Skip to content

[Snyk] Fix for 3 vulnerabilities#37

Closed
rapmd73 wants to merge 687 commits intomainfrom
snyk-fix-7a1244a77f3e836579e0590753df4d89
Closed

[Snyk] Fix for 3 vulnerabilities#37
rapmd73 wants to merge 687 commits intomainfrom
snyk-fix-7a1244a77f3e836579e0590753df4d89

Conversation

@rapmd73
Copy link
Copy Markdown
Owner

@rapmd73 rapmd73 commented Jun 20, 2025

snyk-top-banner

Snyk has created this PR to fix 3 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt
⚠️ Warning 
ccxt 4.4.90 requires aiohttp, which is not installed.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free
🦉 Open Redirect

rapmd73 added 30 commits December 10, 2022 20:02
@rapmd73
Bug fixes dealng with incomplete ticker data.
73206e8 
Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/Library/JRRccxt.py
@rapmd73
Some progress for margin accounts.
99692b8 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
	new file:   Base/Library/apiKucoin.py
	modified:   Extras/ListMarkets
@rapmd73
Margin accounts **MIGHT** be working. Needs **MUCH MORE TESTING**
93b9906 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
	modified:   Extras/Balances
@rapmd73
Removen diagnostics code
8966a23 
Changes to be committed:
	modified:   Extras/Balances
@rapmd73
API framework for Kucoin underway.
dd8cd0b 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	new file:   Extras/CodeProofs/Kucoin/KucoiDocs.txt
	new file:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
More progress on Kucoin API
f4490ac 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
More function addded to the Kucoin API.
fa20f46 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
More Kucoin API developement and bug fixes
de3d358 
Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
More kKucoin API work...
9816c1d 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
Still adding and testing on the Kucoin API.
c2b5a8c 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
@rapmd73
More Kucoin API work and established an Examples folder
cd404de 
Changes to be committed:
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
	new file:   Extras/Examples/orderbookMomentum
@rapmd73
More work on margin trading.
d9666f6 
More examples included.

Changes to be committed:
	modified:   Base/Library/JRRccxt.py
	modified:   Base/Library/apiKucoin.py
	modified:   Extras/CodeProofs/Kucoin/testKucoinAPI
	new file:   Extras/Examples/OandaTradingBot/LauncherOB
	new file:   Extras/Examples/OandaTradingBot/oandaBot
	modified:   Extras/Examples/orderbookMomentum
@rapmd73
Proper rate limiting is now up and running. Can handle large number o…
d7e54c3 
…f simultaneous API calls

and maintain order or them all.

Changes to be committed:
	modified:   Base/Library/JackrabbitRelay.py
@rapmd73
Discovered memory leak in Python 3.10.
8855812 
Changes to be committed:
	modified:   Base/JackrabbitLocker
@rapmd73
Changes to be committed:
131ddbc 
	modified:   Base/JackrabbitLocker
@rapmd73
Merge branch 'main' of github.com:rapmd73/JackrabbitRelay
844b115
@rapmd73
Oanda API can now easily switch between live and practice trading wit…
1c69418 
…h the Sandbox

element in the config file

Memory leak testing in Locker.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/Library/JRRoanda.py
@rapmd73
More work on memory leak issues in Locker.
8238f37 
More work on margins

Balances and ListMarkets now work properly with margin accounts.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/Library/JRRccxt.py
@rapmd73
Margin trading should hopefully work. Needs much ore testing.
51d2959 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
@rapmd73
Bug fixes, **WILL** require restart. Be sure you run UpdatePlaceOrder…
e2eda40 
… as well.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRccxt.py
	modified:   Base/OANDA-PlaceOrder
	modified:   Base/Orphan.ccxt
	modified:   Base/Orphan.oanda
@rapmd73
Removed diagnostic noise...
ec89080 
Changes to be committed:
	modified:   Base/Orphan.ccxt
@rapmd73
Remove undedded diagnostics code.
f56ddea 
Changes to be committed:
	modified:   Base/JackrabbitLocker
@rapmd73
Added a working OANDA bot example for both long and short positions. …
4b9e9f2 
…This is an unbound grid

bot.

Changes to be committed:
	new file:   Extras/Examples/OandaTradingBot/oandaBot.short
	renamed:    Extras/Examples/OandaTradingBot/oandaBot -> Extras/Examples/OandaTradingBot/oandaBot.long
	new file:   Extras/Examples/OandaTradingBot/LauncherOB.long
	new file:   Extras/Examples/OandaTradingBot/LauncherOB.short
	deleted:    Extras/Examples/OandaTradingBot/LauncherOB
@rapmd73
Diagnostics override for bybit market orders.
52eaf2d 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
@rapmd73
Removed diagnostics tracers.
9a98117 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
@rapmd73
Bug fix in GetPositions.
bc94f55 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
@rapmd73
Workaround formarket orders that require price.
edd0b49 
Changes to be committed:
	modified:   Base/Library/JRRccxt.py
@rapmd73
Added "NoLedger" for exchange configs that have errors with pulling l…
3f15c1c 
…edger entries.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.future
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/CCXT-PlaceOrder.spot
@rapmd73
Bug fixes
1491674 
Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Extras/Examples/OandaTradingBot/oandaBot.long
	modified:   Extras/Examples/OandaTradingBot/oandaBot.short
@rapmd73
Adjust framework for different market types. Swap markets are nowlist…
fc8b34a 
… as swap, not future

Adjust "MarketType" in config files to "Swap" and "Market" in orders to "Swap".

**IMPORTANT**: be sure to run UpdatePlaceOrder with ALL of your exchanges listed.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JackrabbitRelay.py
	modified:   UpdatePlaceOrder
rapmd73 and others added 28 commits September 16, 2024 13:44
@rapmd73
Alpha testing bug fixes...
8aac346 
Oanda ReduceBy bug fixed...

"Not enough balance" issues addressed.

Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/Library/JRRfix.py
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JRRoanda.py
	modified:   Base/Library/OliverTwist-ccxt.py
	modified:   Base/Library/OliverTwist-mimic.py
	modified:   Base/Library/OliverTwist-oanda.py
	modified:   Extras/OliverTwist/OliverTwistEquity
	modified:   Extras/OliverTwist/OliverTwistTrades
	modified:   Extras/OliverTwist/otcWatch
@rapmd73
Bug fixes and optimizations. The new OT ResizeLotSize is slowly commi…
5d61423 
…ng together...

Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/Library/OliverTwist-ccxt.py
	modified:   Base/Library/OliverTwist-mimic.py
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
Refinement, diagnostics, bug fixes.
34249c0 
Changes to be committed:
	modified:   Base/Library/OliverTwist-ccxt.py
	modified:   Base/Library/OliverTwist-mimic.py
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
Diagnostics...
a2f9560 
Changes to be committed:
	modified:   Extras/OliverTwist/OliverTwistEquity
	modified:   Extras/OliverTwist/OliverTwistTrades
@rapmd73
Removed some diagnostics code.
28b4008 
Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
@rapmd73
Merge https://github.com/rapmd73/JackrabbitRelay into alpha
1cf2356
@rapmd73
Fixed merge glitch.
ebd35b5 
Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
@rapmd73
Fixing more merge glitches...
9d0802b 
Changes to be committed:
	modified:   Extras/OliverTwist/OliverTwistEquity
@rapmd73
Variable convertion error. Was passing number, when should have been …
e098105 
…passing string.

Changes to be committed:
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
Bug fixes.
e9eb2c8 
Visual improvements in OliverTwist charting.

Changes to be committed:
	modified:   Base/Library/OliverTwist-oanda.py
	modified:   Extras/OliverTwist/OliverTwistEquity
	modified:   Extras/OliverTwist/OliverTwistTrades
@rapmd73
Bug fixes and code optimizations.
b371700 
Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JRRoanda.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
@rapmd73
Bug fix dealing with asset name that aren't exactly 6 characters. Its…
512879f 
… kludgy, but

works for now.

Changes to be committed:
	modified:   Extras/OliverTwist/OliverTwistTrades
@rapmd73
Bug with Binance not trading the proper amount is fixed.
ae04cdc 
Version update.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.spot
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRccxt.py
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Extras/CodeProofs/findMinCost
@rapmd73
Bug fixes and additinal diagnostics added.
e39a8f3 
Version update.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JRRsupport.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Extras/CodeProofs/readOHLCV
	new file:   Extras/OliverTwist/ot2gb
@rapmd73
Bug fixes in Mimic for a rare issue where a spot wallet would be left…
516b255 
… with

a negative balance.

Bug fix in OliverTwistEquity where the file name was not correct for
certain charts.

Code tuning in OliverTwist. Diagnostics added.

Version update.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/LauncherOliverTwist
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/Library/OliverTwist-oanda.py
	modified:   Extras/OliverTwist/OliverTwistEquity
@rapmd73
Bug fix that removed orders before sell confirmation.
adcfb93 
Version update.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
Bug fix in file detection of an OliverTwist index.
f0e573a 
Changes to be committed:
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
File checking bug fixed.
c9755da 
Changes to be committed:
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
This has been one of the more difficult bugs to track and trace. It is
b6d28db 
strictly related to Oanda and OliverTwist if tracking the presence of
existing orders. I think I finally killed it once and for all.

Version update.

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/Library/OliverTwist-oanda.py
@rapmd73
**IMPORTANT**: Read BEFORE update.
3f53d51 
**Virtual environment now REQUIRED!** Please be sure to read the wiki on setting up
the new virtual environment.

All scripts now use the new virtual environment.

Bug fixes and performance improvements to Locker (distrubuted lock manager).

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   StartJackrabbit
	modified:   UpdatePlaceOrder
	modified:   install
@rapmd73
Bug fix in spread limiting. Please be sure to run **UpdatePlaceOrder*…
127a6a0 
…* with ALL of

your exchanges/brokers.

Version update.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.future
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/CCXT-PlaceOrder.spot
	modified:   Base/CCXT-PlaceOrder.swap
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/OANDA-PlaceOrder
@rapmd73
**IMPORTANT**: run ./UpdatePlaceOrder for ALL of your exchanges/brokers.
94ca5c6 
Fixed bug in ticker spread rounding.

Fixed typos.

Version update.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.future
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/CCXT-PlaceOrder.swap
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRccxt.py
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Extras/CodeProofs/readTicker
@rapmd73
Bug fix in Mimic emulation of Binance for coins like Floki and Bonk (…
04b7007 
…Extremely

small price levels)

File testing bug fix in WalletReset for Mimic

Changes to be committed:
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/MIMIC-PlaceOrder
	modified:   Extras/Mimic/WalletReset
@rapmd73
Fixed bug in install that causes virtual environmant to break.
ebc7614 
Changes to be committed:
	modified:   install
@rapmd73
Bug fixes. Extraneous diagnostics removed.
4ad1cb1 
Be sure to run **./UpdatePlaceOrder** with your exchanges. While the bugs may be
small, there is an overall improvement is removing them.

Version update.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.future
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/CCXT-PlaceOrder.spot
	modified:   Base/CCXT-PlaceOrder.swap
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JRRsupport.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/Library/OliverTwist-ccxt.py
	modified:   Base/Library/OliverTwist-mimic.py
	modified:   Base/Library/OliverTwist-oanda.py
	modified:   Base/MIMIC-PlaceOrder
	modified:   Base/OANDA-PlaceOrder
	modified:   Base/PROXY-PlaceOrder
	modified:   CODE_OF_CONDUCT.md
	modified:   Extras/CodeProofs/MaxAsset
@rapmd73
Bug fixes with MaxAssets not being honored as it should be.
a28bee0 
You will need to update youe exchanges with ./UpdateplaceOrder.

Version updated.

Changes to be committed:
	modified:   Base/CCXT-PlaceOrder.future
	modified:   Base/CCXT-PlaceOrder.margin
	modified:   Base/CCXT-PlaceOrder.spot
	modified:   Base/CCXT-PlaceOrder.swap
	modified:   Base/JackrabbitLocker
	modified:   Base/JackrabbitOliverTwist
	modified:   Base/JackrabbitRelay
	modified:   Base/Library/JRRmimic.py
	modified:   Base/Library/JRRsupport.py
	modified:   Base/Library/JackrabbitProxy.py
	modified:   Base/Library/JackrabbitRelay.py
	modified:   Base/MIMIC-PlaceOrder
	modified:   Base/OANDA-PlaceOrder
	modified:   Base/PROXY-PlaceOrder
@rapmd73
Bug fixes
e702b57 
Changes to be committed:
	modified:   Base/JackrabbitOliverTwist
	modified:   requirements.txt
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
c3c5e85 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYCARES-10365309
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194
@rapmd73 rapmd73 closed this Sep 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rapmd73 @snyk-bot