error in polling buffer processing (#529)
• 3dcc2d5 [fix] Use workaround for setEncoding bug in node 0.10+ (#527)
• e76e035 [fix] Fix null payload when aborting connection (#503)
• 935b155 [chore] Release 3.1.0
• 82ed65f [test] Add test for maxHttpBufferSize option with websocket (#499)
• 519fb8d [chore] Bump uws to version 0.14.4 (#501)
• 7edb34e [chore] Bump dependencies (#500)

See the full diff

Package name: loopback

The new version differs by 250 commits.

• a3287a5 3.5.0
• 89c9f5b Run the latest Node.js 7 version on Travis again
• 5da8075 Merge pull request #3261 from strongloop/add/ann-list
• 3a93167 Merge pull request #3262 from strongloop/fix/ci-on-node-7.7.2
• 6467658 Lock down Travis CI Node 7 version to 7.7.1
• 0448184 Merge pull request #2959 from kobaska/add-multi-tenancy
• 55adb6c README: add a link to our announcements list
• 3f4b5ec Allow custom properties of Change Model
• 011dc1f Merge pull request #3253 from phairow/patch-1
• 0969493 Fix User.verify to convert uid to string
• 48bf16b Merge pull request #3245 from strongloop/fix/token-middleware-custom-model
• b5a8564 Merge pull request #3249 from islamixo/feature-verificationToken
• a22b1e1 Pass options.verificationToken to templateFn
• cf98d37 fix custom token model in token middleware
• 01ce9b5 Merge pull request #3247 from strongloop/update-deps
• 5ebc9b6 Merge pull request #3230 from strongloop/fix/context-passing-for-isOwner
• 8510982 Update runtime dependencies
• ed4f56c Merge pull request #3231 from strongloop/warn-on-misconfigured-accessToken-user
• 79f441b Verify User and AccessToken relations at startup
• f0c9700 Deep-clone model settings in lib/builtin-models
• c45954c Use local registry in test/replication.rest.test
• abf8246 Fix test/access-token.test to use local registry
• 4570626 Fix context passing in OWNER role resolver
• 2570dda 3.4.0

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• a9051ef 3.13.0
• b926f28 update strong-globalize to 3.1.0 (#1505)
• e85e0f6 Fix basic-querying (#1509)
• c13f35a Merge pull request #1499 from candytangnb/master
• 3c24dd9 translation return for Q4 drop1
• 3a6ddf9 Merge pull request #1492 from NextFaze/fix/1486-null-data
• 99cea38 Allow passing null to base model ctor
• d213c83 Merge pull request #1490 from strongloop/welcome-zbarbuto
• ed21707 CODEOWNERS: add zbarbuto
• 7423283 Merge pull request #1488 from strongloop/globalize
• 6fe3ba9 update globalize string
• 6d4cb6c 3.12.0
• 12c3e3a Merge pull request #1472 from lehni/feature/better-transactions
• 0ce1fa9 Add a better way to handle transactions
• f18d348 validations: use new regex per evaluation (#1479)
• 94a602d Transaction: Bind timeout to tx instance (#1484)
• 37e7f0c CODEOWNERS: add lehni (#1483)
• c897c24 Merge pull request #1482 from strongloop/travis-8
• 542c6e8 Add node8 support for travis
• 2ab4a26 Merge pull request #1481 from strongloop/enable/coveralls
• d49806a Add nyc coverage, report data to coveralls.io
• 666f9c5 Merge pull request #1477 from strongloop/tvtPIIUpdate
• 0ba720d Update translations from TVT
• b17af8d Merge pull request #1474 from strongloop/hasAndBelongsToMany

See the full diff

Package name: primus

The new version differs by 250 commits.

• 7b56733 [dist] 7.2.3
• 4fb5d75 chore(package): update ws to version 6.1.0 (#694)
• e1192aa [minor] Rebuild the SockJS client -- version 1.3.0
• 4ad3413 chore(package): update sockjs-client to version 1.3.0 (#693)
• 667a32c Merge pull request #692 from davedoesdev/master
• 7d0b212 End upgrade connection rather than destroy #691
• 909558e [minor] Rebuild the SockJS client -- version 1.2.0
• 3e642c5 chore(package): update sockjs-client to version 1.2.0 (#690)
• 8eb8a19 fix a typo (#688)
• 26ac3f1 chore(package): update request to version 2.88.0 (#687)
• d094474 fix(package): update nanoid to version 1.2.0 (#686)
• 5617b55 [deps] Pin uws to version 10.148.1
• 2312708 chore(package): update ws to version 6.0.0 (#680)
• 83e32c7 [travis] Remove unsupported node versions
• 262995c [pkg] Remove typings from package.json
• ffef520 fix(package): update nanoid to version 1.1.0 (#677)
• a1832da [test] Fix failing test
• 45d6018 [deps] Update mocha to version 5.2.0
• dad9fb0 [test] Test uws only on Node.js 8 or newer
• 7dc0d6d fix(package): update setheader to version 1.0.0 (#667)
• 450c110 [dist] 7.2.2
• 041f3ab [minor] Rebuild the SockJS client -- version 1.1.5
• d319a17 [travis] Add node 10.x to the test matrix
• acd51f5 [dist] 7.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)