[Snyk] Fix for 5 vulnerabilities

[RafalSladek]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bitfinex-api-node

The new version differs by 119 commits.

• cbb2502 updated docs
• 45e8a0d Merge pull request Added send/buy orders notifications using Slack's Incoming WebHooks API. DeviaVir/zenbot#583 from ZIMkaRU/bugfix/fix-ws-transport-to-support-new-rest-api-signature
• df7889b Update CHANGELOG
• d38c4fc Update CHANGELOG
• bf1df8f Update CHANGELOG
• d951c24 Update package.json
• f072f0e Bump bfx-api-node-rest version up to 5.1.1
• 54300fc Bump bfx-api-node-models version up to 1.7.1
• e337030 Change min node version to 16.20
• 2164cba Update docs
• 050c326 Add changes to changelog
• 21d0961 Bump version up to 6.0.1
• b6a407b Fix ws transports methods params
• 08a085a Merge pull request Bittrex API 2.0 DeviaVir/zenbot#582 from ZIMkaRU/feature/resolve-deps-issue
• cb37175 Add changes to changelog
• 59d7587 Move dev deps into corresponding section
• 5a39752 Update docs
• f2d93f6 Bump version up to 6.0.0
• ac5f726 Bump dep versions to fix vulnerabilities
• f41b7ef Bump bfx-api-node-rest version up to 5.1.0
• 5344bd2 Remove bluebird Promise
• eceaf2a Remove unused deps
• be6596c Merge pull request Genetic back tester fails to fetch test results because of ansi codes DeviaVir/zenbot#578 from vitaliystoliarovcc/fix/emit-public-funding-trades
• 92a7b77 5.0.4

See the full diff

Package name: node-sass

The new version differs by 16 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2

See the full diff

Package name: node-telegram-bot-api

The new version differs by 32 commits.

• 5385d41 feat: update to v0.64.0 version
• 12d4d25 deps: Change request to @ cypress/request (Extra line in dashboard api DeviaVir/zenbot#1145)
• f17e801 docs: revokeChatInviteLink
• 595cdbd feat: Telegram Bot API 6.8 support (Fix node-telegram-bot-api deprecated warning DeviaVir/zenbot#1113)
• dfe24a4 docs: update api.md for setWebHook (fix FEATURE - Use TAKER after fails of xx MAKER attempts DeviaVir/zenbot#1083) (Nonce must be greater than x you provided y DeviaVir/zenbot#1084)
• 542002e feat: Telegram Bot API Support 6.6 + 6.7 [WIP] (v4.1.0: release to master DeviaVir/zenbot#1069)
• 2885db0 Merge pull request Fix invalid HTML in simulation template DeviaVir/zenbot#1094 from kaiserdj/patch-1
• ad2b8c2 docs: Update group link
• 4ec6a68 docs: Update group link
• ab0eb18 fix: Handle rejected when open a webhook in a port that was already in use
• c4164a2 docs: Update README
• 6077f9b docs: update api.md for createNewStickerSet (Fix bug where fitness function assigned higher fitness to worse results. DeviaVir/zenbot#1043)
• 41f493b docs: update README.md (darwin.js - crossover/trendline strategy input & general .csv/.json output issues. DeviaVir/zenbot#1044)
• 53b5565 fix: remove try catch in _fixAddFileThumb
• 58261d1 feat: Telegram Bot API 6.4 Support (Be able to 'switch' asset and currency DeviaVir/zenbot#1040)
• 4ef4fe9 Update incorrect link in tutorials.md (Binance changed API 24 hours to 1 hour DeviaVir/zenbot#1027)
• ab59286 feat: Telegram Bot API v6.3 (Enhancement - Scheduled MongoDB prune DeviaVir/zenbot#1020)
• 0eb8b80 fix: Parse entities when sending request (REST API UI v1.1 DeviaVir/zenbot#1013)
• ccdd146 docs: Fix readme with correct link to api docs
• d853704 fix: Changelog
• 22d99fd docs: update @ types install note (Could simulation be done on a GPU ? DeviaVir/zenbot#999)
• fe4afd6 feat: Support Bot API v6.2 (Changed references in the Strategy objects of the backtesters to 'per… DeviaVir/zenbot#996)
• c9b05e7 feat: Support test enviroment (Error: invalid bucket size spec: undefined DeviaVir/zenbot#994)
• f50cf98 Hotfix: tests + modify order src/telegram + docs (Updated trendline "AP markup mode", profitable neural. Examples.... DeviaVir/zenbot#988)

See the full diff

Package name: pushbullet

The new version differs by 18 commits.

• 1f8c1fd Update to version 3.0.0
• 9186bd9 Add `createChannel()`
• ac2fe7e Deprecate `sendSMS()`
• 9b7bcda Add support for the text API
• 5f501c5 Fix some comments
• 426de2b Remove old Travis CI yaml file
• 6a0076c Update ESLint rules and apply fixes
• ebdc39e Merge branch 'github-action-tests'
• ffd626d Add GitHub action to run tests
• f68187d Add tests using nock for mocking the API
• 45a657f Remove tests for now
• 72e856e Codestyle, modernisation, misc fixes
• a899190 Update dependencies to latest versions
• dca0e34 Merge branch 'node-fetch-migration'
• 3f89158 Update changelog
• 6508617 Update README
• 6a83ef9 Replace request with node-fetch
• 0f18e80 Switch CJS requires to ESM imports

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution