[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • contracts/integrations/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @0x/asset-swapper

The new version differs by 172 commits.

• 4c3fbe8 Publish
• 7caa43d Updated CHANGELOGS & MD docs
• 3d4c03c Update asset-swapper to support MultiplexFeature ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #168)
• 22e1ed3 docs: Fix EIP712 hashing docs for limit and RFQ orders ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #173)
• dabe6fd add tx origin blacklist to RFQ options ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #169)
• 3cc639c MultiplexFeature and BatchFillNativeOrdersFeature ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #140)
• 22c8e0b Make the proposal/quorum thresholds updatable ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #165)
• f3ca429 feat: add proxy configuration to axios instance in RFQT asset-swapper ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #159)
• db3e076 update deps and publish gh action for prerelease support
• 1a67598 Mooniswap LP ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #143)
• 61c5e7b Publish
• 5fd78ef Updated CHANGELOGS & MD docs
• 14ff9b8 `@ 0x/asset-swapper`: Drop Y and BUSD curve pools ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #161)
• 598dc2c docs: update allowances blurb ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #160)
• 08e1c51 Publish
• 6f7a843 Updated CHANGELOGS & MD docs
• c9c9615 Fix contract merge conflict
• f986096 feat: opt-in positive slippage fee for integrators ([Snyk] Security upgrade @0x/utils from 5.6.4 to 7.0.0 #101)
• 5b8bbc3 fix: FQT in migrations ([Snyk] Security upgrade mocha from 6.2.3 to 9.2.2 #157)
• 49cb00a feat: DODO V2, Linkswap ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #152)
• 74b240f add exchange proxy overhead penalty to comparison price ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #156)
• 514f9d2 feat/alt RFQ MM implementation ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #139)
• fa78d10 feat: asset-swapper Fake Taker contract ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #151)
• 2973420 `@ 0x/asset-swapper`: special case BNB in uni v1 sampler ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #147)

See the full diff

Package name: @0x/utils

The new version differs by 196 commits.

• aad2bd4 Publish
• ae6753a Updated CHANGELOGS & MD docs
• 91344c0 Bump CirciCI to nodejs16 ([Snyk] Fix for 5 vulnerabilities #68)
• ae232fa Bump CI to node16
• b89d468 Cannot run installation against specific package ([Snyk] Fix for 5 vulnerabilities #67)
• e003034 fix: Update deps fix ([pull] development from 0xProject:development #65)
• 14e5370 empty
• 27955e3 chore: Update deps ([Snyk] Security upgrade moment from 2.21.0 to 2.29.4 #64)
• 7e7e6dc fix: Fix subprovider tests
• dbd0dc0 bump ts
• 094c081 Bump subprovider deps
• 3c0bb9e Update @ ethereumjs/common
• 9d28e7d Unpin merkle-patricia-tree
• b543924 Add repository to @ 0x/subproviders
• 0787b82 Publish
• c9009bd Updated CHANGELOGS & MD docs
• 136b9dd Merge pull request [Snyk] Security upgrade nyc from 11.9.0 to 14.0.0 #62 from 0xProject/fix/ethereum-types-linkReferences
• c44fb80 make compiler output artifact `linkReferences` optional (for 0.8)
• 41976dd Publish
• e7e2055 Updated CHANGELOGS & MD docs
• 33ae44c Update publish.yml
• 343b40d Merge pull request [Snyk] Security upgrade nyc from 11.9.0 to 14.0.0 #61 from 0xProject/fix/solc-compiler-0.8-support
• b80738e update sol-tracing-utils deps
• 7f28191 appease prettier

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.