[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JS-BSON-561052	No	No Known Exploit
	Insecure Randomness SNYK-JS-CRYPTOJS-548472	No	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	No	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

Commit messages

Package name: ccxt

The new version differs by 250 commits.

• 310d123 1.18.609
• 8e50b4d Merge branch 'frosty00-vendor-cryptojs' #4875 fix #5180
• 8ca3989 Merge branch 'vendor-cryptojs' of https://github.com/frosty00/ccxt into frosty00-vendor-cryptojs
• 325cbca 1.18.608
• ebdca74 removed a reference to node 'constants' from Node-RSA.js
• 4a02c13 oceanex py/php files
• 281c710 remove a reference to node 'constants' from node-rsa pkcs1.js
• dbc66b6 Update pkcs1.js
• 7a6c56d revert .travis.yml
• c2f5ce6 cleanup .travis.yml cache
• fbfa5dc 1.18.607
• ede89d7 bx.in.th minor edit
• e8b5e75 Merge branch 'master' of github.com:ccxt/ccxt
• 662ff7a 1.18.606
• 8ebd879 Merge pull request #5219 from npomfret/master
• a2b09c6 quotes in Exchange.js
• 31e92dd livecoin LEO → LeoCoin fix #5226
• f877a0a bx.in.th LEO → LeoCoin fix #5226
• 98a43f3 bittrex parseTransaction minor edit
• 79952d0 Update bittrex.js
• 2b7977f bittrex v3 hostname support
• 2e6c547 bittrex fetchClosedOrdersV3 cleanup
• eedc5c1 bittrex parseOrderV3 minor edits
• f5866ce bittrex v3 minor edits

See the full diff

Package name: mongodb

The new version differs by 171 commits.

• 79da11f 3.1.3
• 337cb79 feat(core): update to mongodb-core 3.1.2
• ff5fafc refactor(topology-base): `getServer` => `selectServer`
• b33fc74 3.1.2
• 78f6977 fix(mongo_client): translate options for connectWithUrl
• 36e92f1 fix(db_ops): call collection.find() with correct parameters (Fix binance product update DeviaVir/zenbot#1795)
• 759dd85 fix(buffer): replace deprecated Buffer constructor
• cb9d915 docs(connect): remove references to MongoClient.connect
• b8d2f1d fix(teardown): properly destroy a topology when initial connect fails
• 64027e8 refactor(export): expose CommandCursor
• 6ef85c4 refactor(export): expose AggregationCursor
• 13d776f fix(cursor): set readPreference for cursor.count
• a5d0f1d feat(deprecation): wrap deprecated functions
• 4f907a0 feat(deprecation): create deprecation function
• 666b8fa refactor(bulk): Unify bulk operations
• a0d84f6 test(evergreen): adding evergreen config to native driver
• b8471f1 fix(collection): isCapped returns false instead of undefined
• 86344f4 fix(collection): ensure findAndModify always use readPreference primary
• c25c519 test(countDocuments): full test coverage for countDocuments
• 25ca557 docs(contributing): fix link to HISTORY.md
• 4395110 chore(MongoClient): add missing legacy option name on warning message
• 297d843 docs(sessions): updating docs for sessions
• 15dc808 fix(db_ops): fix two incorrectly named variables
• fca1185 fix(count-documents): return callback on error case

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic