[Snyk] Fix for 18 vulnerabilities

[mariotsi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:bson:20180225	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bitfinex-api-node

The new version differs by 250 commits.

• cbb2502 updated docs
• 45e8a0d Merge pull request Added send/buy orders notifications using Slack's Incoming WebHooks API. DeviaVir/zenbot#583 from ZIMkaRU/bugfix/fix-ws-transport-to-support-new-rest-api-signature
• df7889b Update CHANGELOG
• d38c4fc Update CHANGELOG
• bf1df8f Update CHANGELOG
• d951c24 Update package.json
• f072f0e Bump bfx-api-node-rest version up to 5.1.1
• 54300fc Bump bfx-api-node-models version up to 1.7.1
• e337030 Change min node version to 16.20
• 2164cba Update docs
• 050c326 Add changes to changelog
• 21d0961 Bump version up to 6.0.1
• b6a407b Fix ws transports methods params
• 08a085a Merge pull request Bittrex API 2.0 DeviaVir/zenbot#582 from ZIMkaRU/feature/resolve-deps-issue
• cb37175 Add changes to changelog
• 59d7587 Move dev deps into corresponding section
• 5a39752 Update docs
• f2d93f6 Bump version up to 6.0.0
• ac5f726 Bump dep versions to fix vulnerabilities
• f41b7ef Bump bfx-api-node-rest version up to 5.1.0
• 5344bd2 Remove bluebird Promise
• eceaf2a Remove unused deps
• be6596c Merge pull request Genetic back tester fails to fetch test results because of ansi codes DeviaVir/zenbot#578 from vitaliystoliarovcc/fix/emit-public-funding-trades
• 92a7b77 5.0.4

See the full diff

Package name: kraken-api

The new version differs by 24 commits.

• 816fa67 update version
• 566017c update README
• e5fdd67 switch "request" to "got", formatting
• 795fce4 update to ES6
• 6aec364 add package lock file
• b4ec922 formatting
• 01702aa Merge pull request [Snyk] Security upgrade bitfinex-api-node from 1.0.1 to 4.0.11 #32 from yury-dymov/pass-options
• ef95226 Update kraken.js
• 5ad7d32 Merge branch 'master' into pass-options
• b05f3db Merge pull request [Snyk] Fix for 1 vulnerabilities #24 from claude2/patch-1
• 74ded25 Merge branch 'master' into patch-1
• 44ae6c7 Merge pull request [Snyk] Security upgrade glob from 7.1.2 to 9.0.0 #31 from moppymopperson/patch-2
• 8eddbcf Merge pull request [Snyk] Fix for 18 vulnerabilities #29 from MaxBlaushild/patch-1
• c20e647 Merge pull request [Snyk] Security upgrade glob from 7.1.2 to 9.0.0 #28 from DeX3/master
• 371d90a pass config options to the constructor
• 213c711 Cover error case
• 1251498 Checks for arrayness of error
• ca939e6 🔧 Allow specification of custom timeout for API calls
• 35a2aef Use qs library because it supports nested objects
• 2e1c4f7 Fix [Snyk] Security upgrade async from 2.5.0 to 3.2.2 #22 + consistent space after if
• 9f92a3b Merge pull request [Snyk] Security upgrade moment from 2.18.1 to 2.29.4 #23 from EdgarBarrantes/master
• 2c1d57c Modifies reference in readme file.
• b64b44a Merge pull request [Snyk] Security upgrade shelljs from 0.7.8 to 0.8.5 #19 from mastilver/nonce-override
• b543bdf feat(nonce): make nonce overridable

See the full diff

Package name: mongodb

The new version differs by 250 commits.

• 79da11f 3.1.3
• 337cb79 feat(core): update to mongodb-core 3.1.2
• ff5fafc refactor(topology-base): `getServer` => `selectServer`
• b33fc74 3.1.2
• 78f6977 fix(mongo_client): translate options for connectWithUrl
• 36e92f1 fix(db_ops): call collection.find() with correct parameters (Fix binance product update DeviaVir/zenbot#1795)
• 759dd85 fix(buffer): replace deprecated Buffer constructor
• cb9d915 docs(connect): remove references to MongoClient.connect
• b8d2f1d fix(teardown): properly destroy a topology when initial connect fails
• 64027e8 refactor(export): expose CommandCursor
• 6ef85c4 refactor(export): expose AggregationCursor
• 13d776f fix(cursor): set readPreference for cursor.count
• a5d0f1d feat(deprecation): wrap deprecated functions
• 4f907a0 feat(deprecation): create deprecation function
• 666b8fa refactor(bulk): Unify bulk operations
• a0d84f6 test(evergreen): adding evergreen config to native driver
• b8471f1 fix(collection): isCapped returns false instead of undefined
• 86344f4 fix(collection): ensure findAndModify always use readPreference primary
• c25c519 test(countDocuments): full test coverage for countDocuments
• 25ca557 docs(contributing): fix link to HISTORY.md
• 4395110 chore(MongoClient): add missing legacy option name on warning message
• 297d843 docs(sessions): updating docs for sessions
• 15dc808 fix(db_ops): fix two incorrectly named variables
• fca1185 fix(count-documents): return callback on error case

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection