[Snyk] Fix for 28 vulnerabilities #32

dmitriz · 2023-12-19T16:05:03Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature
509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: binance

The new version differs by 119 commits.

891bcce update readme for v2.0.0 release
a8608a0 v2.0.0: stable release for binance module
0269a46 fix user data sample and missing type
0ac8da8 revert extra ws events
9a68514 add handlers for ws in the browser
b63a2de Merge pull request Localdb askmike/gekko#124 from tiagosiebler/dependabot/npm_and_yarn/path-parse-1.0.7
60001ae add spot trade example, fix POST requests, add more params to float beautifier
9262b1e expand main endpoints
09cc8f1 refactor API call, add private example
f10bd6f Bump path-parse from 1.0.6 to 1.0.7
bd03c28 v2.0.0-beta.4: beautify REST responses, optionally
99db07c refactor most options to camel case
4dd6c11 expand public ws sample
243ae07 add example for public websockets
4193de7 add ws user data examples
3845137 readme update
84bc4b2 v2.0.1: readme update
595f657 v2.0.0: initial release of revamped library
dfa3e26 v2.0.0: remove old artifacts
178f2d0 v1.4.0: beautify float values from string
bf86c99 Merge pull request C:\Users\user\Desktop\gekko-master\gekko.js:60 throw invalid; askmike/gekko#119 from dylansproule/master
8fe96b9 Remove semi;
279613a get rid of inst = this, use Object.entries(obj) and arr.entries() per request
618c690 val check for string

See the full diff

Package name: bitfinex-api-node

The new version differs by 250 commits.

cbb2502 updated docs
45e8a0d Merge pull request bitfinex trading enabled error askmike/gekko#583 from ZIMkaRU/bugfix/fix-ws-transport-to-support-new-rest-api-signature
df7889b Update CHANGELOG
d38c4fc Update CHANGELOG
bf1df8f Update CHANGELOG
d951c24 Update package.json
f072f0e Bump bfx-api-node-rest version up to 5.1.1
54300fc Bump bfx-api-node-models version up to 1.7.1
e337030 Change min node version to 16.20
2164cba Update docs
050c326 Add changes to changelog
21d0961 Bump version up to 6.0.1
b6a407b Fix ws transports methods params
08a085a Merge pull request Problem in --import askmike/gekko#582 from ZIMkaRU/feature/resolve-deps-issue
cb37175 Add changes to changelog
59d7587 Move dev deps into corresponding section
5a39752 Update docs
f2d93f6 Bump version up to 6.0.0
ac5f726 Bump dep versions to fix vulnerabilities
f41b7ef Bump bfx-api-node-rest version up to 5.1.0
5344bd2 Remove bluebird Promise
eceaf2a Remove unused deps
be6596c Merge pull request period is not defined askmike/gekko#578 from vitaliystoliarovcc/fix/emit-public-funding-trades
92a7b77 5.0.4

See the full diff

Package name: koa-router

The new version differs by 192 commits.

8fe1d54 11.0.1
d2ad849 feat: allow set router host match (can't get webserver running askmike/gekko#156)
54a3198 11.0.0
fdf7117 chore: drop node 12 from tests
d0c6d8b feat: require node >= 12, modernize, bump deps
68253f6 fix(lib/test/doc): fix jsdoc and typo ([Question] Percent Profit, EMA Parameters askmike/gekko#146)
c6a8fc8 feat: add `exclusive` option (CSV store + tests askmike/gekko#129)
3454a7d doc: add comma for better understanding ([FEATURE] Percentage of balance for trading askmike/gekko#145)
13a634d Support symbols as route names ([localDB] edge case when a fetch only has trades from a new day askmike/gekko#143)
6ba3efa feat(deps): update minimal version from 8 -> 12 (MACD implementation not correct? askmike/gekko#152)
6db0e68 feat(default-params): replace || cond with default params (Cannot restart gekko askmike/gekko#153)
6aca720 Improve path checking before route registration (Fixed MACD Diff askmike/gekko#155)
4fb50ac improve doc for prefix method. (Does anyone want historical btc-e data? askmike/gekko#151)
65414f4 * update deps (weird crash at midnight askmike/gekko#150)
1aead99 doc: add header to refer to api reference. (config.normal exchange setting necessary askmike/gekko#112)
05fe8dd Include type installation instructions in README (Send alert when Gekko stops askmike/gekko#134)
5cec6fb Replace user with ctx.user in param docs (BTC-E not getting enough trades askmike/gekko#136)
90dd73c 10.1.1
904db98 Correct @ hapi/boom usage example (Not inserting & propagating new candles in strange midnight situation askmike/gekko#128)
fa48560 10.1.0
e9fa04b Fix additional entry inejcted to params (Localdb askmike/gekko#124)
344ba0b 10.0.0
89b7c02 Allow router.redirect() to accept external destinations (Suggestion - multiple instances, one database askmike/gekko#110)
56735f0 v9.4.0

See the full diff

Package name: sqlite3

The new version differs by 250 commits.

573784b v5.0.3
e5a24fd Deleted `examples/` folder
b05f459 Added note about GitHub Releases to CHANGELOG.md
33d0656 Modernised Usage example in README
9d05c55 Fixed up more README nits
08d6319 Fixed link to API docs
0e2235a Altered wording in README
76b6c56 Altered README header
e3df365 Updated README
426930f Enabled CI to run when pushing tags
a21d41f Fixed uploading binaries to commit artifacts
bc978c7 Fixed CI step wording
7f744a1 Added prebuilt binaries via GitHub Releases
b4b3c3a Deleted `scripts/` directory
71bbdea Pinned dev dependencies (market graph wrong (Buy/Sell) plot askmike/gekko#1558)
a597383 Updated badges in README
0eb4a0f Deleted Travis and Appveyor configs
b58d341 Downgraded `mocha` and `eslint`
f39b10d Added missing Node versions to CI
8db96d4 Replaced Python extraction script with JS (Question - Trading History in Strategy askmike/gekko#1570)
11c988c Fixed Windows build architecture in CI
8e63848 Updated Windows CI runner to `windows-latest`
d9e7d8b Fixed building on MacOS Monterey 12.3
859b95b Updated `node-gyp` to v8.x