Skip to content

build(deps): bump the npm_and_yarn group across 2 directories with 2 updates#3

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-7a095ccb78
Open

build(deps): bump the npm_and_yarn group across 2 directories with 2 updates#3
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-7a095ccb78

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2024
edited
Loading

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 2 updates in the / directory: ws and braces.
Bumps the npm_and_yarn group with 2 updates in the /examples/ts/nextjs-page-router directory: ws and braces.

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

Updates ws from 8.14.2 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump the npm_and_yarn group across 2 directories with 2 …
829f02c 
…updates

Bumps the npm_and_yarn group with 2 updates in the / directory: [ws](https://github.com/websockets/ws) and [braces](https://github.com/micromatch/braces).
Bumps the npm_and_yarn group with 2 updates in the /examples/ts/nextjs-page-router directory: [ws](https://github.com/websockets/ws) and [braces](https://github.com/micromatch/braces).


Updates `ws` from 8.16.0 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.16.0...8.17.1)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `ws` from 8.14.2 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.16.0...8.17.1)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 18, 2024
@dependabot dependabot Bot mentioned this pull request Jun 18, 2024
Closed
mohammadanaraki pushed a commit that referenced this pull request Aug 25, 2025
@carlosmiei @theonejm-fb
@BrunoNeville31 @bsoares @matheus-alcuri-foxbit
feat: add FoxBit (ccxt#26477)
f427837 
* Foxbit's CCXT integration (#3)

* Fixed foxbit in ts

* Fixed async functions ccxt

* Endpoint privates

* add endpoints

* Fixed currencies and markets

* Fixed timeframe

* Fixed call test foxbit

* Fixed new endpoints

* Fixed new endpoint

* Fixed endpoint Orderbook

* feat: add adjustments to tickers on fetchTicker and fetchTickers methods

* feat: create fetchOHLCV method

* feat: add integrations to fetchTrades and fetchBalance (private route)

* feat: add fetchOrder and fetchOrders

* feat: add cancelOrder

* feat: add fetchOpenOrders and fetchClosedOrders

* feat: enhance/fix fetchMyTrades

* feat: add fetchDepositAddress

* feat: add fetchDeposits

* feat: add fetchWithdrawals and fetchTransactions

* enhance: add more information to fetchCurrencies

* enhance: add more information to fetchMarkets

* fix: remove url encode from signature query string

* chore: remove resolved TODOs

* chore: remove non-sense TODO

* feat: remove unused clause

* feat: add tests to fetchTicker and fetchTickers

* fix: remove fetchCurrencies test

* feat: add tests to fetchOrderBook

* fix: remove huge response mocks

* feat: add OHLCV tests + fix

* feat: add fetchTrades tests + fix

* feat: add createOrder tests + fix on stop market

* feat: add cancelOrders tests

* feat: create fetchOrder tests

* feat: add fetchOrders tests

* feat: add fetchOpenOrders tests

* feat: add fetchClosedOrders tests

* feat: add fetchMyTrades tests

* feat: add fetchDeposits tests

* feat: add fetchWithdrawals tests

* feat: add fetchTransactions tests

* feat: add fetchDepositAddress tests

* feat: add cancelAllOrders method

* chore: organize has fields on config

* feat: remove fixed markets and currencies

* feat: add status route

* feat: add editOrder method

* feat: add withdraw route

* fix: sign only private requests

* feat: add docstrings

* fix: imports

* feat: add rate limit informations

* fix: build

* fix: remove consoles and change string type

* feat: add ws false

* fix: remove pro and certified options

* fix: remove foxbit from imports on ccxt.ts

* fix: very funny bug with a "Client" on docstring crashing the transpile

* feat: add currencies and markets statics

* feat: add networks to currencies route

* fix: all tests to pass

* feat: add post_only field

* fix: status call and remove comment

* fix: use milisseconds instead of now

* fix: remove object keys from array

* fix: hmac encode

* fix: parseOHLCV method

* fix: parse params to string to concatenate

* fix: tick size and logic to validate order type

* fix: details on ts implementation due wrong translation

* feat: add fetchTradingFees and fetchLedger methods

* fix: EOF

* fix: EOF

* fix: remove all safeValue references

* feat: add error handlers

* fix: precisionMode

* fix: tests

* fix: tests on python async

* feat: add missing static request tests

* fix: change indent size to 4

* feat: remove nested method calls

* feat: add many response tests to foxbit (missing 8)

* feat: finish all response tests

* fix: use parsed data instead of response.data directly

* feat: add type to fetchDepositAddress

* fix: new tests

* fix: new tests

* fix: new tests

* enhance: use parseMarkets instead of direct market parsing

* feat: move docs upwards

* fix: PHP transpile

* fix: PHP transpile

* fix: PHP transpile

* fix: PHP transpile

* fix: PHP transpile

* fix: PHP transpile

* fix: tests on ccxt

* fix: update input for order request tests

* fix: change direct claculation to use Precise

* fix: remove test mock

* feat: add safeTimeframe to avoid null

* feat: add maker/taker fees to markets structure

* feat: add features into foxbit's config

* feat: add features details on comments

* fix: remove empty line

* fix: remove comment at wrong place

* fix: logic with depth, to avoid passing null

* fix: return default limit to 20

* feat: map new order status PENDING_CANCEL

* feat: add sandbox mode, add more methods on has and add fields to parseOrder

* fix: tests

* fix: remove ternary (python transpile problem)

* fix: remove sandbox mode

* feat: add post-only orders support by time-in-force param

* fix: change createOrder received params + enhance order parsing to consider more fields

* fix: foxbit request static tests

* fix: foxbit's response tests

* feat: enhance networks mapping + withdrawal network support + use safe currencies structure

* feat: add createOrders method (create multiple orders in batch)

* fix: use safe methods instead of accessing params directly on createOrders

* fix: network code param on deposit address generation

* fix: send unified network on fetchDepositAddress

* fix: tests

---------

Co-authored-by: brunoneville31 <brunoneville31@gmail.com>

* Adding new currencies field 'type' (#5)

* trigger dummy change

* add test

* cr fixes

* add market

* use marketId instead

* add virtual method

* fix response tests

* add method to itnerface

* rm all safeFloat

* other fixes

---------

Co-authored-by: Theo Nejm <117743440+theonejm-fb@users.noreply.github.com>
Co-authored-by: brunoneville31 <brunoneville31@gmail.com>
Co-authored-by: Bruno Soares <github@bsoares.com>
Co-authored-by: matheus-alcuri-foxbit <109529128+matheus-alcuri-foxbit@users.noreply.github.com>
mohammadanaraki pushed a commit that referenced this pull request Aug 25, 2025
@carlosmiei @gaoyuan-hibachi-xyz
@vincent-hibachi-xyz @yang-hibachi-xyz
feat: add Hibachi exchange (ccxt#26550)
37bb4d6 
* add hibachi

* Implement fetchCurrencies (#2)

* fetchCurrencies

* fix typo

* fetchBalance (#3)

* Implement `fetchTicker` (#5)

* impl

* pass market as param

* whitespace

* change to string

* [ENG-5178] Public - Market Data - fetchTrades (#4)

* save

* save

* Update hibachi.ts

* create and cancel order (#7)

* editOrder (#10)

* improve signature (#11)

* Implement `fetchOrderBook` (#9)

* wip

* impl

* example

* fix

* include ts

* camelCase

* withdraw (#12)

* Implement `fetchTradingFees` (#13)

* impl

* forgot to push

* boolean change

* simplify trading fees logic

* Revert "simplify trading fees logic"

This reverts commit 027b019.

* change hardcoded fees

* Revert "change hardcoded fees"

This reverts commit d82c7ab.

* Support signature for exchange managed account (#14)

* Support exchange managed account

* Implement `fetchTradingFees` (#13)

* impl

* forgot to push

* boolean change

* simplify trading fees logic

* Revert "simplify trading fees logic"

This reverts commit 027b019.

* change hardcoded fees

* Revert "change hardcoded fees"

This reverts commit d82c7ab.

---------

Co-authored-by: vincent-hibachi-xyz <vincent@hibachi.xyz>

* fetchMyTrades (#15)

* Implement `fetchDepositAddress` (#16)

* impl

* change network + currency codes

* add note for deposit address

* add required credentials check

* [Eng-5154] implement fetch ohlcv (#8)

* draft

* fix

* Update hibachi-example.ts

* Delete examples/js/hibachi-example.js

* address comment

* Update hibachi.ts

* address comment

* Implement fetchLedger (#19)

* fetchLedger

* update examples

* Yang/eng 5185 private history fetch order (#18)

* Update hibachi.ts

* Update hibachi.ts

* fix

* save

* Update hibachi.ts

* Update hibachi.ts

* Update hibachi-example.ts

* Update hibachi.ts

* error handling and settings (#21)

* Implement `fetchOpenOrders` (#17)

* wip

* abstract

* impl

* whitespace fix

* make symbol optional in documentaiton

* add trigger price

* advanced order (#22)

* changebase fee (#23)

* Implement `fetchDeposits` and `fetchWithdrawals` (#20)

* wip

* impl

* add safeCurrency

* change type to list

* transaction parsing

* typo

* fixes

* add extend param

* add transaction type deposit and withdrawal

* fix unit tests

* address feedback (#24)

* add tests and some small fixes

* add logo

* add ref

* add fetchPositions test

* fetchTime

* fetchOpenInterest

* fix typo

* fetchFundingRate

* fetchFundingRateHistory

* cancelAllOrders

* cancelOrders

* createOrders

* editOrders

* rename

* update accountId

* fix return type

* skip keys

* fix c# header problem

* skip some c# tests

* fix response tests

* add accountId

* update intTobase16

* fix c# tests

* update import

* tmp disable go test

* try encode

* fix several issues

* fix padStart issue

* fix php

* skip test

* add info key

---------

Co-authored-by: Gaoyuan Chen <gaoyuan@hibachi.xyz>
Co-authored-by: gaoyuan-hibachi-xyz <158541870+gaoyuan-hibachi-xyz@users.noreply.github.com>
Co-authored-by: vincent-hibachi-xyz <vincent@hibachi.xyz>
Co-authored-by: yang-hibachi-xyz <yang@hibachi.xyz>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants