@mojaloop/bulk-api-adapter 17.2.2 → 17.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.circleci/config.yml +1 -1
- package/.grype.yaml +93 -7
- package/.ncurc.yaml +2 -1
- package/.nvmrc +1 -1
- package/CHANGELOG.md +16 -0
- package/Dockerfile +1 -2
- package/package.json +31 -21
- package/{sbom-v17.2.1.csv → sbom-v17.2.3.csv} +1281 -1282
- package/src/handlers/notification/index.js +28 -1
- package/src/lib/healthCheck/subServiceHealth.js +14 -3
- package/test/unit/health.test.js +4 -4
package/.circleci/config.yml
CHANGED
package/.grype.yaml
CHANGED
|
@@ -1,14 +1,100 @@
|
|
|
1
1
|
disabled: false
|
|
2
|
-
|
|
3
2
|
ignore:
|
|
3
|
+
# --- Existing ignores ---
|
|
4
|
+
- vulnerability: GHSA-5j98-mcp5-4vw2
|
|
5
|
+
include-aliases: true
|
|
6
|
+
reason: >-
|
|
7
|
+
glob 10.4.5 is bundled in base image npm (/usr/local/lib/node_modules/npm/), not in application code. App uses
|
|
8
|
+
glob 10.5.0.
|
|
9
|
+
- vulnerability: CVE-2025-60876
|
|
10
|
+
include-aliases: true
|
|
11
|
+
reason: "Alpine base image package (apk): busybox - no npm fix available as of 2026-02-06 (moderate severity)"
|
|
4
12
|
|
|
5
|
-
#
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
13
|
+
# --- Base image npm packages (bundled in /usr/local/lib/node_modules/npm/) ---
|
|
14
|
+
- vulnerability: GHSA-34x7-hfp2-rc4v
|
|
15
|
+
include-aliases: true
|
|
16
|
+
reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
|
|
17
|
+
- vulnerability: GHSA-8qq5-rm4j-mr97
|
|
18
|
+
include-aliases: true
|
|
19
|
+
reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
|
|
20
|
+
- vulnerability: GHSA-r6q2-hw4h-h46w
|
|
21
|
+
include-aliases: true
|
|
22
|
+
reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
|
|
23
|
+
- vulnerability: GHSA-73rr-hh4g-fpgx
|
|
24
|
+
include-aliases: true
|
|
25
|
+
reason: "Base image npm package: diff 5.2.0 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10 (low severity)"
|
|
26
|
+
- vulnerability: GHSA-3966-f6p6-2qr9
|
|
27
|
+
include-aliases: true
|
|
28
|
+
reason: "Base image npm package: npm 10.9.4 - bundled in Node.js base image, not fixable via application dependencies as of 2026-02-10"
|
|
29
|
+
- vulnerability: GHSA-g9mf-h72j-4rw9
|
|
30
|
+
include-aliases: true
|
|
31
|
+
reason: "Base image npm package: undici - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
|
|
32
|
+
- vulnerability: GHSA-xxjr-mmjv-4gpg
|
|
33
|
+
include-aliases: true
|
|
34
|
+
reason: "Base image npm package: lodash-es 4.17.21 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
|
|
35
|
+
|
|
36
|
+
# --- Alpine base image packages (apk) - libcrypto3/libssl3 ---
|
|
37
|
+
- vulnerability: CVE-2025-15467
|
|
38
|
+
include-aliases: true
|
|
39
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (critical severity)"
|
|
40
|
+
- vulnerability: CVE-2025-69420
|
|
41
|
+
include-aliases: true
|
|
42
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (high severity)"
|
|
43
|
+
- vulnerability: CVE-2025-69421
|
|
44
|
+
include-aliases: true
|
|
45
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (high severity)"
|
|
46
|
+
- vulnerability: CVE-2025-69419
|
|
47
|
+
include-aliases: true
|
|
48
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (high severity)"
|
|
49
|
+
- vulnerability: CVE-2026-22796
|
|
50
|
+
include-aliases: true
|
|
51
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
52
|
+
- vulnerability: CVE-2025-66199
|
|
53
|
+
include-aliases: true
|
|
54
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
55
|
+
- vulnerability: CVE-2025-15468
|
|
56
|
+
include-aliases: true
|
|
57
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
58
|
+
- vulnerability: CVE-2026-22795
|
|
59
|
+
include-aliases: true
|
|
60
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
61
|
+
- vulnerability: CVE-2025-68160
|
|
62
|
+
include-aliases: true
|
|
63
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
64
|
+
- vulnerability: CVE-2025-11187
|
|
65
|
+
include-aliases: true
|
|
66
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
67
|
+
- vulnerability: CVE-2025-15469
|
|
68
|
+
include-aliases: true
|
|
69
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
70
|
+
- vulnerability: CVE-2025-69418
|
|
71
|
+
include-aliases: true
|
|
72
|
+
reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
|
|
9
73
|
|
|
10
|
-
#
|
|
74
|
+
# --- Node.js binary vulnerabilities ---
|
|
75
|
+
- vulnerability: CVE-2025-55130
|
|
76
|
+
include-aliases: true
|
|
77
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (critical severity)"
|
|
78
|
+
- vulnerability: CVE-2025-59465
|
|
79
|
+
include-aliases: true
|
|
80
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (high severity)"
|
|
81
|
+
- vulnerability: CVE-2026-21637
|
|
82
|
+
include-aliases: true
|
|
83
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (high severity)"
|
|
84
|
+
- vulnerability: CVE-2025-55131
|
|
85
|
+
include-aliases: true
|
|
86
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (high severity)"
|
|
87
|
+
- vulnerability: CVE-2025-59466
|
|
88
|
+
include-aliases: true
|
|
89
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (high severity)"
|
|
90
|
+
- vulnerability: CVE-2025-55132
|
|
91
|
+
include-aliases: true
|
|
92
|
+
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (medium severity)"
|
|
93
|
+
|
|
94
|
+
output:
|
|
95
|
+
- table
|
|
96
|
+
- json
|
|
11
97
|
search:
|
|
12
|
-
scope:
|
|
98
|
+
scope: squashed
|
|
13
99
|
quiet: false
|
|
14
100
|
check-for-app-update: false
|
package/.ncurc.yaml
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
## Add a TODO comment indicating the reason for each rejected dependency upgrade added to this list, and what should be done to resolve it (i.e. handle it through a story, etc).
|
|
2
2
|
reject: [
|
|
3
3
|
# Issues created to resolve this: https://github.com/mojaloop/project/issues/3260
|
|
4
|
-
"@mojaloop/central-services-shared"
|
|
4
|
+
"@mojaloop/central-services-shared",
|
|
5
|
+
"joi" # The latest hapi-swagger (17.3.2) still requires joi@17.x - there's no version supporting joi 18.
|
|
5
6
|
]
|
package/.nvmrc
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
22.
|
|
1
|
+
22.21.1
|
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,22 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
### [17.2.4](https://github.com/mojaloop/bulk-api-adapter/compare/v17.2.3...v17.2.4) (2026-02-12)
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
### Chore
|
|
9
|
+
|
|
10
|
+
* **ci:** update CircleCI orb to 1.1.10 ([#142](https://github.com/mojaloop/bulk-api-adapter/issues/142)) ([f1cb17f](https://github.com/mojaloop/bulk-api-adapter/commit/f1cb17f9d3e12fd959ab1bbfb3ac35fd7723516a))
|
|
11
|
+
* **sbom:** update sbom [skip ci] ([20fda9b](https://github.com/mojaloop/bulk-api-adapter/commit/20fda9b327b40e890550a7f3a917ed46b041fed0))
|
|
12
|
+
|
|
13
|
+
### [17.2.3](https://github.com/mojaloop/bulk-api-adapter/compare/v17.2.2...v17.2.3) (2025-12-16)
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
### Chore
|
|
17
|
+
|
|
18
|
+
* **ci:** update CircleCI orb to 1.1.9 ([#138](https://github.com/mojaloop/bulk-api-adapter/issues/138)) ([322cf69](https://github.com/mojaloop/bulk-api-adapter/commit/322cf69b2cbfb7e3a60dbd4d37c155cc205df0d3))
|
|
19
|
+
* **sbom:** update sbom [skip ci] ([2e69ccc](https://github.com/mojaloop/bulk-api-adapter/commit/2e69ccc13704b55dac171d5717eb28800a8fa72a))
|
|
20
|
+
|
|
5
21
|
### [17.2.2](https://github.com/mojaloop/bulk-api-adapter/compare/v17.2.1...v17.2.2) (2025-07-27)
|
|
6
22
|
|
|
7
23
|
|
package/Dockerfile
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mojaloop/bulk-api-adapter",
|
|
3
|
-
"version": "17.2.
|
|
3
|
+
"version": "17.2.4",
|
|
4
4
|
"description": "Mojaloop Bulk API Adapter",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "ModusBox",
|
|
@@ -67,27 +67,27 @@
|
|
|
67
67
|
"@hapi/catbox": "12.1.1",
|
|
68
68
|
"@hapi/catbox-memory": "6.0.2",
|
|
69
69
|
"@hapi/good": "9.0.1",
|
|
70
|
-
"@hapi/hapi": "21.4.
|
|
70
|
+
"@hapi/hapi": "21.4.4",
|
|
71
71
|
"@hapi/inert": "7.1.0",
|
|
72
72
|
"@hapi/vision": "7.0.3",
|
|
73
|
-
"@mojaloop/central-services-error-handling": "13.1.
|
|
74
|
-
"@mojaloop/central-services-health": "15.1
|
|
75
|
-
"@mojaloop/central-services-logger": "11.
|
|
76
|
-
"@mojaloop/central-services-metrics": "12.
|
|
73
|
+
"@mojaloop/central-services-error-handling": "13.1.5",
|
|
74
|
+
"@mojaloop/central-services-health": "15.2.1",
|
|
75
|
+
"@mojaloop/central-services-logger": "11.10.3",
|
|
76
|
+
"@mojaloop/central-services-metrics": "12.8.3",
|
|
77
77
|
"@mojaloop/central-services-shared": "^18.26.2",
|
|
78
|
-
"@mojaloop/central-services-stream": "11.
|
|
79
|
-
"@mojaloop/event-sdk": "14.
|
|
80
|
-
"@mojaloop/object-store-lib": "12.
|
|
81
|
-
"@mojaloop/sdk-standard-components": "19.
|
|
78
|
+
"@mojaloop/central-services-stream": "11.9.0",
|
|
79
|
+
"@mojaloop/event-sdk": "14.8.2",
|
|
80
|
+
"@mojaloop/object-store-lib": "12.2.2",
|
|
81
|
+
"@mojaloop/sdk-standard-components": "19.18.7",
|
|
82
82
|
"@now-ims/hapi-now-auth": "2.1.0",
|
|
83
|
-
"axios": "1.
|
|
83
|
+
"axios": "1.13.5",
|
|
84
84
|
"blipp": "4.0.2",
|
|
85
|
-
"commander": "14.0.
|
|
85
|
+
"commander": "14.0.3",
|
|
86
86
|
"hapi-auth-bearer-token": "8.0.0",
|
|
87
87
|
"hapi-openapi": "3.0.0",
|
|
88
88
|
"hapi-swagger": "17.3.2",
|
|
89
|
-
"immutable": "5.1.
|
|
90
|
-
"joi": "
|
|
89
|
+
"immutable": "5.1.4",
|
|
90
|
+
"joi": "17.13.3",
|
|
91
91
|
"mongo-uri-builder": "^4.0.0",
|
|
92
92
|
"mustache": "4.2.0",
|
|
93
93
|
"parse-strings-in-object": "2.0.0",
|
|
@@ -103,7 +103,7 @@
|
|
|
103
103
|
"nanoid": "^3.3.8"
|
|
104
104
|
},
|
|
105
105
|
"swagmock": {
|
|
106
|
-
"validator": "13.
|
|
106
|
+
"validator": "13.15.22"
|
|
107
107
|
},
|
|
108
108
|
"shins": {
|
|
109
109
|
"ajv": "6.12.3",
|
|
@@ -111,7 +111,7 @@
|
|
|
111
111
|
"path-to-regexp": "0.1.12",
|
|
112
112
|
"sanitize-html": "2.12.1",
|
|
113
113
|
"markdown-it": "12.3.2",
|
|
114
|
-
"undici": "6.
|
|
114
|
+
"undici": "6.23.0"
|
|
115
115
|
},
|
|
116
116
|
"widdershins": {
|
|
117
117
|
"swagger2openapi": "7.0.8",
|
|
@@ -124,18 +124,28 @@
|
|
|
124
124
|
"jsonpointer": "5.0.0",
|
|
125
125
|
"cross-spawn": "7.0.6",
|
|
126
126
|
"trim": "0.0.3",
|
|
127
|
-
"yargs-parser": "21.1.1"
|
|
127
|
+
"yargs-parser": "21.1.1",
|
|
128
|
+
"validator": "13.15.22",
|
|
129
|
+
"js-yaml": "3.14.2",
|
|
130
|
+
"jws": "4.0.1",
|
|
131
|
+
"fast-xml-parser": "5.3.4",
|
|
132
|
+
"qs": "6.14.1",
|
|
133
|
+
"undici": "6.23.0",
|
|
134
|
+
"axios": "1.13.5",
|
|
135
|
+
"lodash": "4.17.23",
|
|
136
|
+
"lodash-es": "4.17.23",
|
|
137
|
+
"diff": "8.0.3"
|
|
128
138
|
},
|
|
129
139
|
"devDependencies": {
|
|
130
140
|
"audit-ci": "^7.1.0",
|
|
131
|
-
"nodemon": "3.1.
|
|
132
|
-
"npm-check-updates": "
|
|
141
|
+
"nodemon": "3.1.11",
|
|
142
|
+
"npm-check-updates": "19.3.2",
|
|
133
143
|
"nyc": "17.1.0",
|
|
134
144
|
"pre-commit": "1.2.2",
|
|
135
145
|
"proxyquire": "2.1.3",
|
|
136
146
|
"replace": "^1.2.2",
|
|
137
|
-
"rewire": "9.0.
|
|
138
|
-
"sinon": "21.0.
|
|
147
|
+
"rewire": "9.0.1",
|
|
148
|
+
"sinon": "21.0.1",
|
|
139
149
|
"standard": "17.1.2",
|
|
140
150
|
"standard-version": "^9.5.0",
|
|
141
151
|
"swagmock": "1.0.0",
|