[Snyk] Fix for 1 vulnerabilities

[dmitriz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	858/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.3	Authentication Bypass SNYK-JS-HAWK-6969142	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 250 commits.

• 35b40af Publish
• f18a3ba Merge pull request Isolation of backtests askmike/gekko#840 from clavin/increase-test-timeout-scalars
• a7f44c7 Incrase test timeout multipliers
• 8d56368 Merge pull request Errors when run simultaneous backtests askmike/gekko#839 from aoberoi/feat-remote-files
• 162b489 synchronize arguments and requiredness with public API docs
• 76a7aee jk the method is cursor pagination enabled
• cc2ef48 apply traditional paging interface instead of repeating arguments
• 0295088 simplify type definitions to make them generatable in the future
• 135b0b9 adds support for the Remote Files API
• bf4f18d Merge pull request Error with Developing for the Gekko UI frontend askmike/gekko#832 from seratch/response_metadata.messages
• 885b680 Merge pull request Some noob questions askmike/gekko#795 from slackapi/add_code_of_conduct_file
• 673aaf3 Merge pull request Cannot import data askmike/gekko#835 from clavin/api-call-extra-debug
• f4f0a30 Merge branch 'master' into add_code_of_conduct_file
• 86e2e89 Resolving linter line-length error
• 267647c Merge branch 'master' into api-call-extra-debug
• 7d36254 Merge branch 'master' into response_metadata.messages
• dd26e23 Merge pull request Serious problem about BTCC trader askmike/gekko#797 from deremer/patch-1
• 96b1b39 Merge pull request Define backtest period askmike/gekko#836 from clavin/fix-integration-test-types
• 54b9661 Level up: verbositiy, clarity, readability
• 2a7c135 Fix ye olde integration type tests
• d903789 Merge pull request mailer error (authorization.failed) askmike/gekko#799 from clavin/convert-typescript
• b806e32 Merge branch 'master' into convert-typescript
• 3eabc38 Fix documentation & typos, better respond resolved type
• a6b22bc Remove unneeded condition

See the full diff

Package name: btc-markets

The new version differs by 11 commits.

• e86d022 Updated npm dependencies
• 1cf70b9 Got withdrawHistory working which uses a GET instead of a POST. The message signature is also different
• 6100c26 Moved @ types from devDependencies to dependencies
• d160644 Added OrderBookTuple to type definition as it restricts the length to 2 numbers which number[][] does not
• 8c27dd0 Bump version
• fed2725 Updated license
• 8feffa2 Fixes to the README
• d5b9f11 Bump version
• a808993 Added generated type definitions for BTCMarkets class
• ab899f9 Now using promises!
• 4c2c1be Converted library to TypeScript including typings

See the full diff

Package name: gdax

The new version differs by 117 commits.

• f380764 0.9.0
• 58fff5f Update husky & lint-staged
• 05468eb More s/GDAX/Coinbase Pro
• 8bdd1cc GDAX deprecation: switch mock HTTP header cookie domain to Coinbase Pro's.
• 04adf49 GDAX depreciation: update API key URL.
• 35bf523 GDAX deprecation: switch sandbox Websocket feed to sandbox Coinbase Pro URL.
• 896f190 GDAX deprecation: switch sandbox REST API to sandbox Coinbase Pro URL.
• 8b14262 GDAX deprecation: switch Websocket feed to Coinbase Pro URL.
• 39f1a92 GDAX deprecation: switch REST API to Coinbase Pro URL.
• 6db4a94 GDAX deprecation: switch docs URLs to docs.pro.coinbase.com.
• adfc380 Add stablecoin conversion (hi mike,help me askmike/gekko#347)
• 95bf7ec Add optional order_id param to getFills as supported by the API (Bitfinex: Updated module, updated wrapper, updated exchange.js askmike/gekko#344)
• 8633292 Update README.md (Kraken requires "my-secret" to be set in the config askmike/gekko#342)
• 0e32d35 Add ETC to CurrencyType (Error - return Gekko version: v${util.getVersion()} askmike/gekko#332)
• e9624bb Add payment method withdrawal functionality (Poloniex: BTC-ETH pair not saving to SQLite database askmike/gekko#325)
• 715dda4 Add clarification info to README for cancelOrders and cancelAllOrders
• daaeae3 Fix build and test dependencies (Fix incorrect file existence check and fix npm test askmike/gekko#324)
• 1a79817 Fix build matrix (Update exchanges.js askmike/gekko#323)
• b4d9902 Add depositPayment method to support /deposits/payment-method (Fix links to point current (0.2) branch instead of master branch askmike/gekko#314)
• 5d8cc18 Fix Typescript types for getProductTradeStream (Error: Unsupported exchange askmike/gekko#319)
• a836283 TypeScript: Add options for clients (Update kraken.js askmike/gekko#322)
• bf347b1 0.8.0
• a773dac Point Changelog at GitHub Releases (New Pairs for kraken? askmike/gekko#318)
• 906b82d CircleCI Build Matrix (Fix syntax error in exchanges/kraken.js askmike/gekko#316)

See the full diff

Package name: poloniex.js

The new version differs by 19 commits.

• aa41c1f Increase version number, 0.0.9
• 38629b8 Update request package
• 42c4a7e Merge pull request [Snyk] Security upgrade sqlite3 from 3.1.13 to 5.0.3 #31 from askmike/master
• 69f5e25 Only ETIMEDOUT after 60 sec
• 99dd1ae Improve spacing
• aeedab5 Merge branch 'Jabbath-master': support returnOrderBook('all')
• 0072b65 Merge returnOrderBook('all')
• 4774961 Update returnOpenOrders(all) and README
• 5c60446 Fix call to returnOpenOrders for 'all' currencies
• 2fa1a7f Fix generateNewAddress call, closes Configure Renovate - autoclosed #28
• 3e88df8 Merge pull request [Snyk] Security upgrade sqlite3 from 3.1.13 to 4.0.0 #17 from askmike/patch-2
• 6661529 Merge pull request [Snyk] Security upgrade btc-markets from 0.0.10 to 1.0.0 #25 from KoryNunn/fix-returnTradeHistory
• 86452de Fixed returnTradeHistory
• 5f82a99 Merge pull request [Snyk] Security upgrade moment from 2.20.1 to 2.29.2 #19 from anders94/bump-version
• 91f5e6a bump to version 0.0.8
• b79fc60 Merge pull request [Snyk] Security upgrade pushbullet from 1.4.3 to 3.0.0 #18 from anders94/add-returnLendingHistory
• 5690d1f add returnLendingHistory
• b1a92c2 Timeout the request after 10 seconds
• 1dc32e2 Added functionality to fetch order books for all markets

See the full diff

Package name: sqlite3

The new version differs by 250 commits.

• 573784b v5.0.3
• e5a24fd Deleted `examples/` folder
• b05f459 Added note about GitHub Releases to CHANGELOG.md
• 33d0656 Modernised Usage example in README
• 9d05c55 Fixed up more README nits
• 08d6319 Fixed link to API docs
• 0e2235a Altered wording in README
• 76b6c56 Altered README header
• e3df365 Updated README
• 426930f Enabled CI to run when pushing tags
• a21d41f Fixed uploading binaries to commit artifacts
• bc978c7 Fixed CI step wording
• 7f744a1 Added prebuilt binaries via GitHub Releases
• b4b3c3a Deleted `scripts/` directory
• 71bbdea Pinned dev dependencies (market graph wrong (Buy/Sell) plot askmike/gekko#1558)
• a597383 Updated badges in README
• 0eb4a0f Deleted Travis and Appveyor configs
• b58d341 Downgraded `mocha` and `eslint`
• f39b10d Added missing Node versions to CI
• 8db96d4 Replaced Python extraction script with JS (Question - Trading History in Strategy askmike/gekko#1570)
• 11c988c Fixed Windows build architecture in CI
• 8e63848 Updated Windows CI runner to `windows-latest`
• d9e7d8b Fixed building on MacOS Monterey 12.3
• 859b95b Updated `node-gyp` to v8.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Authentication Bypass

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Vulnerable Libraries (5)

Severity	Details
Critical	pkg:npm/btc-markets@1.0.6 upgrade to: > 1.0.6
Critical	pkg:npm/gdax@0.9.0 upgrade to: > 0.9.0
Medium	pkg:npm/@slack/client@5.0.2 upgrade to: > 5.0.2
Critical	pkg:npm/poloniex.js@0.0.9 upgrade to: > 0.0.9
High	pkg:npm/sqlite3@5.0.3 upgrade to: 5.1.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.