[Snyk] Fix for 20 vulnerabilities

[rfxn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 250 commits.

• 35b40af Publish
• f18a3ba Merge pull request Neural Strategy DeviaVir/zenbot#840 from clavin/increase-test-timeout-scalars
• a7f44c7 Incrase test timeout multipliers
• 8d56368 Merge pull request How can I put buy/sell even in sim DeviaVir/zenbot#839 from aoberoi/feat-remote-files
• 162b489 synchronize arguments and requiredness with public API docs
• 76a7aee jk the method is cursor pagination enabled
• cc2ef48 apply traditional paging interface instead of repeating arguments
• 0295088 simplify type definitions to make them generatable in the future
• 135b0b9 adds support for the Remote Files API
• bf4f18d Merge pull request Extended backtesting info DeviaVir/zenbot#832 from seratch/response_metadata.messages
• 885b680 Merge pull request Track slippage over each completed trade DeviaVir/zenbot#795 from slackapi/add_code_of_conduct_file
• 673aaf3 Merge pull request Fix Kraken products minimun order size (volume), catching Kraken erorrs DeviaVir/zenbot#835 from clavin/api-call-extra-debug
• f4f0a30 Merge branch 'master' into add_code_of_conduct_file
• 86e2e89 Resolving linter line-length error
• 267647c Merge branch 'master' into api-call-extra-debug
• 7d36254 Merge branch 'master' into response_metadata.messages
• dd26e23 Merge pull request Rest API Support for zenbot DeviaVir/zenbot#797 from deremer/patch-1
• 96b1b39 Merge pull request Fix Kraken products minimun order size DeviaVir/zenbot#836 from clavin/fix-integration-test-types
• 54b9661 Level up: verbositiy, clarity, readability
• 2a7c135 Fix ye olde integration type tests
• d903789 Merge pull request CEX.IO nonce increment error DeviaVir/zenbot#799 from clavin/convert-typescript
• b806e32 Merge branch 'master' into convert-typescript
• 3eabc38 Fix documentation & typos, better respond resolved type
• a6b22bc Remove unneeded condition

See the full diff

Package name: gdax

The new version differs by 31 commits.

• f380764 0.9.0
• 58fff5f Update husky & lint-staged
• 05468eb More s/GDAX/Coinbase Pro
• 8bdd1cc GDAX deprecation: switch mock HTTP header cookie domain to Coinbase Pro's.
• 04adf49 GDAX depreciation: update API key URL.
• 35bf523 GDAX deprecation: switch sandbox Websocket feed to sandbox Coinbase Pro URL.
• 896f190 GDAX deprecation: switch sandbox REST API to sandbox Coinbase Pro URL.
• 8b14262 GDAX deprecation: switch Websocket feed to Coinbase Pro URL.
• 39f1a92 GDAX deprecation: switch REST API to Coinbase Pro URL.
• 6db4a94 GDAX deprecation: switch docs URLs to docs.pro.coinbase.com.
• adfc380 Add stablecoin conversion (QuadrigaCX Exchange Typo Fixes DeviaVir/zenbot#347)
• 95bf7ec Add optional order_id param to getFills as supported by the API (Enhance backtester: support all strageties and collect vs buy hold value DeviaVir/zenbot#344)
• 8633292 Update README.md (Add support for QuadrigaCX API DeviaVir/zenbot#342)
• 0e32d35 Add ETC to CurrencyType (add xmpp messaging DeviaVir/zenbot#332)
• e9624bb Add payment method withdrawal functionality (Zero amount handling in engine.js DeviaVir/zenbot#325)
• 715dda4 Add clarification info to README for cancelOrders and cancelAllOrders
• daaeae3 Fix build and test dependencies (merge DeviaVir/zenbot#324)
• 1a79817 Fix build matrix (weird result of sar sim DeviaVir/zenbot#323)
• b4d9902 Add depositPayment method to support /deposits/payment-method (MACD: resolve bug where it does not trade DeviaVir/zenbot#314)
• 5d8cc18 Fix Typescript types for getProductTradeStream (Market order (taker) delay DeviaVir/zenbot#319)
• a836283 TypeScript: Add options for clients (Gemini exchange DeviaVir/zenbot#322)
• bf347b1 0.8.0
• a773dac Point Changelog at GitHub Releases (Poloniex Backfill Freezes DeviaVir/zenbot#318)
• 906b82d CircleCI Build Matrix (RSI strategy DeviaVir/zenbot#316)

See the full diff

Package name: har-validator

The new version differs by 19 commits.

• b77cdcb build(semantic-release): should release when docs are updated
• 3a4d4f3 docs(readme): correct badge
• 01c5f2a style(lint): correct lint errors
• ab43db4 build(semantic-release): correct .releaserc file name
• bab9612 build(deps): update dependencies
• 6742cb5 test(docker-compose): docker-compose for unified testing
• fd48174 ci(actions): replace old ci setup with new github actions workflows
• 5c53c92 build(deps): [security] bump handlebars from 4.0.11 to 4.7.1 (Version 4.0 Error: Use of const in strict mode DeviaVir/zenbot#160)
• ea53334 chore(deps): lock file maintenance ([Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0 #114)
• a38c067 5.1.3
• 45c48fa chore(deps): lock file maintenance ([Snyk] Security upgrade pillow from 9.5.0 to 10.0.0 #106)
• 957913b chore(release): 5.1.2 [skip ci]
• 1764b7c fix(docs): update badge links
• 75dfab0 chore(release): 5.1.1 [skip ci]
• fd01aff fix(scaffold): update project scaffold template
• 759bffe Update AJV to version 6 ([Snyk] Fix for 26 vulnerabilities #109)
• e0fee11 chore(deps): update dependency tap to v12 ([Snyk] Security upgrade json2csv from 3.7.3 to 4.3.5 #108)
• d09cc80 Prefer const over let ([Snyk] Fix for 1 vulnerabilities #111)
• a19a82d build(renovate): replace dependencies.io with Renovate app

See the full diff

Package name: poloniex.js

The new version differs by 4 commits.

• aa41c1f Increase version number, 0.0.9
• 38629b8 Update request package
• 42c4a7e Merge pull request [Snyk] Fix for 1 vulnerabilities #31 from askmike/master
• 69f5e25 Only ETIMEDOUT after 60 sec

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn