@mojaloop/bulk-api-adapter 17.2.5 → 17.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/.circleci/config.yml +1 -1
  2. package/.grype.yaml +38 -15
  3. package/CHANGELOG.md +8 -0
  4. package/audit-ci.jsonc +1 -3
  5. package/package.json +12 -11
  6. package/{sbom-v17.2.4.csv → sbom-v17.2.5.csv} +239 -321
package/.circleci/config.yml CHANGED
@@ -1,7 +1,7 @@
1
1
  version: 2.1
2
2
  setup: true
3
3
  orbs:
4
- build: mojaloop/build@1.1.10
4
+ build: mojaloop/build@1.1.16
5
5
  workflows:
6
6
  setup:
7
7
  jobs:
package/.grype.yaml CHANGED
@@ -1,6 +1,6 @@
1
1
  disabled: false
2
+ scan-type: source
2
3
  ignore:
3
- # --- Existing ignores ---
4
4
  - vulnerability: GHSA-5j98-mcp5-4vw2
5
5
  include-aliases: true
6
6
  reason: >-
@@ -9,31 +9,41 @@ ignore:
9
9
  - vulnerability: CVE-2025-60876
10
10
  include-aliases: true
11
11
  reason: "Alpine base image package (apk): busybox - no npm fix available as of 2026-02-06 (moderate severity)"
12
-
13
- # --- Base image npm packages (bundled in /usr/local/lib/node_modules/npm/) ---
14
12
  - vulnerability: GHSA-34x7-hfp2-rc4v
15
13
  include-aliases: true
16
- reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
14
+ reason: >-
15
+ Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application
16
+ dependencies as of 2026-02-10
17
17
  - vulnerability: GHSA-8qq5-rm4j-mr97
18
18
  include-aliases: true
19
- reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
19
+ reason: >-
20
+ Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application
21
+ dependencies as of 2026-02-10
20
22
  - vulnerability: GHSA-r6q2-hw4h-h46w
21
23
  include-aliases: true
22
- reason: "Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
24
+ reason: >-
25
+ Base image npm package: tar 6.2.1/7.4.3 - bundled in Node.js base image npm, not fixable via application
26
+ dependencies as of 2026-02-10
23
27
  - vulnerability: GHSA-73rr-hh4g-fpgx
24
28
  include-aliases: true
25
- reason: "Base image npm package: diff 5.2.0 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10 (low severity)"
29
+ reason: >-
30
+ Base image npm package: diff 5.2.0 - bundled in Node.js base image npm, not fixable via application dependencies
31
+ as of 2026-02-10 (low severity)
26
32
  - vulnerability: GHSA-3966-f6p6-2qr9
27
33
  include-aliases: true
28
- reason: "Base image npm package: npm 10.9.4 - bundled in Node.js base image, not fixable via application dependencies as of 2026-02-10"
34
+ reason: >-
35
+ Base image npm package: npm 10.9.4 - bundled in Node.js base image, not fixable via application dependencies as of
36
+ 2026-02-10
29
37
  - vulnerability: GHSA-g9mf-h72j-4rw9
30
38
  include-aliases: true
31
- reason: "Base image npm package: undici - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
39
+ reason: >-
40
+ Base image npm package: undici - bundled in Node.js base image npm, not fixable via application dependencies as of
41
+ 2026-02-10
32
42
  - vulnerability: GHSA-xxjr-mmjv-4gpg
33
43
  include-aliases: true
34
- reason: "Base image npm package: lodash-es 4.17.21 - bundled in Node.js base image npm, not fixable via application dependencies as of 2026-02-10"
35
-
36
- # --- Alpine base image packages (apk) - libcrypto3/libssl3 ---
44
+ reason: >-
45
+ Base image npm package: lodash-es 4.17.21 - bundled in Node.js base image npm, not fixable via application
46
+ dependencies as of 2026-02-10
37
47
  - vulnerability: CVE-2025-15467
38
48
  include-aliases: true
39
49
  reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (critical severity)"
@@ -70,8 +80,6 @@ ignore:
70
80
  - vulnerability: CVE-2025-69418
71
81
  include-aliases: true
72
82
  reason: "Alpine base image package (apk): libcrypto3/libssl3 - no npm fix available as of 2026-02-10 (medium severity)"
73
-
74
- # --- Node.js binary vulnerabilities ---
75
83
  - vulnerability: CVE-2025-55130
76
84
  include-aliases: true
77
85
  reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (critical severity)"
@@ -90,7 +98,22 @@ ignore:
90
98
  - vulnerability: CVE-2025-55132
91
99
  include-aliases: true
