[Snyk] Upgrade snyk from 1.438.0 to 1.459.0

[DeviaVir]

Snyk has created this PR to upgrade snyk from 1.438.0 to 1.459.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 30 versions ahead of your current version.
• The recommended version was released a day ago, on 2021-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Command Injection SNYK-JS-LODASH-1040724	539/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	539/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: snyk

• 1.459.0 - 2021-02-22
  

  1.459.0 (2021-02-22)

  Bug Fixes

  • poetry fix to make sure dependency graph connections are built between pre-existing nodes (45a390a)
• 1.458.0 - 2021-02-19
  

  1.458.0 (2021-02-19)

  Features

  • Don't open browser auth if inside container (da53738)
• 1.457.0 - 2021-02-18
  

  1.457.0 (2021-02-18)

  Features

  • add init-script argument to CLI for gradle (859f71d)
• 1.456.0 - 2021-02-17
  

  1.456.0 (2021-02-17)

  Features

  • adds support for critical severity (cc8730e)
• 1.455.0 - 2021-02-15
  

  1.455.0 (2021-02-15)

  Features

  • drop Node 8 support (92645c5)
• 1.454.0 - 2021-02-12
  
  • feat: add Visual Studio as an official integration
• 1.453.0 - 2021-02-12
  

  Fixes

  • Replace lodash package with lodash subpackages
• 1.452.0 - 2021-02-11
  

  Includes fix to consider hyphens and underscores to be equivalent in package name comparisons in Poetry

• 1.451.0 - 2021-02-11
  

  Release Notes pending

• 1.450.0 - 2021-02-10
  

  Bumps the python plugin to include the following fixes for poetry:

  • Stop parser from trying to look up packages not propagated to the lockfile (wheel, distributed, pip, setuptools)
  • Stop parser from failing when failing to locate dependency in lockfile and instead log a warning. This could be because of python requirements allowing it in the manifest but not actually installing it and adding a lockfile entry or because of how Poetry treats the use of underscores and hyphens when installing packages
  • Reversed PR that introduced swapping underscores in manifest for hyphens in lockfile. This was due to a misunderstanding of how Poetry worked and is remediated by the above.
• 1.449.0 - 2021-02-10
• 1.448.0 - 2021-02-09
• 1.447.0 - 2021-02-08
• 1.446.0 - 2021-02-05
• 1.445.0 - 2021-02-04
• 1.444.0 - 2021-02-04
• 1.443.0 - 2021-02-04
• 1.442.0 - 2021-02-04
• 1.441.0 - 2021-02-04
• 1.440.5 - 2021-02-03
• 1.440.4 - 2021-02-01
• 1.440.3 - 2021-02-01
• 1.440.2 - 2021-02-01
• 1.440.1 - 2021-01-28
• 1.440.0 - 2021-01-28
• 1.439.4 - 2021-01-28
• 1.439.3 - 2021-01-27
• 1.439.2 - 2021-01-27
• 1.439.1 - 2021-01-25
• 1.439.0 - 2021-01-21
• 1.438.0 - 2021-01-20

from snyk GitHub release notes

Commit messages

Package name: snyk

• 9645a3e Merge pull request Update css-loader to the latest version 🚀 #1653 from snyk/fix/bump-python-plugin-version
• 45a390a fix: bump snyk-python-plugin
• 5391431 Merge pull request Major refactor + Typescript #1652 from snyk/smoke/fix-broken-test
• fbe3e64 test: iac test will run only in regression tests
• 629d571 test: fix broken test
• 3775fcd Merge pull request Zenbot kept buying at a high price and selling at a low price [CEXIO] #1648 from snyk/refactor/iac-test-documentation
• 9036298 refactor: improve iac test error messages & remove irrelevant tests
• 23a8655 Merge pull request Possible error in RSI strategy? #1645 from snyk/feat/docker-auth
• da53738 feat: Don't open browser auth if inside container
• eae7385 Merge pull request Revert "Update strategy.js" #1650 from snyk/chore/remove-dev-package-publish
• b91a33f chore: remove dev-release package publishing
• c508c1f Merge pull request Binance API cannot be used to trade. Error: binance {"code":-1021,"msg":"Timestamp for this request is outside of the recvWindow." #1647 from snyk/feat/init-script
• 859f71d feat: add init-script argument to CLI for gradle
• 787308d Merge pull request Minor code cleanup (eslint conform) #1627 from snyk/chore/update-critical-sev-colour
• a52dcae Merge pull request Balance command doesn't listen to selector input #1619 from snyk/chore/enhance-ci-job-parallelism
• 42e421c chore: additional formatting cleanup
• 96f619e chore: export function to map severity to color
• ea94dea chore: unified place for severity-to-color mapping
• cc8730e feat: adds support for critical severity
• edf422e Merge pull request Bittrex code cleanup #1566 from snyk/orfattal-cla-update
• fbf8d7d chore: rebase after Node 8 deprecation and update remote docker settings
• 7829fdc chore: replace `unix` with `linux`
• 6520555 chore: run tests suites in parallel
• a3b9001 Merge pull request chore(package): update eslint to version 5.0.1 #1639 from snyk/feat/drop-node-8-support

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.