@mojaloop/central-ledger 19.13.0 → 19.14.0-snapshot.2

package/.grype.yaml

@@ -1,10 +1,5 @@
 scan-type: source
 ignore:
-  # Ignore cross-spawn vulnerabilities by CVE ID due to false positive
-  # as grype looks at package-lock.json where it shows versions with
-  # vulnerabilities, npm ls shows only 7.0.6 verion is used
-
-  # Ignore OpenSSL vulnerabilities in Alpine libcrypto3 and libssl3
   - vulnerability: GHSA-3ppc-4f35-3m26
     reason: minimatch upgrade breaks some dev tools so adding this to ignore list
   - vulnerability: CVE-2025-60876
@@ -19,14 +14,81 @@ ignore:
     include-aliases: true
   - vulnerability: GHSA-r6q2-hw4h-h46w
     include-aliases: true
-
-# Set output format defaults
+  - vulnerability: CVE-2025-15467
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (critical severity)"
+  - vulnerability: CVE-2025-69420
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-59465
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-69421
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-69419
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2026-22796
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-66199
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-15468
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2026-21637
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-55131
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-59466
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
+  - vulnerability: CVE-2025-55130
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (critical severity)"
+  - vulnerability: CVE-2026-22795
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-68160
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-11187
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: GHSA-73rr-hh4g-fpgx
+    include-aliases: true
+    reason: >-
+      Base image npm package: diff - bundled in Node.js base image, not fixable via application dependencies as of
+      2026-02-23 (low severity)
+  - vulnerability: CVE-2025-55132
+    include-aliases: true
+    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2026-27171
+    include-aliases: true
+    reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-15469
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: CVE-2025-69418
+    include-aliases: true
+    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
+  - vulnerability: GHSA-87r5-mp6g-5w5j
+    include-aliases: true
+    reason: "Unfixable npm transitive vulnerability: jsonpath (high severity) as of 2026-02-23"
+  - vulnerability: GHSA-378v-28hj-76wf
+    include-aliases: true
+    reason: "Unfixable npm transitive vulnerability: bn.js (moderate severity) as of 2026-02-23"
+  - vulnerability: GHSA-2g4f-4pwh-qvx6
+    include-aliases: true
+    reason: "Unfixable npm transitive vulnerability: ajv (moderate severity) as of 2026-02-23"
 output:
-  - "table"
-  - "json"
-
-# Modify your CircleCI job to check critical count
+  - table
+  - json
 search:
-  scope: "squashed"
+  scope: squashed
 quiet: false
 check-for-app-update: false

package/CHANGELOG.md

@@ -2,6 +2,43 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [19.14.0](https://github.com/mojaloop/central-ledger/compare/v19.13.2...v19.14.0) (2026-03-19)
+
+
+### Features
+
+* vendor the condition check from five-bells-condition into cryptoConditions ([#1264](https://github.com/mojaloop/central-ledger/issues/1264)) ([4d7c4d2](https://github.com/mojaloop/central-ledger/commit/4d7c4d27f5d24fc818c7663a966ca8bf8f855b65))
+
+
+### Bug Fixes
+
+* undefined fulfilment error not thrown ([#1281](https://github.com/mojaloop/central-ledger/issues/1281)) ([a9361d4](https://github.com/mojaloop/central-ledger/commit/a9361d4ee5d3fb44ca0cc0ceca893c0d2ff35b84))
+
+
+### Chore
+
+* **sbom:** update sbom [skip ci] ([21ce9d4](https://github.com/mojaloop/central-ledger/commit/21ce9d455e89568af3e6618b1528425afbbb7b2c))
+
+### [19.13.2](https://github.com/mojaloop/central-ledger/compare/v19.13.1...v19.13.2) (2026-02-27)
+
+
+### Chore
+
+* maintenance updates ([#1260](https://github.com/mojaloop/central-ledger/issues/1260)) ([464c50c](https://github.com/mojaloop/central-ledger/commit/464c50cda674ee63b23e94e2b9ff19ce4cd807f0))
+* **sbom:** update sbom [skip ci] ([2df7c77](https://github.com/mojaloop/central-ledger/commit/2df7c7731a9722d1ace56919ebbdef076ef1295c))
+
+### [19.13.1](https://github.com/mojaloop/central-ledger/compare/v19.13.0...v19.13.1) (2026-02-26)
+
+
+### Bug Fixes
+
+* make fxQuoteConversionTerms.sourceAmount nullable ([#1267](https://github.com/mojaloop/central-ledger/issues/1267)) ([f770970](https://github.com/mojaloop/central-ledger/commit/f770970159fdf5624c0763562edff89db97beb5c))
+
+
+### Chore
+
+* **sbom:** update sbom [skip ci] ([b834732](https://github.com/mojaloop/central-ledger/commit/b834732ce99fd8639a5e35f410294f1fef391c82))
+
 ## [19.13.0](https://github.com/mojaloop/central-ledger/compare/v19.12.8...v19.13.0) (2026-02-26)
 
 

package/Dockerfile

@@ -1,5 +1,5 @@
 # Arguments
-ARG NODE_VERSION=22.21.1-alpine3.23
+ARG NODE_VERSION=22.22.0-alpine3.23
 
 # NOTE: Ensure you set NODE_VERSION Build Argument as follows...
 #

package/audit-ci.jsonc

@@ -1,11 +1,8 @@
 {
   "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
   // audit-ci supports reading JSON, JSONC, and JSON5 config files.
-  // Only check production dependencies (devDependencies ignored)
-  "skip-dev": true,  
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
-  "allowlist": [
-    "GHSA-3ppc-4f35-3m26"
+  "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
   ]
 }

package/config/default-settlement.json

@@ -0,0 +1,160 @@
+{
+  "PORT": 3007,
+  "HOSTNAME": "http://central-settlement",
+  "DATABASE": {
+    "DIALECT": "mysql",
+    "HOST": "localhost",
+    "PORT": 3306,
+    "USER": "central_ledger",
+    "PASSWORD": "password",
+    "SCHEMA": "central_ledger",
+    "POOL_MIN_SIZE": 10,
+    "POOL_MAX_SIZE": 10,
+    "ACQUIRE_TIMEOUT_MILLIS": 30000,
+    "CREATE_TIMEOUT_MILLIS": 30000,
+    "DESTROY_TIMEOUT_MILLIS": 5000,
+    "IDLE_TIMEOUT_MILLIS": 30000,
+    "REAP_INTERVAL_MILLIS": 1000,
+    "CREATE_RETRY_INTERVAL_MILLIS": 200,
+    "DEBUG": false
+  },
+  "WINDOW_AGGREGATION": {
+    "RETRY_COUNT": 3,
+    "RETRY_INTERVAL": 3000
+  },
+  "TRANSFER_VALIDITY_SECONDS": "432000",
+  "HUB_PARTICIPANT": {
+    "ID": 1,
+    "NAME": "Hub"
+  },
+  "HANDLERS": {
+    "DISABLED": false,
+    "API": {
+      "DISABLED": false
+    },
+    "SETTINGS": {
+      "RULES": {
+        "SCRIPTS_FOLDER": "./scripts/transferSettlementTemp",
+        "SCRIPT_TIMEOUT": 100,
+        "CONSUMER_COMMIT": true,
+        "FROM_SWITCH": true
+      }
+    }
+  },
+  "API_DOC_ENDPOINTS_ENABLED": true,
+  "SWITCH_ENDPOINT": "http://localhost:3001",
+  "AMOUNT": {
+    "PRECISION": 18,
+    "SCALE": 4
+  },
+  "KAFKA": {
+    "TOPIC_TEMPLATES": {
+      "GENERAL_TOPIC_TEMPLATE": {
+        "TEMPLATE": "topic-{{functionality}}-{{action}}",
+        "REGEX": "topic-(.*)-(.*)"
+      }
+    },
+    "CONSUMER": {
+      "DEFERREDSETTLEMENT": {
+        "CLOSE": {
+          "config": {
+            "options": {
+              "mode": 2,
+              "batchSize": 1,
+              "pollFrequency": 10,
+              "recursiveTimeout": 100,
+              "messageCharset": "utf8",
+              "messageAsJSON": true,
+              "sync": true,
+              "consumeTimeout": 1000
+            },
+            "rdkafkaConf": {
+              "client.id": "cs-con-deferredsettlement-close",
+              "group.id": "cs-group-deferredsettlement-close",
+              "metadata.broker.list": "localhost:9092",
+              "socket.keepalive.enable": true,
+              "allow.auto.create.topics": true
+            },
+            "topicConf": {
+              "auto.offset.reset": "earliest"
+            }
+          }
+        }
+      },
+      "NOTIFICATION": {
+        "EVENT": {
+          "config": {
+            "options": {
+              "mode": 2,
+              "batchSize": 1,
+              "pollFrequency": 10,
+              "recursiveTimeout": 100,
+              "messageCharset": "utf8",
+              "messageAsJSON": true,
+              "sync": true,
+              "consumeTimeout": 1000
+            },
+            "rdkafkaConf": {
+              "client.id": "cs-con-notification-event",
+              "group.id": "cs-group-notification-event",
+              "metadata.broker.list": "localhost:9092",
+              "socket.keepalive.enable": true,
+              "allow.auto.create.topics": true
+            },
+            "topicConf": {
+              "auto.offset.reset": "earliest"
+            }
+          }
+        }
+      }
+    },
+    "PRODUCER": {
+      "NOTIFICATION": {
+        "EVENT": {
+          "config": {
+            "options": {
+              "messageCharset": "utf8"
+            },
+            "rdkafkaConf": {
+              "debug": "all",
+              "metadata.broker.list": "localhost:9092",
+              "client.id": "cs-prod-notification-event",
+              "event_cb": true,
+              "compression.codec": "none",
+              "retry.backoff.ms": 100,
+              "message.send.max.retries": 2,
+              "socket.keepalive.enable": true,
+              "queue.buffering.max.messages": 10000000,
+              "batch.num.messages": 100,
+              "dr_cb": true,
+              "socket.blocking.max.ms": 1,
+              "queue.buffering.max.ms": 1,
+              "broker.version.fallback": "0.10.1.0",
+              "api.version.request": true
+            }
+          }
+        }
+      },
+      "DEFERREDSETTLEMENT": {
+        "CLOSE": {
+          "config": {
+            "options": {
+              "messageCharset": "utf8"
+            },
+            "rdkafkaConf": {
+              "metadata.broker.list": "localhost:9092",
+              "client.id": "cs-prod-deferredsettlement-close",
+              "event_cb": true,
+              "dr_cb": true,
+              "socket.keepalive.enable": true,
+              "queue.buffering.max.messages": 10000000
+            },
+            "topicConf": {
+              "request.required.acks": "all"
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/docker/ml-api-adapter/default.json

@@ -7,6 +7,34 @@
   "HOSTNAME": "http://ml-api-adapter",
   "ENDPOINT_SOURCE_URL": "http://host.docker.internal:3001",
   "ENDPOINT_HEALTH_URL": "http://host.docker.internal:3001/health",
+  "PROXY_CACHE": {
+    "enabled": false,
+    "type": "redis-cluster",
+    "proxyConfig": {
+      "cluster": [
+        { "host": "redis-node-0", "port": 6379 }
+      ]
+    }
+  },
+  "PROTOCOL_VERSIONS": {
+    "CONTENT": {
+      "DEFAULT": "2.0",
+      "VALIDATELIST": ["1.0", "1.1", "2.0"]
+    },
+    "ACCEPT": {
+      "DEFAULT": "2",
+      "VALIDATELIST": ["1", "1.0", "1.1", "2", "2.0"]
+    }
+  },
+  "PAYLOAD_CACHE": {
+    "enabled": false,
+    "type": "redis-cluster",
+    "connectionConfig": {
+      "cluster": [
+        { "host": "localhost", "port": 6379 }
+      ]
+    }
+  },
   "ENDPOINT_CACHE_CONFIG": {
     "expiresIn": 180000,
     "generateTimeout": 30000

package/docker-compose.yml

@@ -73,6 +73,9 @@ services:
       - ./docker/wait-for:/opt/wait-for
     environment:
       - LOG_LEVEL=info
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "simulator:host-gateway"
     networks:
       - cl-mojaloop-net
     depends_on:
@@ -272,6 +275,9 @@ services:
       replicas: 1
     ports:
       - "8444:8444"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "simulator:host-gateway"
     environment:
       - LOG_LEVEL=info
       - TRANSFERS_ENDPOINT=http://host.docker.internal:3000

