[Snyk] Security upgrade trails from 2.0.0 to 3.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-I18NEXT-1065979	Yes	No Known Exploit
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	Yes	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	754/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:i18next:20161013	No	Mature
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: trails

The new version differs by 112 commits.

• a7add71 [doc] re-add stackoverflow link
• d63e6cc [pkg] remove next tag
• b5551ba [test] update idempotence tests
• 74ff0c7 Merge branch 'v3' of https://github.com/trailsjs/trails into v3
• 37dc1b3 [lib] fix pack api merge bug
• 937d6e1 Merge branch 'v3' of github.com:trailsjs/trails into v3
• 5872454 [fix] corrected pack api merge logic
• adb0462 Merge pull request #306 from scott-wyatt/v3
• fdc5571 [feat] more stict immutable boolean
• b99552e [fix] contributor
• 74b2247 [fix] lib tests
• 4651197 [doc] update comment
• f46fc2f [fix] bind models/resolvers in constructor
• 4df3d66 3.0.0-pre.4
• 5133f94 [fix] update trailpack dependency
• 7b62732 [fix] update pathfinder tests to match pack api
• 6c0ba3e [refactor] move pack merging logic to trails core
• ed1060d [ci] test against node8
• c5a4601 [doc] capitalize Node.js
• 639335a 3.0.0-pre.3
• c5e254c [fix] bind service methods
• 6486021 3.0.0-pre.2
• aec57f1 [fix] Controller getter context; config rules
• 312e556 [fix] allow changes when not immutable

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic