[Snyk] Fix for 1 vulnerabilities

[arealmaas]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

• 7d93b27 3.20.0
• 5a87f8d Merge pull request #3911 from strongloop/update-strong-globalize
• f17346b Update strong-globalize to 4.x
• 995c14e Merge pull request #3585 from mitsos1os/nodemailer-update
• 83fc62c Update nodemailer to v4.x
• 58090b4 Merge pull request #3908 from strongloop/drop-node-4x
• ec46c45 Drop support for Node.js 4.x
• 85aa3fd 3.19.3
• 8c4c91a Merge pull request #3904 from itaditya/patch-1
• cf5b78f Provide link to CODEOWNERS
• c6d8565 Merge pull request #3896 from wolrajhti/patch-2
• cc4fc21 fix bug in User.verify when confirm is disabled
• eb3301a Merge pull request #3899 from strongloop/add-node-10
• 36ef35d Enable Node.js 10.x on Travis CI
• 59b1409 3.19.2
• c2077df Merge pull request #3779 from nitro404/hotfix/case-insensitive-user-email
• b2bc449 Add check for undefined user email in setter
• 3e3092c 3.19.1
• 07e7592 Merge pull request #3883 from strongloop/fix/principal-type-polymorphic-user
• 2aead13 Fix isOwner() bug in multiple-principal setup
• df70f83 3.19.0
• 7a148ca Merge pull request #3858 from strongloop/feature/remove-model
• 0cd380c feat: remove all references to a Model
• 77a3523 3.18.3

See the full diff

Package name: loopback-datasource-juggler

The new version differs by 250 commits.

• 5d76210 3.22.0
• 751fd7b Merge pull request #1594 from strongloop/upgrade-deps
• 7a8213a Update strong-globalize to 4.x
• 5d8c36e Update remaining dev-dependencies to latest
• d2ee73b Update eslint + config to latest
• e2d75e7 Disable package-lock feature of npm
• 26c795f Travis: add Node.js 10.x to the build matrix
• c479be7 Drop support for Node 4.x
• 77f11cd 3.21.1
• ef3191d Merge pull request #1588 from strongloop/tidy-up-tests
• 2b4b442 Fix tests to ensure compatibility w/ should@10
• dafb8a1 3.21.0
• 41c9a6d Merge pull request #1585 from strongloop/fix-lazy-connect
• 5a66f9a Fix datasource state management
• dd30054 3.20.2
• d31c43b Remove node ref
• eddb176 3.20.1
• 2bb77e6 Update deps
• 965655b 3.20.0
• e49eb47 Merge pull request #1583 from strongloop/fix-ts-defs
• 63f8b3b Fix typescript definitions to be compatible with LB4
• 90163ba Allow toObject() to accept an 'options' argument
• 4aa51e9 3.19.0
• c955802 Merge pull request #1578 from strongloop/ts-definitions

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)