package/migrations/950120_fxQuoteConversionTerms_sourceAmount_nullable.js

@@ -0,0 +1,66 @@
+/*****
+ License
+ --------------
+ Copyright © 2020-2026 Mojaloop Foundation
+ The Mojaloop files are made available by the Mojaloop Foundation under the Apache License, Version 2.0 (the "License") and you may not use these files except in compliance with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, the Mojaloop files are distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+ Contributors
+ --------------
+ This is the official list of the Mojaloop project contributors for this file.
+ Names of the original copyright holders (individuals or organizations)
+ should be listed with a '*' in the first column. People who have
+ contributed from an organization can be listed under the organization
+ that actually holds the copyright for their contributions (see the
+ Mojaloop Foundation for an example). Those individuals should have
+ their names indented and be marked with a '-'. Email address can be added
+ optionally within square brackets <email>.
+
+ * Mojaloop Foundation
+ - Name Surname <name.surname@mojaloop.io>
+ - Shashikant Hirugade <shashi.mojaloop@gmail.com>
+
+ --------------
+
+ ******/
+'use strict'
+
+exports.up = function (knex) {
+  return knex.schema.hasTable('fxQuoteConversionTerms')
+    .then(function (exists) {
+      if (!exists) return
+
+      return knex.schema.hasColumn('fxQuoteConversionTerms', 'sourceAmount')
+        .then(function (columnExists) {
+          if (!columnExists) return
+
+          return knex.schema.alterTable('fxQuoteConversionTerms', function (t) {
+            t.decimal('sourceAmount', 18, 4)
+              .nullable()
+              .defaultTo(null)
+              .alter()
+          })
+        })
+    })
+}
+
+exports.down = function (knex) {
+  return knex.schema.hasTable('fxQuoteConversionTerms')
+    .then(function (exists) {
+      if (!exists) return
+
+      return knex.schema.hasColumn('fxQuoteConversionTerms', 'sourceAmount')
+        .then(function (columnExists) {
+          if (!columnExists) return
+
+          return knex.schema.alterTable('fxQuoteConversionTerms', function (t) {
+            t.decimal('sourceAmount', 18, 4)
+              .notNullable()
+              .alter()
+          })
+        })
+    })
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/central-ledger",
-  "version": "19.13.0",
+  "version": "19.14.0-snapshot.2",
   "description": "Central ledger hosted by a scheme to record and settle transfers",
   "license": "Apache-2.0",
   "author": "ModusBox",
@@ -44,14 +44,14 @@
     "lint": "npx standard",
     "lint:fix": "npx standard --fix",
     "test": "npm run test:unit:spec",
-    "test:unit": "tape 'test/unit/**/*.test.js'",
+    "test:unit": "tape 'test/unit/**/*.test.js' 'test/settlement/unit/**/*.test.js'",
     "test:unit:spec": "npm run test:unit | tap-spec",
     "test:unit:distLock": "npx tape 'test/unit/lib/distLock/**/*.test.js'",
     "test:unit:participants-routes": "npx tape test/unit/api/participants/routes.test.js",
     "test:xunit": "npm run test:unit | tap-xunit > ./test/results/xunit.xml",
-    "test:coverage": "npx nyc --reporter=lcov --reporter=text-summary tapes -- 'test/unit/**/**.test.js'",
+    "test:coverage": "npx nyc --reporter=lcov --reporter=text-summary tapes -- 'test/unit/**/**.test.js' 'test/settlement/unit/**/**.test.js'",
     "test:coverage-check": "npm run test:coverage && nyc check-coverage",
-    "test:int": "npx tape 'test/integration/**/*.test.js' ",
+    "test:int": "npx tape 'test/integration/**/*.test.js' 'test/settlement/integration/**/*.test.js' ",
     "test:int-override": "npx tape 'test/integration-override/**/*.test.js'",
     "test:int:spec": "npm run test:int | npx tap-spec",
     "test:xint": "npm run test:int | tee /dev/tty | tap-xunit > ./test/results/xunit-integration.xml",
@@ -87,37 +87,38 @@
     "@hapi/catbox": "12.1.1",
     "@hapi/catbox-memory": "6.0.2",
     "@hapi/good": "9.0.1",
-    "@hapi/hapi": "21.4.6",
+    "@hapi/hapi": "21.4.8",
     "@hapi/inert": "7.1.0",
     "@hapi/vision": "7.0.3",
     "@mojaloop/central-services-error-handling": "13.1.6",
     "@mojaloop/central-services-health": "15.2.2",
     "@mojaloop/central-services-logger": "11.10.4",
     "@mojaloop/central-services-metrics": "12.8.5",
-    "@mojaloop/central-services-shared": "18.35.6",
+    "@mojaloop/central-services-shared": "18.35.7",
     "@mojaloop/central-services-stream": "11.9.1",
     "@mojaloop/database-lib": "11.3.7",
     "@mojaloop/event-sdk": "14.8.3",
-    "@mojaloop/inter-scheme-proxy-cache-lib": "2.9.0",
+    "@mojaloop/inter-scheme-proxy-cache-lib": "2.10.0",
     "@mojaloop/ml-number": "11.4.3",
     "@mojaloop/object-store-lib": "12.2.3",
     "@now-ims/hapi-now-auth": "2.1.0",
     "ajv": "8.18.0",
     "ajv-keywords": "5.1.0",
     "base64url": "3.0.1",
+    "bignumber.js": "11.0.0",
     "blipp": "4.0.2",
     "commander": "14.0.3",
     "cron": "4.4.0",
     "decimal.js": "10.6.0",
     "docdash": "2.0.2",
     "event-stream": "4.0.1",
-    "five-bells-condition": "5.0.1",
     "hapi-auth-bearer-token": "8.0.0",
+    "hapi-openapi": "3.0.0",
     "hapi-swagger": "17.3.2",
     "ilp-packet": "2.2.0",
     "joi": "18.0.1",
-    "knex": "3.1.0",
-    "lodash": "4.17.23",
+    "knex": "3.2.9",
+    "lodash": "4.18.1",
     "moment": "2.30.1",
     "mongo-uri-builder": "^4.0.0",
     "parse-strings-in-object": "2.0.0",
@@ -128,45 +129,51 @@
     "mysql": "2.18.1"
   },
   "devDependencies": {
-    "@opentelemetry/api": "^1.9.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.70.1",
+    "@hapi/joi": "17.1.1",
+    "@opentelemetry/api": "1.9.1",
+    "@opentelemetry/auto-instrumentations-node": "0.73.0",
     "@types/mock-knex": "0.4.8",
     "async-retry": "1.3.3",
     "audit-ci": "^7.1.0",
     "get-port": "5.1.1",
     "jsdoc": "4.0.5",
-    "jsonpath": "1.2.1",
+    "jsonpath": "1.3.0",
     "mock-knex": "0.4.13",
     "nodemon": "3.1.14",
-    "npm-check-updates": "19.5.0",
+    "npm-check-updates": "21.0.3",
     "nyc": "18.0.0",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",
     "replace": "^1.2.2",
+    "rewire": "^9.0.1",
     "sinon": "17.0.0",
     "standard": "17.1.2",
     "standard-version": "^9.5.0",
+    "swagmock": "1.0.0",
     "tap-spec": "^5.0.0",
     "tap-xunit": "2.4.1",
     "tape": "4.17.0",
     "tapes": "4.1.0"
   },
   "overrides": {
+    "protobufjs": "8.0.1",
+    "handlebars": "4.7.9",
     "ajv": "8.18.0",
     "eslint": {
-      "ajv": "6.12.6"
+      "ajv": "6.14.0"
     },
     "eslint@9.39.2": {
-      "ajv": "6.12.6"
+      "ajv": "6.14.0"
     },
     "@eslint/eslintrc": {
-      "ajv": "6.12.6"
+      "ajv": "6.14.0"
     },
-    "axios": "1.13.5",
-    "brace-expansion": "2.0.2",
-    "form-data": "4.0.4",
-    "lodash": "4.17.23",
-    "undici": "6.23.0",
+    "axios": "1.15.0",
+    "brace-expansion": "2.0.3",
+    "convict": "6.2.5",
+    "form-data": "4.0.5",
+    "lodash": "4.18.1",
+    "undici": "6.24.0",
     "shins": {
       "ajv": "8.18.0",
       "ejs": "3.1.10",
@@ -183,13 +190,24 @@
     "hapi-swagger": {
       "joi": "18.0.1"
     },
+    "immutable": "5.1.5",
     "jsonwebtoken": "9.0.0",
     "jsonpointer": "5.0.0",
     "on-headers": "1.1.0",
+    "path-to-regexp": "0.1.13",
     "trim": "0.0.3",
     "cross-spawn": "7.0.6",
+    "yaml": "1.10.3",
+    "validator": "13.15.22",
     "yargs-parser": "21.1.1",
-    "fast-xml-parser": "5.3.6"
+    "fast-xml-parser": "5.5.7",
+    "minimatch@<=3.1.3": "3.1.5",
+    "minimatch@5.1.7": "5.1.9",
+    "minimatch@9.0.6": "9.0.9",
+    "replace": {
+      "minimatch": "3.1.5"
+    },
+    "underscore": "1.13.8"
   },
   "config": {
     "knex": "--knexfile ./config/knexfile.js",