[Snyk] Fix for 19 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 92 commits.

• ce06b1e Merge pull request Update ANS ticker to NEO DeviaVir/zenbot#473 from slackapi/dev-v4
• cbd9d21 Merge branch 'master' into dev-v4
• 8fac7d5 v4.0.0
• b4f4f8b generate documentation
• fa70a8d IncomingWebhook implementation
• d621134 remove examples dir, export declaration files
• 81d9b04 updates readme and guides for new API
• 8db2e2c updates documentation generation instructions
• fdf7b51 update finity, remove superfluous comments from jsdoc
• 45cf343 basic doc generation is working
• 8e4ae7e Merge branch 'dev-v4' into ts2jsdoc
• 4ae19d5 adds TLSOptions, new RTMClient events for parity
• cae00fa POC
• abe015b adds migration guide content for WebClient
• b8b4c63 code organization and pulling out comments to build the migration guide
• f25a6a8 implements loglevel plugin API to prefix messages with log level and logger name
• 0a325ee rename keep-alive.ts -> KeepAlive.ts
• 4e16be2 implement configurable replyAckOnReconnectTimeout in RTMClient
• 5185e5e rtm message sending based on a queue for outgoing messages and cancelable promises for replies
• 662a577 a basic echo program using rtm works! tweaked keepalive and integrated into rtmclient
• dc59265 RTMClient connects! implemented connecting state in statemachine with substate transitions. commented out KeepAlive for simplicity while refactoring, but will re-enable soon.
• f28d69d adds stronger definition for errors from WebClient and uses this information in RTMClient
• ec91168 simplify statemachine config functions by removing RTMClientStateMachine interface extension
• cbaf7a1 an early state machine implementation for the RTM client

See the full diff

Package name: css-loader

The new version differs by 88 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Expansion on PR #854, missed this hardcoded section in the auto-dump (shift + D). DeviaVir/zenbot#860)
• e7525c9 test: nested url (Error on docker-compose build on Rasp Pi3 DeviaVir/zenbot#859)
• 7259faa test: css hacks (Add crossover_vwap strategy to readme & genetic backtester. DeviaVir/zenbot#858)
• 5e6034c feat: allow to filter import at-rules (package-lock.json modified by npm install DeviaVir/zenbot#857)
• 5e702e7 feat: allow filtering urls (MongoError: server instance pool was destroyed DeviaVir/zenbot#856)
• 9642aa5 test: css stuff (Fixed issue with send notification DeviaVir/zenbot#855)
• 3338656 fix: reduce number of require for url (Instead of hardcoding which values are included in the export, include all values in the export. Allows for further enhancement of the graphs. DeviaVir/zenbot#854)
• 533abbe test: issue 636 (Add simple crossover_vwap strategy with vwap indicator. DeviaVir/zenbot#853)
• 08c551c refactor: better warning on invalid url resolution (Refactor method for notification. DeviaVir/zenbot#852)
• b0aa159 test: issue NPM install fails DeviaVir/zenbot#589 (Start sim from certain date DeviaVir/zenbot#851)
• f599c70 fix: broken unucode characters (Visual dashboard for REST API DeviaVir/zenbot#850)
• 1e551f3 test: issue 286 (wex.nz - buy/sell wont work - Error: You incorrectly entered one of fields DeviaVir/zenbot#849)
• 419d27b docs: improve readme (first time  DeviaVir/zenbot#848)
• d94a698 refactor: webpack-default (Fix market order actual price DeviaVir/zenbot#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (QuadrigaCX API rate limit exceeded! unable to call getBalance, aborting QuadrigaCX API is down: (getBalance) Cannot perform request - nonce must be higher than 1513082520 DeviaVir/zenbot#845)
• 8a6ea10 refactor: postcss plugins (Run multiple bots which share stream data DeviaVir/zenbot#844)
• fdcf687 fix: url resolving logic (Suppress Kraken API warnings DeviaVir/zenbot#843)
• 889dc7f feat: allow to disable css modules and disable their by default (QuadrigaCX API is down: (cancelOrder) Cannot perform request - not found DeviaVir/zenbot#842)
• ee2d253 test: importLoaders option ( Catching more recoverable connection errors in Kraken DeviaVir/zenbot#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Neural Strategy DeviaVir/zenbot#840)
• fe94ebc test: icss reserved keywords (How can I put buy/sell even in sim DeviaVir/zenbot#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (profit_stop_enable_pct doesn't seem to trigger on SAR when live trading? DeviaVir/zenbot#838)

See the full diff

Package name: file-loader

The new version differs by 5 commits.

• 1451b1e chore(release): 1.1.7
• 98bf052 fix(index): don't concat `options.outputPath` and `options.publicPath` (Parabolic SAR strategy DeviaVir/zenbot#246)
• 9ee8332 docs(README): add `regExp` option (`options.regExp`) (funds on hold forever DeviaVir/zenbot#244)
• f62bc44 chore(package): update `schema-utils` v0.3.0...0.4.5 (Bitfinex extension PR DeviaVir/zenbot#245)
• ef5688e docs(README): correct default value for `digestType` (`hashes`) (Arbitrage 4.x DeviaVir/zenbot#239)

See the full diff

Package name: har-validator

The new version differs by 10 commits.

• a38c067 5.1.3
• 45c48fa chore(deps): lock file maintenance ([Snyk] Fix for 1 vulnerabilities #106)
• 957913b chore(release): 5.1.2 [skip ci]
• 1764b7c fix(docs): update badge links
• 75dfab0 chore(release): 5.1.1 [skip ci]
• fd01aff fix(scaffold): update project scaffold template
• 759bffe Update AJV to version 6 ([Snyk] Security upgrade echarts from 5.3.0 to 5.5.1 #109)
• e0fee11 chore(deps): update dependency tap to v12 ([Snyk] Fix for 1 vulnerabilities #108)
• d09cc80 Prefer const over let ([Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0 #111)
• a19a82d build(renovate): replace dependencies.io with Renovate app

See the full diff

Package name: node-sass

The new version differs by 64 commits.

• 240e8da 4.9.1
• cc6ff42 Restore old node to CI
• ef713a7 Bump request@2.87.0
• 62fd84a chore: Add info for "Pinned" label
• d3aebe7 Create CODE_OF_CONDUCT.md
• 18d198e typo: node-sas -> node-sass
• 64fdacf chore: Add link to 2355 on PR template
• 8040cb7 docs: add more 404 binding install info
• a3ac021 Clean out duplicate ISSUE template
• e0a92f6 docs: Cleanup issue templates
• 94ce852 Be even more explicit that Node 10 needs 4.9
• 91973ed chore: Add compile issue details to bug template
• e23531d Update issue templates using builder
• 8878118 docs: Add Feature request issue template
• 043e2bc docs: Move and update Installation template
• fece9af docs: Add issue template for compilation results
• 8268296 doc: New ISSUE Template for Request Security issues
• 6fef242 Updates README.md with AppVeyor svg badge ([Snyk] Upgrade snyk from 1.392.1 to 1.393.0 DeviaVir/zenbot#2376)
• e3ab6e1 Clarify docs for --source-map. Closes Genetic backtester throwing error after pulling latest code DeviaVir/zenbot#1026.
• 8c4808a Updated links to absolute path instead of relative ([Snyk] Upgrade ccxt from 1.34.3 to 1.34.7 DeviaVir/zenbot#2371)
• 26a2032 Add PR Template for Request bumps
• 9d6faf6 Bump LibSass@3.5.4
• 739d768 Bump gcc@4.9 for Node 10
• a124e9d Add Node 10 to CI

See the full diff

Package name: poloniex.js

The new version differs by 4 commits.

• aa41c1f Increase version number, 0.0.9
• 38629b8 Update request package
• 42c4a7e Merge pull request [Snyk] Security upgrade css-loader from 0.28.8 to 1.0.0 #31 from askmike/master
• 69f5e25 Only ETIMEDOUT after 60 sec

See the full diff

Package name: postcss-loader

The new version differs by 48 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (Fixes for Quadriga CX trading DeviaVir/zenbot#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (Strategy: CCI + Stochasctics RSI DeviaVir/zenbot#375)
• 114db12 docs(README): add autoprefixing example (Quick fix for the manual process on a remote server DeviaVir/zenbot#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (Feature request: Replace CSV data with mysql or mongodb DeviaVir/zenbot#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (Feature Idea. DeviaVir/zenbot#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (child_process error since last pull  DeviaVir/zenbot#379)

See the full diff

Package name: style-loader

The new version differs by 11 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) (Run time error "cannot find module concat-map" DeviaVir/zenbot#279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged (Implement genetic algo for fine tuning strategy parameters DeviaVir/zenbot#298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist (sim and trade differ DeviaVir/zenbot#296)
• a7734e6 chore(package): update repository url (Wording in conf.js DeviaVir/zenbot#290)

See the full diff

Package name: url-loader

The new version differs by 11 commits.

• 0eeaaa9 chore(release): 1.0.0
• 0390cdb test: standardize (`@ webpack-contrib/test-utils`) ([Snyk] Security upgrade bootstrap from 4.6.0 to 5.0.0 #114)
• 457618b fix(index): use `Buffer.from` instead of deprecated `new Buffer` ([Snyk] Security upgrade bootstrap from 4.6.0 to 5.0.0 #113)
• b4be0c8 ci(circle): Fix rebuild issues
• 4a62cd5 ci(circle): Generate checksum from lock file
• 5aeba3e chore: Update to defaults rc.1
• 3c87902 chore(release): 1.0.0-beta.0
• b61859c chore: Fix package.json prop ordering
• f9174d2 docs(readme): Updates coverage badge
• 5ce17f7 docs(readme): Update CI status badge
• 073b588 refactor: apply `webpack-defaults` ([Snyk] Security upgrade express from 4.17.2 to 4.19.2 #102)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic