New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gdax from 0.3.0 to 0.6.0 #6

Merged

ferreiramarcelo merged 1 commit into stable from snyk-fix-ca91e0096f9cb26fe76a89086ba2d1d3

Jan 23, 2021

Owner

ferreiramarcelo commented Jan 23, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gdax

The new version differs by 84 commits.

546ecbe Allow package-lock files
fc9e963 0.6.0
0e708e2 The correct type is string (TypeError: Object false has no method 'find' askmike/gekko#263)
d5fdd0a Add types for account transfers (Added support for LakeBTC exchange askmike/gekko#254)
131f015 More efficient orderbook sync, emitting 'synced' message upon completion (Would it support LakeBTC exchange? askmike/gekko#253)
bfccd2b Update TypeScript declarations for WebsocketClient (More markets askmike/gekko#170)
3338d6b Add a function to fetch transfers in the account (Unable to sell after period of time askmike/gekko#217)
3d377e2 Fix types inconsistencies (Advice (and trades) repeat. askmike/gekko#248)
ab96d08 Faster decimal library. (Re-enable back testing feature askmike/gekko#245)
c14bdab Add Websocket#subscribe() and #unsubscribe() (Having trouble install new gekko askmike/gekko#213)
8943010 Upgrade and relax dependencies (Code for Bitfinex support askmike/gekko#241)
20d1292 Fix UnhandledPromiseRejectionWarning in OrderbookSync (Custom method access to previous data ? askmike/gekko#239)
f57fb29 Fix precommit: eslint cannot be run on json or markdown (Unable to buy on bitstamp askmike/gekko#240)
f434f3d Remove github install instructions from README (Can't enable trading on BTCe askmike/gekko#236)
d72574d Use prettier for JSON & markdown files, use .prettierrc (I do not know the indicator SMA askmike/gekko#235)
6517da9 Improve error handling by checking auth before every signature (Hi man, lets add MintPal !!! askmike/gekko#237)
959cb89 Update README.md (Q: Should this be forked? askmike/gekko#139)
ba94d6e Fix request error handling (Fetch data appears from the future askmike/gekko#210)
50ef51b Change granularity parameter in README to an acceptable input. (std::bad_alloc askmike/gekko#205)
3acf6f5 Emit error when websocket message is an error (I get this error: askmike/gekko#221)
c357943 Fix Loadash askmike/gekko#225 (Documentation for candleSize/History askmike/gekko#230)
40b2b99 Fix BaseOrderInfo's types (portfolioManager / refresh-balance / Request for comments (post-LocalDB merge) askmike/gekko#212)
a02de7c Add contributor guidelines
4c35692 Update license

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json to reduce vulnerabilities

65b88c9

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:tunnel-agent:20170305
- https://snyk.io/vuln/npm:ws:20160920
- https://snyk.io/vuln/npm:ws:20171108

ferreiramarcelo merged commit 9c09997 into stable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet