[Snyk] Security upgrade ccxt from 1.17.321 to 1.18.609 #25

snyk-bot · 2020-06-20T21:43:23Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Issue	Breaking Change	Exploit Maturity
Insecure Randomness SNYK-JS-CRYPTOJS-548472	No	No Known Exploit
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	No	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	No	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	No	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
Prototype Pollution npm:extend:20180424	No	No Known Exploit
Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

Commit messages

Package name: ccxt

The new version differs by 250 commits.

310d123 1.18.609
8e50b4d Merge branch 'frosty00-vendor-cryptojs' #4875 fix #5180
8ca3989 Merge branch 'vendor-cryptojs' of https://github.com/frosty00/ccxt into frosty00-vendor-cryptojs
325cbca 1.18.608
ebdca74 removed a reference to node 'constants' from Node-RSA.js
4a02c13 oceanex py/php files
281c710 remove a reference to node 'constants' from node-rsa pkcs1.js
dbc66b6 Update pkcs1.js
7a6c56d revert .travis.yml
c2f5ce6 cleanup .travis.yml cache
fbfa5dc 1.18.607
ede89d7 bx.in.th minor edit
e8b5e75 Merge branch 'master' of github.com:ccxt/ccxt
662ff7a 1.18.606
8ebd879 Merge pull request #5219 from npomfret/master
a2b09c6 quotes in Exchange.js
31e92dd livecoin LEO → LeoCoin fix #5226
f877a0a bx.in.th LEO → LeoCoin fix #5226
98a43f3 bittrex parseTransaction minor edit
79952d0 Update bittrex.js
2b7977f bittrex v3 hostname support
2e6c547 bittrex fetchClosedOrdersV3 cleanup
eedc5c1 bittrex parseOrderV3 minor edits
f5866ce bittrex v3 minor edits