Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: loopback
The new version differs by 231 commits.- 8d0f319 3.0.0
- a835d09 Merge pull request #2780 from strongloop/update-deps-3.0RC
- 9d259ce Update deps to 3.0.0 RC
- 54bf395 Merge pull request #2754 from strongloop/use_common_globalize
- 640f3a8 Update globalization structure
- 2f0dd6d Merge pull request #2758 from strongloop/fix/disableMethodByName
- 0ab33a8 Call new disable remote method from model class.
- 92ed213 Merge pull request #2755 from strongloop/add_translations
- d567966 Add translation strings
- 489ed91 Merge pull request #2298 from strongloop/user-realm-composite-key
- d544ae1 Support uniqueness for realm users
- c3ba632 Merge pull request #2743 from strongloop/docs-for-kv-model
- 8061d12 Merge pull request #2693 from strongloop/sessEmail
- bcc2d99 Invalidate sessions after email change
- 845b73d Add docs for KeyValue model
- 6752dd3 Merge pull request #2703 from strongloop/fix_remoting
- d4b8cf6 Fix remote method inheritance
- 3eb9009 Merge pull request #2738 from strongloop/fix/user-verify-email-with-empty-rest-root
- 21ff383 Fix double-slash in confirmation URL
- eec8536 3.0.0-alpha.5
- 252b6f4 Merge pull request #2696 from strongloop/feature/coercion-overhaul
- 6e1defc Use strong-remoting's new TypeRegistry
- 92a5a08 test/user: don't attach User model twice
- 32bdecc app.enableAuth: correctly detect attached models
See the full diffPackage name: loopback-datasource-juggler
The new version differs by 250 commits.- d19e189 4.17.0
- a456700 Merge tag 'v4.16.0'
- af4f4df Merge pull request #1808 from strongloop/fix/typo
- abdd567 Fix typo introduced by 19048cd7
- 002137d Merge pull request #1799 from jeznag/fix-issue-with-new-array
- b328934 [BUGFIX] Fix issue with with array constructor
- c555ded Merge pull request #1807 from strongloop/fix/datasource-typings
- 19048cd Fix Promise/Callback variants in datasource types
- 2f86757 Merge pull request #1804 from strongloop/update-deps
- 606880b Merge pull request #1803 from strongloop/update-eslint
- a9611a0 chore: update async to v3.x
- 1d4ad27 chore: update strong-globalize to 5.x
- 1b7858a chore: update eslint to 6.x
- 770f11b Merge pull request #1790 from mitsos1os/return-promise-on-error
- 89503bb 4.16.0
- 89a964e feat: applyDefaultOnWrites in nested properties
- b30fbf8 return failed promise on error
- d54d769 Merge pull request #1792 from strongloop/chore/improve-issue-templates
- f921a4f 4.15.0
- 5578ab4 Merge pull request #1783 from frbuceta/fix/lb4-issue-3602
- a1817a4 chore: disable security issue reporting
- b9f0284 Fix generated string id's
- b07bdfc Merge pull request #1791 from strongloop/ci/skip-ibmi-downstream
- 28d457d Remove loopback-connector-ibmi from downstream
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution