[Snyk] Fix for 26 vulnerabilities

[rfxn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-73560	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:bootstrap:20180529	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 147 commits.

• e95f59c Merge pull request CEXIO API not updated duo to faulty version integrity DeviaVir/zenbot#623 from aoberoi/rel-v4.5.0
• fde80c7 v4.5.0
• fc6371c Merge pull request Can I run zenbot trade in the background ? DeviaVir/zenbot#611 from clavin/issue-198-rtm-start-promise
• ddadd39 Make `disconnected` event arg more verbose
• 4ea73ad Merge pull request HitBTC Exchange Support DeviaVir/zenbot#620 from aoberoi/replace-got-with-axios
• df2786d add test for IncomingWebhook for failing with request error
• a917ec7 add test for agent option as boolean
• 8d9e24b add test for multiple custom agents by scheme
• 861305c add method description
• 40bb61c Replace dependency got with axios
• 050cbfa purge outdated comments
• d98aef7 Merge pull request Two questions from a noob? DeviaVir/zenbot#619 from DominikPalo/feature/dialog-state
• 7d01010 Add the "state" property to the dialog interface
• 3053334 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #7 from slackapi/master
• b207d88 Merge pull request help a newbe please DeviaVir/zenbot#613 from aoberoi/rel-v4.4.0
• 86d4727 v4.4.0
• da4b0ec Merge pull request CEXIO removed debug console.log DeviaVir/zenbot#609 from aoberoi/user-data-api
• c1bdf0f grammar
• 4045fda add docs for on_behalf_of
• 5b0dddf convert user perspective option name from actor to on_behalf_of
• 92ea097 Add RTM start & disconnect Promises
• 07c174d Fix RTM `failure` event
• 7138b83 implement actor enabled methods, fixes Idea: Configurable date range for back testing DeviaVir/zenbot#608
• 842c7a7 Merge pull request notification issue in sim mode DeviaVir/zenbot#605 from aoberoi/broad-types-node

See the full diff

Package name: bitfinex-api-node

The new version differs by 250 commits.

• cbb2502 updated docs
• 45e8a0d Merge pull request Added send/buy orders notifications using Slack's Incoming WebHooks API. DeviaVir/zenbot#583 from ZIMkaRU/bugfix/fix-ws-transport-to-support-new-rest-api-signature
• df7889b Update CHANGELOG
• d38c4fc Update CHANGELOG
• bf1df8f Update CHANGELOG
• d951c24 Update package.json
• f072f0e Bump bfx-api-node-rest version up to 5.1.1
• 54300fc Bump bfx-api-node-models version up to 1.7.1
• e337030 Change min node version to 16.20
• 2164cba Update docs
• 050c326 Add changes to changelog
• 21d0961 Bump version up to 6.0.1
• b6a407b Fix ws transports methods params
• 08a085a Merge pull request Bittrex API 2.0 DeviaVir/zenbot#582 from ZIMkaRU/feature/resolve-deps-issue
• cb37175 Add changes to changelog
• 59d7587 Move dev deps into corresponding section
• 5a39752 Update docs
• f2d93f6 Bump version up to 6.0.0
• ac5f726 Bump dep versions to fix vulnerabilities
• f41b7ef Bump bfx-api-node-rest version up to 5.1.0
• 5344bd2 Remove bluebird Promise
• eceaf2a Remove unused deps
• be6596c Merge pull request Genetic back tester fails to fetch test results because of ansi codes DeviaVir/zenbot#578 from vitaliystoliarovcc/fix/emit-public-funding-trades
• 92a7b77 5.0.4

See the full diff

Package name: bootstrap

The new version differs by 250 commits.

• 8fa0d30 Release v4.3.1. (#28252)
• dae20da Remove unneeded glob. (#28249)
• 10b97f6 Fix npm package contents
• 7bc4d2e Add sanitize template option for tooltip/popover plugins.
• bf2515a Update RFS to v8.0.1 (#28245)
• 45ced60 Update font size (#28232)
• 1ded0d6 Release v4.3.0 (#28228)
• 3aa0770 docs snippets: a few more minor tweaks (#28225)
• adf16da toasts.md: Remove useless `div`s.
• 2bfe581 Remove stray parameter from capture.
• bbf8b76 Cosmetic changes in snippets.
• 7a9a8db docs: remove `-ms-overflow-style: -ms-autohiding-scrollbar` (#28220)
• 24253b1 migration.md: use https. (#28221)
• 545f3fa Prevent text selection in placeholder images (#28218)
• 94acdee Revert "Silence mkdir. (#28184)" (#28209)
• 6c7dcc6 placeholder.svg: Partially revert the changes from c0e42cb. (#28216)
• 1145365 Reword footer text.
• bd328bf Use the `site.repo` variable.
• a920429 Change footer link to point to the docs team page
• c56b10c Offcanvas example: transition the transform (#28203)
• 52e6ce4 Update devDependencies. (#28175)
• 93dec4c Fix scrollable modal snippet
• 51375ab Responsive font size implementation (#23816)
• d250567 Remove `-ms-autohiding-scrollbar` to prevent overlapping the table content (#28153)

See the full diff

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Expansion on PR #854, missed this hardcoded section in the auto-dump (shift + D). DeviaVir/zenbot#860)
• e7525c9 test: nested url (Error on docker-compose build on Rasp Pi3 DeviaVir/zenbot#859)
• 7259faa test: css hacks (Add crossover_vwap strategy to readme & genetic backtester. DeviaVir/zenbot#858)
• 5e6034c feat: allow to filter import at-rules (package-lock.json modified by npm install DeviaVir/zenbot#857)
• 5e702e7 feat: allow filtering urls (MongoError: server instance pool was destroyed DeviaVir/zenbot#856)
• 9642aa5 test: css stuff (Fixed issue with send notification DeviaVir/zenbot#855)
• 3338656 fix: reduce number of require for url (Instead of hardcoding which values are included in the export, include all values in the export. Allows for further enhancement of the graphs. DeviaVir/zenbot#854)
• 533abbe test: issue 636 (Add simple crossover_vwap strategy with vwap indicator. DeviaVir/zenbot#853)
• 08c551c refactor: better warning on invalid url resolution (Refactor method for notification. DeviaVir/zenbot#852)
• b0aa159 test: issue NPM install fails DeviaVir/zenbot#589 (Start sim from certain date DeviaVir/zenbot#851)
• f599c70 fix: broken unucode characters (Visual dashboard for REST API DeviaVir/zenbot#850)
• 1e551f3 test: issue 286 (wex.nz - buy/sell wont work - Error: You incorrectly entered one of fields DeviaVir/zenbot#849)
• 419d27b docs: improve readme (first time  DeviaVir/zenbot#848)
• d94a698 refactor: webpack-default (Fix market order actual price DeviaVir/zenbot#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (QuadrigaCX API rate limit exceeded! unable to call getBalance, aborting QuadrigaCX API is down: (getBalance) Cannot perform request - nonce must be higher than 1513082520 DeviaVir/zenbot#845)
• 8a6ea10 refactor: postcss plugins (Run multiple bots which share stream data DeviaVir/zenbot#844)
• fdcf687 fix: url resolving logic (Suppress Kraken API warnings DeviaVir/zenbot#843)
• 889dc7f feat: allow to disable css modules and disable their by default (QuadrigaCX API is down: (cancelOrder) Cannot perform request - not found DeviaVir/zenbot#842)
• ee2d253 test: importLoaders option ( Catching more recoverable connection errors in Kraken DeviaVir/zenbot#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Neural Strategy DeviaVir/zenbot#840)
• fe94ebc test: icss reserved keywords (How can I put buy/sell even in sim DeviaVir/zenbot#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (profit_stop_enable_pct doesn't seem to trigger on SAR when live trading? DeviaVir/zenbot#838)

See the full diff

Package name: lint-staged

The new version differs by 250 commits.

• 885a644 Merge pull request Refactor method for notification. DeviaVir/zenbot#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request Is there a way to specify a period offset? DeviaVir/zenbot#837 from okonet/serial-git-add

See the full diff

Package name: node-sass

The new version differs by 197 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: node-telegram-bot-api

The new version differs by 105 commits.

• 5385d41 feat: update to v0.64.0 version
• 12d4d25 deps: Change request to @ cypress/request (Extra line in dashboard api DeviaVir/zenbot#1145)
• f17e801 docs: revokeChatInviteLink
• 595cdbd feat: Telegram Bot API 6.8 support (Fix node-telegram-bot-api deprecated warning DeviaVir/zenbot#1113)
• dfe24a4 docs: update api.md for setWebHook (fix FEATURE - Use TAKER after fails of xx MAKER attempts DeviaVir/zenbot#1083) (Nonce must be greater than x you provided y DeviaVir/zenbot#1084)
• 542002e feat: Telegram Bot API Support 6.6 + 6.7 [WIP] (v4.1.0: release to master DeviaVir/zenbot#1069)
• 2885db0 Merge pull request Fix invalid HTML in simulation template DeviaVir/zenbot#1094 from kaiserdj/patch-1
• ad2b8c2 docs: Update group link
• 4ec6a68 docs: Update group link
• ab0eb18 fix: Handle rejected when open a webhook in a port that was already in use
• c4164a2 docs: Update README
• 6077f9b docs: update api.md for createNewStickerSet (Fix bug where fitness function assigned higher fitness to worse results. DeviaVir/zenbot#1043)
• 41f493b docs: update README.md (darwin.js - crossover/trendline strategy input & general .csv/.json output issues. DeviaVir/zenbot#1044)
• 53b5565 fix: remove try catch in _fixAddFileThumb
• 58261d1 feat: Telegram Bot API 6.4 Support (Be able to 'switch' asset and currency DeviaVir/zenbot#1040)
• 4ef4fe9 Update incorrect link in tutorials.md (Binance changed API 24 hours to 1 hour DeviaVir/zenbot#1027)
• ab59286 feat: Telegram Bot API v6.3 (Enhancement - Scheduled MongoDB prune DeviaVir/zenbot#1020)
• 0eb8b80 fix: Parse entities when sending request (REST API UI v1.1 DeviaVir/zenbot#1013)
• ccdd146 docs: Fix readme with correct link to api docs
• d853704 fix: Changelog
• 22d99fd docs: update @ types install note (Could simulation be done on a GPU ? DeviaVir/zenbot#999)
• fe4afd6 feat: Support Bot API v6.2 (Changed references in the Strategy objects of the backtesters to 'per… DeviaVir/zenbot#996)
• c9b05e7 feat: Support test enviroment (Error: invalid bucket size spec: undefined DeviaVir/zenbot#994)
• f50cf98 Hotfix: tests + modify order src/telegram + docs (Updated trendline "AP markup mode", profitable neural. Examples.... DeviaVir/zenbot#988)

See the full diff

Package name: poloniex.js

The new version differs by 4 commits.

• aa41c1f Increase version number, 0.0.9
• 38629b8 Update request package
• 42c4a7e Merge pull request [Snyk] Fix for 1 vulnerabilities #31 from askmike/master
• 69f5e25 Only ETIMEDOUT after 60 sec

See the full diff

Package name: pushbullet

The new version differs by 26 commits.

• 1f8c1fd Update to version 3.0.0
• 9186bd9 Add `createChannel()`
• ac2fe7e Deprecate `sendSMS()`
• 9b7bcda Add support for the text API
• 5f501c5 Fix some comments
• 426de2b Remove old Travis CI yaml file
• 6a0076c Update ESLint rules and apply fixes
• ebdc39e Merge branch 'github-action-tests'
• ffd626d Add GitHub action to run tests
• f68187d Add tests using nock for mocking the API
• 45a657f Remove tests for now
• 72e856e Codestyle, modernisation, misc fixes
• a899190 Update dependencies to latest versions
• dca0e34 Merge branch 'node-fetch-migration'
• 3f89158 Update changelog
• 6508617 Update README
• 6a83ef9 Replace request with node-fetch
• 0f18e80 Switch CJS requires to ESM imports
• 8b5eaef Update to version 2.4.0
• c1581bb Update dependency requirements
• eadb250 Reconnect to websocket stream if disconnected
• 3ea3f0c Update version to 2.3.0
• e662e3c Add fullResponses option to return response object
• 7b78838 Switch to ws module for stream handling

See the full diff

Package name: tulind

The new version differs by 31 commits.

• a0482fa update appveyor env variable name [publish binary]
• b063981 Version bump [publish binary]
• c456802 chore(deps): upgrade to @ mapbox/node-pre-gyp ([Snyk] Security upgrade strip-ansi from 4.0.0 to 7.0.0 #70)
• 1d86b1f moved publish to end of travis script. version bump. [publish binary]
• 5d0ae22 again [publish binary]
• c624b4a publish fix. version bump. [publish binary]
• 3a31cf0 version bump [publish binary]
• b279567 update to work with node 12
• d4dfc6d keep callback on stack
• 3fe97c5 use nan::to and nan:asyncresource
• 6988126 update copyright year
• b02ebd4 cleanup
• 594b35d option to publish from travis
• e278aa6 added encrypted AWS keys to travis
• 6a4bd45 added -Wno-cast-function-type flag
• c1890d1 remove node-pre-gyp from bundleddeps
• ec8bed3 update node version and packages
• 25f7080 added downloads/week badge
• 9d0b4d6 version bump [publish binary]
• c799055 fix crash when index.js is run more than once
• 168bcef Version 0.8.14 [publish binary]
• a2cf861 Update node-pre-gyp version to 0.12.0, added node 10, 11 to CI.
• af13d4d Update CI tools to test with NodeJs v10 and v11
• 6adda1e Update node-pre-gyp version to 0.12.0

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 37 commits.

• b1e7ef3 break: update pkg.json
• 4857b9d break: webpack-cli v.3.0.0
• 660ce95 v0.0.8
• 9d3c9c1 v0.0.7
• 138adfd BREAKING: webpack-cli v3 ([SOLVED] GDAX API unable to call getBalance, http_status 'invalid signature' DeviaVir/zenbot#448)
• 03c1969 chore(deps): Update nyc to the latest version 🚀 (Please add itBit Exchange DeviaVir/zenbot#476)
• 3a8fcce chore(deps): Update conventional-changelog-cli to the latest version 🚀 (Bitfinex WS Fixes: Reconnect and crash on previously non-traded assets/currency DeviaVir/zenbot#474)
• 3442865 tests(binTestCases): refactor to make tests pass (x is undefined - crash in numbro.js DeviaVir/zenbot#472)
• c2398a2 fix(entry): fix a bug when `--display-entrypoints=false` does not hide entries (Fix bug with preroll when 0 volume DeviaVir/zenbot#464)
• 9977406 chore(package): update jest-cli to version 23.0.1 (Introduce a non-interactive mode DeviaVir/zenbot#467)
• 3953648 fix(dependencies): fix vulnerabilities (Bitfinex WebSockets API + Fix postonly not triggering re-buy DeviaVir/zenbot#458)
• 7c01f39 chore(travis): move npm ci to install task (Fix docker builds for forex.analytics DeviaVir/zenbot#424)
• aefa520 chore(travis): add Node.js 10 (npm install error DeviaVir/zenbot#425)
• 8283ba9 chore(docs): update readme
• 9760a4d Update dependencies to enable Greenkeeper 🌴 (RSI values on Zenbot 4 differs insanely from those on Zenbot 3.5 DeviaVir/zenbot#443)
• 4cca655 chore(travis): run lockfile cmds on tests (Bittrex has inverted values DeviaVir/zenbot#444)
• d0fb42c cli(init): revise installation steps (DynamoDB support DeviaVir/zenbot#441)
• 51851e8 fix(pkg): test auto setup
• bb181a1 chore(travis): Add encrypted private ssh key
• 2091d1c chore(package.lock): update pkg.lock
• d060239 chore(release): v.2.1.3
• 4149c53 chore(pkg): remove prefer global
• 84d6997 chore(templates): Update issue templates (Cannot find module './build/Release/analytics.node' DeviaVir/zenbot#432)
• 2273536 cli(cmds): revise yargs command (Trading issue on live for kraken DeviaVir/zenbot#422)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"29ed1731-1083-4f1e-82d4-2bd8ad996589","prPublicId":"29ed1731-1083-4f1e-82d4-2bd8ad996589","dependencies":[{"name":"@slack/client","from":"4.1.0","to":"4.5.0"},{"name":"bitfinex-api-node","from":"1.2.1","to":"6.0.0"},{"name":"bootstrap","from":"4.1.0","to":"4.3.1"},{"name":"ccxt","from":"1.13.32","to":"1.89.76"},{"name":"css-loader","from":"0.28.11","to":"2.0.0"},{"name":"lint-staged","from":"7.0.4","to":"10.2.0"},{"name":"node-sass","from":"4.8.3","to":"7.0.2"},{"name":"node-telegram-bot-api","from":"0.30.0","to":"0.64.0"},{"name":"poloniex.js","from":"0.0.8","to":"0.0.9"},{"name":"pushbullet","from":"2.2.0","to":"3.0.0"},{"name":"tulind","from":"0.8.10","to":"0.8.20"},{"name":"webpack","from":"4.6.0","to":"5.0.0"},{"name":"webpack-cli","from":"2.0.15","to":"3.0.0"}],"packageManager":"npm","projectPublicId":"49afd2ce-e7d4-4c5f-9cf6-c1d0b09da0d8","projectUrl":"https://app.snyk.io/org/rfxn/project/49afd2ce-e7d4-4c5f-9cf6-c1d0b09da0d8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BABELTRAVERSE-5962463","SNYK-JS-BOOTSTRAP-173700","SNYK-JS-BOOTSTRAP-73560","npm:bootstrap:20180529","SNYK-JS-COLORSTRING-1082939","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-JSON5-3182856","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-NODEFETCH-2342118","SNYK-JS-NODEFETCH-674311","SNYK-JS-POSTCSS-1255640","SNYK-JS-POSTCSS-5926692","SNYK-JS-REQUEST-3361831","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SERIALIZEJAVASCRIPT-6056521","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-UNSETVALUE-2400660","SNYK-JS-WS-1296835","npm:braces:20180219","npm:mime:20170907"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BABELTRAVERSE-5962463","SNYK-JS-BOOTSTRAP-173700","SNYK-JS-BOOTSTRAP-73560","SNYK-JS-COLORSTRING-1082939","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-JSON5-3182856","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-NODEFETCH-2342118","SNYK-JS-NODEFETCH-674311","SNYK-JS-POSTCSS-1255640","SNYK-JS-POSTCSS-5926692","SNYK-JS-REQUEST-3361831","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SERIALIZEJAVASCRIPT-6056521","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-UNSETVALUE-2400660","SNYK-JS-WS-1296835","npm:bootstrap:20180529","npm:braces:20180219","npm:mime:2...