[Snyk] Fix for 1 vulnerabilities

[dmitriz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 148 commits.

• ce06b1e Merge pull request Augur (REP) added to Poloniex assets askmike/gekko#473 from slackapi/dev-v4
• cbd9d21 Merge branch 'master' into dev-v4
• 8fac7d5 v4.0.0
• b4f4f8b generate documentation
• fa70a8d IncomingWebhook implementation
• d621134 remove examples dir, export declaration files
• 81d9b04 updates readme and guides for new API
• 8db2e2c updates documentation generation instructions
• fdf7b51 update finity, remove superfluous comments from jsdoc
• 45cf343 basic doc generation is working
• 8e4ae7e Merge branch 'dev-v4' into ts2jsdoc
• 4ae19d5 adds TLSOptions, new RTMClient events for parity
• cae00fa POC
• abe015b adds migration guide content for WebClient
• b8b4c63 code organization and pulling out comments to build the migration guide
• f25a6a8 implements loglevel plugin API to prefix messages with log level and logger name
• 0a325ee rename keep-alive.ts -> KeepAlive.ts
• 4e16be2 implement configurable replyAckOnReconnectTimeout in RTMClient
• 5185e5e rtm message sending based on a queue for outgoing messages and cancelable promises for replies
• 662a577 a basic echo program using rtm works! tweaked keepalive and integrated into rtmclient
• dc59265 RTMClient connects! implemented connecting state in statemachine with substate transitions. commented out KeepAlive for simplicity while refactoring, but will re-enable soon.
• f28d69d adds stronger definition for errors from WebClient and uses this information in RTMClient
• ec91168 simplify statemachine config functions by removing RTMClientStateMachine interface extension
• cbaf7a1 an early state machine implementation for the RTM client

See the full diff

Package name: bitfinex-api-node

The new version differs by 250 commits.

• 9477e59 package: bump bfx-api-node-models to ^1.2.0
• 1f08822 test/args: fix unset API_KEY in test
• a5728a1 (feature) finalize documentation
• 1525527 (manifest) bump bfx-api-node-rest for travis
• 1fcfe60 (meta) add vim session file to gitignore
• 46d3672 (fix) WSv2 trades example name/unnecessary auth
• 4ec7ad1 (refactor) expand OB amount col width in viz example
• 8f98163 (fix) null filterByMarket means 'all' in RESTv2 tickers example
• 74853ff (refactor) improve eslint config, add mocha plugin, fix errors
• 0bfa947 (fix) support stop price and trailing distance in submit-order example
• 344dff7 (feature) set/enforce coverage limits, meet them
• 5528409 (refactor) enable nyc html repoter
• da85caf (manifest) bump deps
• 2bc8acc (standard --fix)
• 8e4f141 (fix) RESTv2 test, use valid url
• f3a85a3 (fix) re-enable test for travis, found the problem [linked dep]
• 804fd3b (refactor) disable runExample() tests for travis, sadface
• 9a7be78 (refactor) more travis timeouts...
• a3f5591 (refactor) increase runExample() suite timeout to 10s for travis
• 4373c67 (refactor) tweak for travis
• 8b83052 (refactor) same as last commit
• 9ebc461 (refactor) increase test suite timeout for husky...
• 9c77ad9 (refactor) tweak test for travis, not sure why timeout is exceeded
• f44fa3a (fix) increase test timeout for travis

See the full diff

Package name: gdax

The new version differs by 43 commits.

• b708da1 v0.5.1
• 100abd2 Add a default timeout to each request (Bitstamp - typo in exchanges/bitstamp.js askmike/gekko#198)
• cc0e932 Added explicit any types to all untyped code (Share your Gekko settings! askmike/gekko#199)
• d813564 Update gitignore and CircleCI node version (Kraken integration (fixes #87) askmike/gekko#181)
• 3a74110 Remove disclaimers in README (Handful of updates for Campfire bot askmike/gekko#180)
• 7c536d9 Normalize PublicClient with AuthenticatedClient (BTC-e accepts only 5 digits for PPC askmike/gekko#178)
• 94c671c Fix heartbeat channel subscriptions (weird crash at midnight askmike/gekko#150)
• 9802f7f Simplify OrderbookSync constructor signature (Add Campfire bot plugin askmike/gekko#177)
• 17619ca Simplify auth object to key, secret, passphrase (Does anyone want historical btc-e data? askmike/gekko#151)
• 913cd31 Fix WebsocketClient typescript definition (datastore.js does a "throw err" and just says "Object"  askmike/gekko#160)
• 46e2b22 Expose AuthenticatedClient#placeOrder() function (crash on history relay after startup askmike/gekko#149)
• 0b92d6e add getPaymentMethods to api calls (MACD emits the same advice event multiple times askmike/gekko#171)
• 9a59db2 Include response in promise rejections (Added support for general mail server. SSL is still mendatory. askmike/gekko#138)
• dd716d3 Allow explicit `null`s for MarketOrders
• 32360ad Some TS definition improvements (Split config for multi bot scenarios askmike/gekko#137)
• 4d74a7f Merge pull request detect 2nd instance on same datastore askmike/gekko#132 from coinbase/tim-remove_deprecated_transfer_route
• d93f192 remove use of deprecated /transfers route
• 546f88a Updated typing for PublicClient constrctor (Properly set the scope of the setupMail function askmike/gekko#121)
• 4a339db Replaced var with const/let. (Allow any SMTP server askmike/gekko#125)
• 55f7ee1 Correct typo (Localdb askmike/gekko#124)
• 1c95a90 Configured array formatting in request extra parameters to 'repeat' (Support NMA for notification askmike/gekko#126)
• b703f64 Add channels (Fixed issue with email password in configuration not being honored askmike/gekko#120)
• 86c2987 Add heartbeat option for WebSocket connections (Noob question... askmike/gekko#76)
• bbbb072 Adding TypeDefinitions (2 commits  askmike/gekko#108)

See the full diff

Package name: koa-router

The new version differs by 85 commits.

• 81dc60a 7.3.0
• da44991 7.3.0 changelog
• da1f9e8 update history.md for 7.2.x
• 959072d update history.md for 7.2.x
• 2cbeb53 Merge pull request How long before advices start appearing? askmike/gekko#396 from wachunei/add-query-params
• 9579168 Fix README formatting
• c4348d5 README: Add Router#url() query params support description and examples
• b381b12 Add Router#url() query params support
• 07d0d37 Improve query string tests
• 700be03 Add non-object params and query params test
• 9904aa5 Add query params support tests
• bd9cbff Update .travis.yml
• ac9e87d Merge pull request option mutally disable another one ? askmike/gekko#384 from lagden/deps
• 1db1b18 Merge pull request Add trading platform GDAX askmike/gekko#393 from jeffijoe/patch-1
• db9c3e4 fix(readme): return next()
• 1581e09 Merge pull request Commit e41ff50 breaks bitfinex. askmike/gekko#376 from jbielick/allow-header-list
• 171dc8d update package debug
• afb542b update history.md for 7.2.x
• 9c3dec9 comma-separate list of Allow header methods
• 4633eff Merge pull request CCI.js dependence missing askmike/gekko#328 from viliam-jobko/fix-routerRedirectOptionalCodeDocs
• 83576a6 Merge pull request fixed symbol error askmike/gekko#348 from vkhv/patch-1
• 22a2ccb 7.2.1
• 11f6958 respond to CORS preflights with 200, 0 length body
• e91b8ca fix badge url

See the full diff

Package name: koa-static

The new version differs by 28 commits.

• 9b11d84 5.0.0
• b0eff0b bump deps
• 36831b6 travis: add node@10
• c74836c 4.0.3
• 9fbb147 npm: disable package-lock
• 026c8dd bump deps
• ef9379c update readme (C:\Users\user\Desktop\gekko-master\gekko.js:60 throw invalid; askmike/gekko#119)
• e4e907d 4.0.2
• 2efdc31 fix: `serve` mutates `opts` argument so it cannot be reused (Actor - advice feed, suggestion askmike/gekko#117)
• d8be914 docs: add option - setHeaders
• e663be6 4.0.1
• e23cfca throw error if error status not 404
• 1328f78 fix `index: false` bug if path is directory
• d2b6dbb 4.0.0
• be299ae upgrade to koa-send@4
• a94f34c add more tests
• 943a8cc lint
• de1a34e bump deps
• bb8b135 gitignore: add package-lock.json
• 6164ed6 travis: test on node 7,8
• 7deaf2d update readme
• d2b4aeb doc - add extensions option
• 8dea452 travis - add node v6, v7
• 993295d Update readme for issue Need a better algorithm for CEX trading. askmike/gekko#86

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[guardrails]

⚠️ We detected 8 security issues in this pull request:

Vulnerable Libraries (8)

Severity	Details
Medium	@slack/client@4.0.0 upgrade to: >4.4.0
High	bfx-api-node-ws1@1.0.4 (t) upgrade to: >=1.0.4
High	bitfinex-api-node@4.0.11 upgrade to: >=5.0.4
High	gdax@0.5.1 upgrade to: >=0.9.0
High	ini@1.3.4 (t) upgrade to: >=1.3.6
High	pkg:npm/glob-parent@2.0.0@2.0.0 (t) upgrade to: 5.1.2
Critical	pkg:npm/set-getter@0.1.1@0.1.1 (t) - no patch available
High	pkg:npm/decode-uri-component@0.2.2@0.2.2 (t) - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.