@mojaloop/central-services-shared 18.35.3 → 18.35.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/.circleci/config.yml +1 -1
  2. package/.grype.yaml +16 -35
  3. package/.nvmrc +1 -1
  4. package/CHANGELOG.md +14 -0
  5. package/audit-ci.jsonc +2 -1
  6. package/package.json +16 -16
package/.circleci/config.yml CHANGED
@@ -20,7 +20,7 @@ version: 2.1
20
20
  setup: true
21
21
 
22
22
  orbs:
23
- build: mojaloop/build@1.1.9
23
+ build: mojaloop/build@1.1.15
24
24
 
25
25
  workflows:
26
26
  setup:
package/.grype.yaml CHANGED
@@ -1,40 +1,21 @@
1
- # Grype vulnerability scanning configuration for central-services-shared
2
- # This is a library project without Docker images, so we use source scanning
3
1
  scan-type: source
4
-
5
- # Enable vulnerability scanning
6
2
  disabled: false
7
-
8
- # Vulnerability ignore rules
9
- # Add specific CVEs here if they are false positives or acceptable risks
10
3
  ignore:
11
- # Example format for ignoring specific vulnerabilities:
12
- # - vulnerability: "CVE-2023-xxxxx"
13
- # reason: "False positive in dev dependency that doesn't affect production"
14
- # - vulnerability: "GHSA-xxxx-xxxx-xxxx"
15
- # package:
16
- # name: "package-name"
17
- # version: "1.0.0"
18
- # reason: "Not exploitable in our usage context"
19
-
20
- # Output formats for scan results
4
+ - vulnerability: GHSA-2g4f-4pwh-qvx6
5
+ include-aliases: true
6
+ reason: "Unfixable npm transitive vulnerability: ajv ReDoS (moderate) as of 2026-02-19"
7
+ - vulnerability: GHSA-3ppc-4f35-3m26
8
+ include-aliases: true
9
+ reason: "Unfixable npm transitive vulnerability: minimatch ReDoS - fix requires v10 major version break as of 2026-02-19"
21
10
  output:
22
- - "table" # Human-readable table format
23
- - "json" # Machine-readable JSON for further processing
24
-
25
- # Grype configuration options
26
- quiet: false # Show progress and status messages
27
- check-for-app-update: false # Don't check for Grype updates during CI
28
- only-fixed: false # Show all vulnerabilities, not just those with fixes
29
- add-cpes-if-none: false # Don't add CPEs if none are found
30
- by-cve: false # Group by vulnerability rather than CVE
31
-
32
- # Database settings
11
+ - table
12
+ - json
13
+ quiet: false
14
+ check-for-app-update: false
15
+ only-fixed: false
16
+ add-cpes-if-none: false
17
+ by-cve: false
33
18
  db:
34
- auto-update: true # Auto-update the vulnerability database
35
- validate-age: true # Validate the age of the vulnerability database
36
- max-allowed-built-age: 120h # Maximum age of the vulnerability database (5 days)
37
-
38
- # Severity thresholds (handled by the orb, but documented here for clarity)
39
- # The build will fail on Critical, High, or Medium severity vulnerabilities
40
- # Low and Negligible severities are reported but won't fail the build
19
+ auto-update: true
20
+ validate-age: true
21
+ max-allowed-built-age: 120h
package/.nvmrc CHANGED
@@ -1 +1 @@
1
- 22.15.1
1
+ 22.22.0
package/CHANGELOG.md CHANGED
@@ -2,6 +2,20 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
+ ### [18.35.5](https://github.com/mojaloop/central-services-shared/compare/v18.35.4...v18.35.5) (2026-02-20)
6
+
7
+
8
+ ### Chore
9
+
10
+ * update orb and dep ver ([#509](https://github.com/mojaloop/central-services-shared/issues/509)) ([7293cff](https://github.com/mojaloop/central-services-shared/commit/7293cffea15145d115b25625eb4352ceb651bb35))
11
+
12
+ ### [18.35.4](https://github.com/mojaloop/central-services-shared/compare/v18.35.3...v18.35.4) (2026-02-19)
13
+
14
+
15
+ ### Chore
16
+
17
+ * update dependencies, node.js 22.22.0, and security patches ([#508](https://github.com/mojaloop/central-services-shared/issues/508)) ([51281d8](https://github.com/mojaloop/central-services-shared/commit/51281d8eaaa8b9da53214f2b6543d1aef165a682))
18
+
5
19
  ### [18.35.3](https://github.com/mojaloop/central-services-shared/compare/v18.35.2...v18.35.3) (2026-02-06)
6
20
 
7
21
 
package/audit-ci.jsonc CHANGED
@@ -4,6 +4,7 @@
4
4
  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
5
5
  "moderate": true,
6
6
  "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
7
- // e.g. Currently no fixes available for the following
7
+ "GHSA-2g4f-4pwh-qvx6",
8
+ "GHSA-3ppc-4f35-3m26" // minimatch ReDoS - fix requires v10 (major version break), unfixable via override
8
9
  ]
9
10
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mojaloop/central-services-shared",
3
- "version": "18.35.3",
3
+ "version": "18.35.5",
4
4
  "description": "Shared code for mojaloop central services",
5
5
  "license": "Apache-2.0",
6
6
  "author": "ModusBox",
@@ -67,16 +67,16 @@
67
67
  "dependencies": {
68
68
  "@hapi/catbox": "12.1.1",
69
69
  "@hapi/catbox-memory": "5.0.1",
70
- "@hapi/hapi": "21.4.4",
70
+ "@hapi/hapi": "21.4.6",
71
71
  "@hapi/joi-date": "2.0.1",
72
72
  "@mojaloop/inter-scheme-proxy-cache-lib": "2.9.0",
73
73
  "@opentelemetry/api": "1.9.0",
74
74
  "async-exit-hook": "2.0.1",
75
75
  "async-retry": "1.3.3",
76
- "axios": "1.13.4",
76
+ "axios": "1.13.5",
77
77
  "clone": "2.1.2",
78
78
  "convict": "^6.2.4",
79
- "dotenv": "17.2.3",
79
+ "dotenv": "17.3.1",
80
80
  "env-var": "7.5.0",
81
81
  "event-stream": "4.0.1",
82
82
  "fast-safe-stringify": "2.1.1",
@@ -96,20 +96,20 @@
96
96
  "yaml": "2.8.2"
97
97
  },
98
98
  "devDependencies": {
99
- "@mojaloop/central-services-error-handling": "13.1.5",
100
- "@mojaloop/central-services-logger": "11.10.3",
101
- "@mojaloop/central-services-metrics": "12.8.3",
102
- "@mojaloop/event-sdk": "14.8.2",
103
- "@mojaloop/sdk-standard-components": "19.18.6",
104
- "@opentelemetry/auto-instrumentations-node": "^0.69.0",
99
+ "@mojaloop/central-services-error-handling": "13.1.6",
100
+ "@mojaloop/central-services-logger": "11.10.4",
101
+ "@mojaloop/central-services-metrics": "12.8.5",
102
+ "@mojaloop/event-sdk": "14.8.3",
103
+ "@mojaloop/sdk-standard-components": "19.18.7",
104
+ "@opentelemetry/auto-instrumentations-node": "^0.70.0",
105
105
  "@types/hapi__joi": "17.1.15",
106
- "ajv": "^8.17.1",
106
+ "ajv": "8.18.0",
107
107
  "ajv-formats": "^3.0.1",
108
108
  "ajv-keywords": "^5.1.0",
109
109
  "audit-ci": "7.1.0",
110
110
  "base64url": "3.0.1",
111
111
  "chance": "1.1.13",
112
- "npm-check-updates": "19.3.2",
112
+ "npm-check-updates": "19.4.1",
113
113
  "nyc": "17.1.0",
114
114
  "portfinder": "1.0.38",
115
115
  "pre-commit": "1.2.2",
@@ -125,10 +125,10 @@
125
125
  "tapes": "4.1.0"
126
126
  },
127
127
  "overrides": {
128
- "axios": "1.13.4",
129
- "qs": "6.14.1",
128
+ "axios": "1.13.5",
129
+ "qs": "6.14.2",
130
130
  "brace-expansion": "2.0.2",
131
- "form-data": "4.0.4",
131
+ "form-data": "4.0.5",
132
132
  "nanoid": "5.1.5",
133
133
  "postcss": {
134
134
  "nanoid": "5.1.5"
@@ -145,7 +145,7 @@
145
145
  "swagger2openapi": "7.0.8"
146
146
  },
147
147
  "markdown-it": "12.3.2",
148
- "fast-xml-parser": "5.3.4",
148
+ "fast-xml-parser": "5.3.6",
149
149
  "trim": "0.0.3",
150
150
  "cross-spawn": "7.0.6",
151
151
  "yargs-parser": "21.1.1",