92
100
  reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-10 (medium severity)"
93
-
101
+ - vulnerability: GHSA-3ppc-4f35-3m26
102
+ include-aliases: true
103
+ reason: >-
104
+ Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
105
+ 2026-02-23 (high severity)
106
+ - vulnerability: GHSA-83g3-92jg-28cx
107
+ include-aliases: true
108
+ reason: >-
109
+ Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
110
+ 2026-02-23 (high severity)
111
+ - vulnerability: CVE-2026-27171
112
+ include-aliases: true
113
+ reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
114
+ - vulnerability: GHSA-2g4f-4pwh-qvx6
115
+ include-aliases: true
116
+ reason: "Unfixable npm transitive vulnerability: ajv (moderate severity) as of 2026-02-23"
94
117
  output:
95
118
  - table
96
119
  - json
package/CHANGELOG.md CHANGED
@@ -2,6 +2,14 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
+ ### [17.2.6](https://github.com/mojaloop/bulk-api-adapter/compare/v17.2.5...v17.2.6) (2026-02-26)
6
+
7
+
8
+ ### Chore
9
+
10
+ * maintenance updates ([#145](https://github.com/mojaloop/bulk-api-adapter/issues/145)) ([8813af4](https://github.com/mojaloop/bulk-api-adapter/commit/8813af4ccc5ed444df3624a85569ad3c8950946d))
11
+ * **sbom:** update sbom [skip ci] ([2f97d59](https://github.com/mojaloop/bulk-api-adapter/commit/2f97d5943c4b1243978da6156d3ea42e82bac826))
12
+
5
13
  ### [17.2.5](https://github.com/mojaloop/bulk-api-adapter/compare/v17.2.4...v17.2.5) (2026-02-19)
6
14
 
7
15
 
package/audit-ci.jsonc CHANGED
@@ -1,11 +1,9 @@
1
1
  {
2
2
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
3
3
  // audit-ci supports reading JSON, JSONC, and JSON5 config files.
4
- // Only check production dependencies (devDependencies ignored)
5
- "skip-dev": true,
6
4
  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
7
5
  "moderate": true,
8
6
  "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
9
- "GHSA-3ppc-4f35-3m26"
7
+ "GHSA-2g4f-4pwh-qvx6"
10
8
  ]
11
9
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mojaloop/bulk-api-adapter",
3
- "version": "17.2.5",
3
+ "version": "17.2.6",
4
4
  "description": "Mojaloop Bulk API Adapter",
5
5
  "license": "Apache-2.0",
6
6
  "author": "ModusBox",
@@ -65,7 +65,7 @@
65
65
  "@hapi/catbox": "12.1.1",
66
66
  "@hapi/catbox-memory": "6.0.2",
67
67
  "@hapi/good": "9.0.1",
68
- "@hapi/hapi": "21.4.5",
68
+ "@hapi/hapi": "21.4.6",
69
69
  "@hapi/inert": "7.1.0",
70
70
  "@hapi/vision": "7.0.3",
71
71
  "@mojaloop/central-services-error-handling": "13.1.6",
@@ -76,7 +76,7 @@
76
76
  "@mojaloop/central-services-stream": "11.9.1",
77
77
  "@mojaloop/event-sdk": "14.8.3",
78
78
  "@mojaloop/object-store-lib": "12.2.3",
79
- "@mojaloop/sdk-standard-components": "19.18.7",
79
+ "@mojaloop/sdk-standard-components": "19.18.8",
80
80
  "@now-ims/hapi-now-auth": "2.1.0",
81
81
  "axios": "1.13.5",
82
82
  "blipp": "4.0.2",
@@ -103,9 +103,10 @@
103
103
  "@eslint/eslintrc": {
104
104
  "ajv": "6.12.6"
105
105
  },
106
- "form-data": "4.0.4",
106
+ "form-data": "4.0.5",
107
107
  "on-headers": "1.1.0",
108
- "brace-expansion": "2.0.2",
108
+ "brace-expansion": "5.0.3",
109
+ "minimatch@3.0.5": "3.1.5",
109
110
  "ansi-regex": "5.0.1",
110
111
  "postcss": {
111
112
  "nanoid": "^3.3.8"
@@ -136,9 +137,9 @@
136
137
  "yargs-parser": "21.1.1",
137
138
  "validator": "13.15.22",
138
139
  "js-yaml": "3.14.2",
139
- "jws": "4.0.1",
140
+ "jws": "3.2.3",
140
141
  "fast-xml-parser": "5.3.6",
141
- "qs": "6.14.1",
142
+ "qs": "6.14.2",
142
143
  "undici": "6.23.0",
143
144
  "axios": "1.13.5",
144
145
  "lodash": "4.17.23",
@@ -148,11 +149,11 @@
148
149
  "devDependencies": {
149
150
  "@eslint/js": "10.0.1",
150
151
  "audit-ci": "7.1.0",
151
- "eslint": "10.0.0",
152
+ "eslint": "10.0.2",
152
153
  "globals": "17.3.0",
153
- "nodemon": "3.1.11",
154
- "npm-check-updates": "19.4.0",
155
- "nyc": "17.1.0",
154
+ "nodemon": "3.1.14",
155
+ "npm-check-updates": "19.5.0",
156
+ "nyc": "18.0.0",
156
157
  "pre-commit": "1.2.2",
157
158
  "proxyquire": "2.1.3",
158
159
  "replace": "^1.2.2",