[Snyk] Fix for 5 vulnerabilities #12

nimatrazmjo · 2022-09-29T23:18:47Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
409/1000 Why? Has a fix available, CVSS 3.9	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-1070902	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	SQL Injection SNYK-JS-LOOPBACK-174846	No	No Known Exploit
599/1000 Why? Has a fix available, CVSS 7.7	Improper Authorization SNYK-JS-LOOPBACK-73559	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	SQL Injection SNYK-JS-LOOPBACKCONNECTORMONGODB-73555	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Authentication Bypass npm:loopback:20171027	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loopback

The new version differs by 250 commits.

9b1d488 3.26.0
58a0e6c fix: disallow queries in username and email fields
e682914 Merge pull request #4196 from strongloop/ignore-failing-downstream-builds
716347e Ignore failing downstream dependencies
cd8db0b Merge pull request #4194 from strongloop/update-karma-nyc
686c6fe Upgrade nyc to version 14
c9a2778 Update Karma dependencies to latest versions
a685553 Drop Node.js 6.x from the supported versions
4b3a3a3 Merge pull request #4120 from angfal/fix/remote_exists
e8d115b Fix Model.exists() to work with remote connector
ae3fff9 Merge pull request #4191 from strongloop/copyrights
0e0ca45 chore: update copyrights years
e82a74c Merge pull request #4189 from strongloop/eol
182ab7f Update LTS status
3a2a645 Merge pull request #4186 from strongloop/chore/add-node-12
f19a8ab Enable Node.js 12.x on Travis CI
66ec2aa Merge pull request #4183 from strongloop/copyright
f6ba1af chore: update copyright year
b05d732 Merge pull request #4159 from strongloop/lts
a175b36 chore: update LB3 EOL date
34acd02 3.25.1
a9a86fe Merge pull request #4158 from strongloop/fixFilterDef
b83f563 Back-ticks added to highlight example JSON
6caf506 Add same change to description for findOne

Package name: loopback-connector-mongodb

The new version differs by 67 commits.

bdad30a 3.6.0
0f46f71 Merge pull request #454 from strongloop/docs
a2985e0 docs: update with security consideration section
4df3c63 Merge pull request #452 from strongloop/sanitize
ee24cd0 fix: sanitize query by default
99bca4b Merge pull request #450 from gendigbadig/master
2d2999e Merge pull request #437 from HugoPoi/feature/settings-disable-default-sort
21618d8 change `count` to `countDocuments`
dbccb86 add `useNewUrlParser` on validOptionNames
94e47e3 Dedicated Model for testing disableDefaultSort
fe6ae0e Add disableDefaultSort in README
b70fd28 Add settings disableDefaultSort for find method
b79e263 3.5.0
43a0138 Merge pull request #441 from strongloop/drop-node
3773a16 chore: drop node 4 and update deps
60aaecc Merge pull request #443 from candytangnb/webfm-0629-000207-cs,pl,ru-translation
8e952a6 [WebFM] cs/pl/ru translation
205a3a3 3.4.4
db63a31 Fields projection fix (#436)
3116da3 3.4.3
ef92b90 Merge pull request #419 from strongloop/update-bson
c4bf8d2 update bson version
47de5b1 3.4.2
780497d Merge pull request #425 from strongloop/testci