[Snyk] Fix for 1 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bookshelf

The new version differs by 94 commits.

• 2a86640 Release 0.9.1.
• 7a2238e Merge pull request #998 from tgriesser/fix/979
• 976eb20 Remove knex version check.
• f043444 Merge pull request #997 from cspotcode/patch-2
• 84accb4 Remove Collection#keys() method from documentation
• 5024165 Merge pull request #992 from tkrotoff/doc-links
• e2b714b Merge pull request #996 from cspotcode/patch-1
• b92c58b Adds documentation for argument to Model#related()
• e1c0e94 Fix MDN links
• 2f52bb2 Fix Model and Collection links
• 1bed140 Merge pull request #983 from cspotcode/feature/issue970
• 08e7718 Merge pull request #987 from tkrotoff/uglifyjs
• 1ad0bcb UglifyJS should be a dependency
• f5e8f39 Merge pull request #986 from tkrotoff/doc-destroy
• ae985f9 Document Model.NoRowsDeletedError within Model.destroy()
• 95d180d Fixes #970: Events#off() can now deregister multiple, space-separate events at once
• cb93a60 Merge pull request #982 from tgriesser/fix/981
• e0e18bc Use a local install of `babel-cli` instead of global.
• 4ee1031 Remove build, lib and docs after 0.9.0 release.
• a160241 Release 0.9.0.
• 517cea4 Move `core-js` into dependencies.
• 5a8311f Remove build, lib and docs after 0.9.0-test.1 release.
• 509c259 Release 0.9.0-test.1.
• cfaa0a0 Preparation for 0.9.0

See the full diff

Package name: pg

The new version differs by 250 commits.

• 7ffe68e Publish
• 125a268 Update changelog
• da2bb85 Bump node-fetch from 2.6.0 to 2.6.1
• 7649890 Update SPONSORS.md
• c5445f0 Fix metadata for pg-connection-string
• a02dfac Replace semver with optional peer dependencies
• 5825843 Public export of DatabaseError
• e421167 Add ssl=true into the test
• 9cbea21 Solve issues caused by config.ssl = true
• 6be3b90 Add support for ?sslmode connection string param
• f0fc470 Update README.md (#2330)
• 95b5daa Publish
• 1f0d3d5 Add test for pgpass check function scope
• 0758b76 Fix context (this) in _checkPgPass.
• acfbafa Publish
• 07ee1ba Bump version
• 65156e7 Small readme updates & auto-formatting
• 61e4b7f Merge pull request #2309 from chris--young/ssl-err
• f4d123b Prevents bad ssl credentials from causing a crash
• 316bec3 Merge pull request #2294 from charmander/test-fixes
• 3edcbb7 Fix most SSL negotiation packet tests being ignored
• 1b022f8 Remove accidentally duplicated methods
• b8773ce Merge pull request #2289 from brianc/dependabot/npm_and_yarn/lodash-4.17.19
• 692e418 Fix documenation typo in README (#2291)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)