[Snyk] Upgrade bybit-api from 4.2.1 to 4.3.1

[tiagosiebler]

Snyk has created this PR to upgrade bybit-api from 4.2.1 to 4.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.

• The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	524	Proof of Concept

Release notes

Package name: bybit-api

• 4.3.1 - 2025-09-12
  

  What's Changed

  • feat(v4.3.1): add new endpoints for limit price behavior and new delivery price by @ JJ-Cro in #485
  • feat(v4.3.1): add new endpoints for limit price behavior and new deli… by @ JJ-Cro in #489

  Full Changelog: v4.3.0...v4.3.1

• 4.3.0 - 2025-09-05
  

  Summary

  Disabled by default to prevent any breaking changes. Enable it by passing this boolean in the REST client constructor:

  const client = new RestClientV5({
    key: key,
    secret: secret,
    throwExceptions: true,
  });

  Any retCode !== 0 response will be thrown in full, if enabled.

  What's Changed

  • feat(#437): add config to throw REST API exceptions automatically by @ tiagosiebler in #483

  Full Changelog: v4.2.7...v4.3.0

• 4.2.7 - 2025-08-25
  

  What's Changed

  • feat(v4.2.7): force ws request batching into groups of max 500 topics per batch by @ tiagosiebler in #479

  Full Changelog: v4.2.6...v4.2.7

• 4.2.6 - 2025-08-25
  
  • Fixes deduping workflow introduced in previous release

  Full Changelog: v4.2.5...v4.2.6

• 4.2.5 - 2025-08-25
  

  What's Changed

  • fix(v4.2.5, #477): automatically dedupe topic requests if already subscribed by @ tiagosiebler in #478

  This provides convenience in calling the subscribe method, where it will only emit subscribe events to bybit for the topics that haven't been subscribed to yet, preventing the scenario in #477 (which will cause non-duplicate topic subs to fail)

  Full Changelog: v4.2.4...v4.2.5

• 4.2.4 - 2025-08-13
  

  What's Changed

  • feat(v4.2.4): add full support for RFQ endpoints by @ JJ-Cro in #474
  • feat(v4.2.4): add full support for RFQ endpoints by @ tiagosiebler in #475

  Full Changelog: v4.2.3...v4.2.4

• 4.2.3 - 2025-08-12
  

  What's Changed

  Transitioned the release workflow to a token-less trusted publisher workflow, for a more secure way to publish new releases to npm.

  Historic Changelog

  Note: these are since the last "release" / tag on GitHub.

  • Batch sub/unsubscribe to topics for spot v3 by @ tiagosiebler in #176
  • fix(shared/types): max_leverage typo by @ iam4x in #180
  • v3.1.0: fix typo in types (#180), fix tests, fix repeating subscribe/unsubscribe WS events to active connections by @ tiagosiebler in #182
  • missing unifiedPrivate in WS_AUTH_ON_CONNECT_KEYS by @ twxia in #183
  • chore(): fix changed test error code by @ tiagosiebler in #184
  • feat(#187, v3.1.2): add support for new orderCategory param for spotv3 by @ tiagosiebler in #188
  • v3.1.3: fix(#187) rare signature failure for spotv3 GET with parameters by @ tiagosiebler in #190
  • v3.2.0: Contract V3 REST & WebSocket Clients. Improve websocket reconnection resilience by @ tiagosiebler in #196
  • update tests for copy trading client by @ tiagosiebler in #197
  • v3.3.0: fix rare sign error when using cursors in private unified margin API calls. expand unified margin response types. expand tests. by @ tiagosiebler in #198
  • v3.3.1: fix(#199) wrong endpoint for contract.getOpenInterestLimitInfo by @ tiagosiebler in #201
  • missing api by @ JustMankus in #203
  • v3.3.2: feat(#203) add execution history list endpoint for linear by @ tiagosiebler in #204
  • new param Type for getHistoryTradeRecordsRequest. by @ JustMankus in #205
  • v3.3.4: fix optional param in contract client, add js/ts samples for contract client, fix e2e open interest limit test, update readme by @ tiagosiebler in #208
  • v3.3.5: fix typo in contract endpoint order request interfaces by @ tiagosiebler in #209
  • v3.3.6: add response type for contract ticker by @ tiagosiebler in #210
  • v3.3.7: fix nesting in contract list result type by @ tiagosiebler in #211
  • fix contract symbol ticker response typo by @ tiagosiebler in #212
  • v3.3.9: fix copy trading close order endpoint. add ws log for topic sub request. add example for rest copy closing. by @ tiagosiebler in #216
  • v3.3.10: fix(#220): correctly detecting usdc pairs for unified perp ws market by @ tiagosiebler in #221
  • Bump json5 from 2.1.3 to 2.2.3 by @ dependabot[bot] in #215
  • Bump loader-utils from 2.0.0 to 2.0.4 by @ dependabot[bot] in #200
  • v3.4.0: feat(#219) add support for account asset v3 REST endpoints by @ tiagosiebler in #223
  • string type error in createSubAPIKeyRequest by @ mlake in #225
  • v3.4.1: fix(#225) fix typos in account asset v3 client by @ tiagosiebler in #226
  • v3.4.2: fix() missing property from linear client set trading stop method by @ tiagosiebler in #229
  • v3.5.0: RestClientV5 with end-to-end tests by @ tiagosiebler in #224
  • v3.5.1: Support for V5 WebSockets by @ tiagosiebler in #230
  • v3.5.2: feat() add missing v5 internal deposit records endpoint. fix(#233) return type for v5 wallet balance endpoint, fix(#232) timestamp resolution for v5 fetch time endpoint by @ tiagosiebler in #234
  • fix(#240): fix sign error on parallel requests due to pointer mutation by @ tiagosiebler in #241
  • Support triggerPrice in ContractModifyOrderRequest by @ sangnv-ptit in #242
  • v3.5.4: feat(#242) add request param to contract replace order endpoint by @ tiagosiebler in #243
  • v3.5.5: fix() add missing wallet balance response type properties by @ tiagosiebler in #245
  • v3.5.6, feat(#249): add 10-per-event limiter to spot v5 subscriptions, chore(): enable trailing comma linting rule by @ tiagosiebler in #250
  • Add syncTimeBeforePrivateRequests option by @ Tindtily in #247
  • v3.5.7: feat(#247) add optional flag to sync time before every api call by @ tiagosiebler in #252
  • v3.5.8: feat() easier env-controlled HTTP traces. Add missing properties for asset v5 types. by @ tiagosiebler in #254
  • chore(): update tests for compatibility with new testing sub account by @ tiagosiebler in #262
  • #218 Returning a promise when subscribing to topic(s) by @ caiusCitiriga in #256
  • build(deps-dev): bump webpack from 5.13.0 to 5.76.0 by @ dependabot[bot] in #239
  • v3.6.0: feat(#218, #256) returning a promise when subscribing by @ tiagosiebler in #263
  • feat(): add copy trading ws topic example by @ tiagosiebler in #265
  • v3.7.0: add missing v5 endpoints, add new tpsl request/response v3 & v5 parameters, add rest api samples for docs by @ tiagosiebler in #267
  • v3.7.1: chore() naming consistency for interface, pass through logger for ws url getter by @ tiagosiebler in #273
  • v3.7.2: fix() response type for v5 open interest endpoint by @ tiagosiebler in #283
  • fix(#286): automatic type determination for instrument info by @ ThijMau in #287
  • v3.7.3: feat(#286) improved type flowing for instrument info v5 by @ tiagosiebler in #288
  • v3.7.4: feat(#251, #291) add optional endpoint rate limit parsing, add deprecation warnings for v1/v2 rest clients, improve v5 types, bump dependencies by @ tiagosiebler in #293
  • v3.7.5: fix() optional properties in AccountOrderV5 response interface by @ tiagosiebler in #294
  • v3.7.6: feat() update batch order types & categories by @ tiagosiebler in #295
  • feat(types): adds WSAccountOrderEventV5 & WSAccountOrderV5 interfaces by @ caiusCitiriga in #300
  • type fixing by @ t0chk in #302
  • Minor docs updates, add recv window for ws client by @ tiagosiebler in #304
  • v3.8.0: Safer WS timer cleanup & teardown, add proxy/rate limits example, docs... by @ tiagosiebler in #306
  • v3.8.1: feat() add type guard and type for ws orderbook events by @ tiagosiebler in #309
  • v3.8.2: feat(#310) add set collateral coin endpoints by @ tiagosiebler in #311
  • v3.9.0: Upgrades to dependencies (axios, node build version, typescript, jest, etc) by @ tiagosiebler in #312
  • v3.9.1: feat(user): add methods to delete submember by @ ThijMau in #314
  • v3.9.2: fix(#315) orderbook level type by @ tiagosiebler in #316
  • Add marketUnit optional property to OrderParamsV5 interface by @ will2022 in #317
  • v3.9.4: feat() update test & publish actions, update public ws example, disable test for deprecated endpoint by @ tiagosiebler in #318
  • v3.9.5: chore() add permissions needed for provenance generation by @ tiagosiebler in #319
  • v3.9.6: feat(#322) add nextPageCursor type via generic by @ tiagosiebler in