@mojaloop/central-services-shared 18.35.3 → 18.35.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.circleci/config.yml +1 -1
- package/.grype.yaml +16 -35
- package/.nvmrc +1 -1
- package/CHANGELOG.md +21 -0
- package/audit-ci.jsonc +2 -1
- package/package.json +17 -18
- package/test/unit/util/request.test.js +6 -37
package/.circleci/config.yml
CHANGED
package/.grype.yaml
CHANGED
|
@@ -1,40 +1,21 @@
|
|
|
1
|
-
# Grype vulnerability scanning configuration for central-services-shared
|
|
2
|
-
# This is a library project without Docker images, so we use source scanning
|
|
3
1
|
scan-type: source
|
|
4
|
-
|
|
5
|
-
# Enable vulnerability scanning
|
|
6
2
|
disabled: false
|
|
7
|
-
|
|
8
|
-
# Vulnerability ignore rules
|
|
9
|
-
# Add specific CVEs here if they are false positives or acceptable risks
|
|
10
3
|
ignore:
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
# version: "1.0.0"
|
|
18
|
-
# reason: "Not exploitable in our usage context"
|
|
19
|
-
|
|
20
|
-
# Output formats for scan results
|
|
4
|
+
- vulnerability: GHSA-2g4f-4pwh-qvx6
|
|
5
|
+
include-aliases: true
|
|
6
|
+
reason: "Unfixable npm transitive vulnerability: ajv ReDoS (moderate) as of 2026-02-19"
|
|
7
|
+
- vulnerability: GHSA-3ppc-4f35-3m26
|
|
8
|
+
include-aliases: true
|
|
9
|
+
reason: "Unfixable npm transitive vulnerability: minimatch ReDoS - fix requires v10 major version break as of 2026-02-19"
|
|
21
10
|
output:
|
|
22
|
-
-
|
|
23
|
-
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
add-cpes-if-none: false # Don't add CPEs if none are found
|
|
30
|
-
by-cve: false # Group by vulnerability rather than CVE
|
|
31
|
-
|
|
32
|
-
# Database settings
|
|
11
|
+
- table
|
|
12
|
+
- json
|
|
13
|
+
quiet: false
|
|
14
|
+
check-for-app-update: false
|
|
15
|
+
only-fixed: false
|
|
16
|
+
add-cpes-if-none: false
|
|
17
|
+
by-cve: false
|
|
33
18
|
db:
|
|
34
|
-
auto-update: true
|
|
35
|
-
validate-age: true
|
|
36
|
-
max-allowed-built-age: 120h
|
|
37
|
-
|
|
38
|
-
# Severity thresholds (handled by the orb, but documented here for clarity)
|
|
39
|
-
# The build will fail on Critical, High, or Medium severity vulnerabilities
|
|
40
|
-
# Low and Negligible severities are reported but won't fail the build
|
|
19
|
+
auto-update: true
|
|
20
|
+
validate-age: true
|
|
21
|
+
max-allowed-built-age: 120h
|
package/.nvmrc
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
22.
|
|
1
|
+
22.22.0
|
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,27 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
### [18.35.6](https://github.com/mojaloop/central-services-shared/compare/v18.35.5...v18.35.6) (2026-02-26)
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
### Chore
|
|
9
|
+
|
|
10
|
+
* rm circular dependency on sdk-standard-components ([#510](https://github.com/mojaloop/central-services-shared/issues/510)) ([7346920](https://github.com/mojaloop/central-services-shared/commit/7346920e3c3e0996aeebfd7cce4e24ac54d59313))
|
|
11
|
+
|
|
12
|
+
### [18.35.5](https://github.com/mojaloop/central-services-shared/compare/v18.35.4...v18.35.5) (2026-02-20)
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
### Chore
|
|
16
|
+
|
|
17
|
+
* update orb and dep ver ([#509](https://github.com/mojaloop/central-services-shared/issues/509)) ([7293cff](https://github.com/mojaloop/central-services-shared/commit/7293cffea15145d115b25625eb4352ceb651bb35))
|
|
18
|
+
|
|
19
|
+
### [18.35.4](https://github.com/mojaloop/central-services-shared/compare/v18.35.3...v18.35.4) (2026-02-19)
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
### Chore
|
|
23
|
+
|
|
24
|
+
* update dependencies, node.js 22.22.0, and security patches ([#508](https://github.com/mojaloop/central-services-shared/issues/508)) ([51281d8](https://github.com/mojaloop/central-services-shared/commit/51281d8eaaa8b9da53214f2b6543d1aef165a682))
|
|
25
|
+
|
|
5
26
|
### [18.35.3](https://github.com/mojaloop/central-services-shared/compare/v18.35.2...v18.35.3) (2026-02-06)
|
|
6
27
|
|
|
7
28
|
|
package/audit-ci.jsonc
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
|
|
5
5
|
"moderate": true,
|
|
6
6
|
"allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
|
|
7
|
-
|
|
7
|
+
"GHSA-2g4f-4pwh-qvx6",
|
|
8
|
+
"GHSA-3ppc-4f35-3m26" // minimatch ReDoS - fix requires v10 (major version break), unfixable via override
|
|
8
9
|
]
|
|
9
10
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mojaloop/central-services-shared",
|
|
3
|
-
"version": "18.35.
|
|
3
|
+
"version": "18.35.6",
|
|
4
4
|
"description": "Shared code for mojaloop central services",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "ModusBox",
|
|
@@ -67,16 +67,16 @@
|
|
|
67
67
|
"dependencies": {
|
|
68
68
|
"@hapi/catbox": "12.1.1",
|
|
69
69
|
"@hapi/catbox-memory": "5.0.1",
|
|
70
|
-
"@hapi/hapi": "21.4.
|
|
70
|
+
"@hapi/hapi": "21.4.6",
|
|
71
71
|
"@hapi/joi-date": "2.0.1",
|
|
72
72
|
"@mojaloop/inter-scheme-proxy-cache-lib": "2.9.0",
|
|
73
73
|
"@opentelemetry/api": "1.9.0",
|
|
74
74
|
"async-exit-hook": "2.0.1",
|
|
75
75
|
"async-retry": "1.3.3",
|
|
76
|
-
"axios": "1.13.
|
|
76
|
+
"axios": "1.13.5",
|
|
77
77
|
"clone": "2.1.2",
|
|
78
78
|
"convict": "^6.2.4",
|
|
79
|
-
"dotenv": "17.
|
|
79
|
+
"dotenv": "17.3.1",
|
|
80
80
|
"env-var": "7.5.0",
|
|
81
81
|
"event-stream": "4.0.1",
|
|
82
82
|
"fast-safe-stringify": "2.1.1",
|
|
@@ -85,7 +85,7 @@
|
|
|
85
85
|
"joi": "18.0.2",
|
|
86
86
|
"lodash": "4.17.23",
|
|
87
87
|
"mustache": "4.2.0",
|
|
88
|
-
"openapi-backend": "5.
|
|
88
|
+
"openapi-backend": "5.16.1",
|
|
89
89
|
"raw-body": "3.0.2",
|
|
90
90
|
"rc": "1.2.8",
|
|
91
91
|
"redlock": "5.0.0-beta.2",
|
|
@@ -96,21 +96,20 @@
|
|
|
96
96
|
"yaml": "2.8.2"
|
|
97
97
|
},
|
|
98
98
|
"devDependencies": {
|
|
99
|
-
"@mojaloop/central-services-error-handling": "13.1.
|
|
100
|
-
"@mojaloop/central-services-logger": "11.10.
|
|
101
|
-
"@mojaloop/central-services-metrics": "12.8.
|
|
102
|
-
"@mojaloop/event-sdk": "14.8.
|
|
103
|
-
"@
|
|
104
|
-
"@opentelemetry/auto-instrumentations-node": "^0.69.0",
|
|
99
|
+
"@mojaloop/central-services-error-handling": "13.1.6",
|
|
100
|
+
"@mojaloop/central-services-logger": "11.10.4",
|
|
101
|
+
"@mojaloop/central-services-metrics": "12.8.5",
|
|
102
|
+
"@mojaloop/event-sdk": "14.8.3",
|
|
103
|
+
"@opentelemetry/auto-instrumentations-node": "^0.70.1",
|
|
105
104
|
"@types/hapi__joi": "17.1.15",
|
|
106
|
-
"ajv": "
|
|
105
|
+
"ajv": "8.18.0",
|
|
107
106
|
"ajv-formats": "^3.0.1",
|
|
108
107
|
"ajv-keywords": "^5.1.0",
|
|
109
108
|
"audit-ci": "7.1.0",
|
|
110
109
|
"base64url": "3.0.1",
|
|
111
110
|
"chance": "1.1.13",
|
|
112
|
-
"npm-check-updates": "19.
|
|
113
|
-
"nyc": "
|
|
111
|
+
"npm-check-updates": "19.5.0",
|
|
112
|
+
"nyc": "18.0.0",
|
|
114
113
|
"portfinder": "1.0.38",
|
|
115
114
|
"pre-commit": "1.2.2",
|
|
116
115
|
"proxyquire": "2.1.3",
|
|
@@ -125,10 +124,10 @@
|
|
|
125
124
|
"tapes": "4.1.0"
|
|
126
125
|
},
|
|
127
126
|
"overrides": {
|
|
128
|
-
"axios": "1.13.
|
|
129
|
-
"qs": "6.14.
|
|
127
|
+
"axios": "1.13.5",
|
|
128
|
+
"qs": "6.14.2",
|
|
130
129
|
"brace-expansion": "2.0.2",
|
|
131
|
-
"form-data": "4.0.
|
|
130
|
+
"form-data": "4.0.5",
|
|
132
131
|
"nanoid": "5.1.5",
|
|
133
132
|
"postcss": {
|
|
134
133
|
"nanoid": "5.1.5"
|
|
@@ -145,7 +144,7 @@
|
|
|
145
144
|
"swagger2openapi": "7.0.8"
|
|
146
145
|
},
|
|
147
146
|
"markdown-it": "12.3.2",
|
|
148
|
-
"fast-xml-parser": "5.3.
|
|
147
|
+
"fast-xml-parser": "5.3.6",
|
|
149
148
|
"trim": "0.0.3",
|
|
150
149
|
"cross-spawn": "7.0.6",
|
|
151
150
|
"yargs-parser": "21.1.1",
|
|
@@ -10,35 +10,6 @@ const Enum = require('../../../src/enums')
|
|
|
10
10
|
const Helper = require('../../util/helper')
|
|
11
11
|
const Metrics = require('@mojaloop/central-services-metrics')
|
|
12
12
|
const Uuid = require('uuid4')
|
|
13
|
-
const JwsSigner = require('@mojaloop/sdk-standard-components').Jws.signer
|
|
14
|
-
|
|
15
|
-
const signingKey = `-----BEGIN RSA PRIVATE KEY-----
|
|
16
|
-
MIIEowIBAAKCAQEA0eJEh3Op5p6x137lRkAsvmEBbd32dbRChrCUItZbtxjf/qfB
|
|
17
|
-
yD5k8Hn4n4vbqzP8XSGS0f6KmNC+iRaP74HVgzAqc4Uid4J8dtSBq3VmucYQYzLc
|
|
18
|
-
101QjuvD+SKmZwlw/q0PtulmqlASI2SbMfwcAraMi6ab7v5W4EGNeIPLEIo3BXsQ
|
|
19
|
-
DTCWqiZb7aXkHkcY7sOjAzK/2bNGYFmAthdYrHzvCkqnJ7LAHX3Oj7rJea5MqtuN
|
|
20
|
-
B9POZYaD10n9JuYWdwPqLrw6/hVgPSFEy+ulrVbXf54ZH0dfMThAYRvFrT81yulk
|
|
21
|
-
H95JhXWGdi6cTp6t8LVOKFhnNfxjWw0Jayj9xwIDAQABAoIBADB2u/Y/CgNbr5sg
|
|
22
|
-
DRccqHhJdAgHkep59kadrYch0knEL6zg1clERxCUSYmlxNKSjXp/zyQ4T46b3PNQ
|
|
23
|
-
x2m5pDDHxXWpT10jP1Q9G7gYwuCw0IXnb8EzdB+cZ0M28g+myXW1RoSo/nDjTlzn
|
|
24
|
-
1UJEgb9Kocd5cFZOWocr+9vRKumlZULMsA8yiNwlAfJHcMBM7acsa3myCqVhLyWt
|
|
25
|
-
4BQylVuLFa+A6QzpMXEwFCq8EOXf07gl1XVzC6LJ1fTa9gVM3N+YE+oEXKrsHCxG
|
|
26
|
-
/ACgKsjepL27QjJ7qvecWPP0F2LxEZYOm5tbXaKJTobzQUJHgUokanZMhjYprDsZ
|
|
27
|
-
zumLw9kCgYEA/DUWcnLeImlfq/EYdhejkl3J+WX3vhS23OqVgY1amu7CZzaai6vt
|
|
28
|
-
H0TRc8Zsbi4jgmFDU8PFzytP6qz6Tgom4R736z6oBi7bjnGyN17/NSbf+DaRVcM6
|
|
29
|
-
vnZr7jNC2FJlECmIN+dkwUA/YCr2SA7hxZXM9mIYSc+6+glDiIO5Cf0CgYEA1Qo/
|
|
30
|
-
uQbVHhW+Cp8H0kdMuhwUbkBquRrxRZlXS1Vrf3f9me9JLUy9UPWb3y3sKVurG5+O
|
|
31
|
-
SIlr4hDcZyXdE198MtDMhBIGqU9ORSjppJDNDVvtt+n2FD4XmWIU70vKBJBivX0+
|
|
32
|
-
Bow6yduis+p12fuvpvpnKCz8UjOgOQJhLZ4GQBMCgYBP6gpozVjxkm4ML2LO2IKt
|
|
33
|
-
+CXtbo/nnOysZ3BkEoQpH4pd5gFmTF3gUJAFnVPyPZBm2abZvejJ0jGKbLELVVAo
|
|
34
|
-
eQWZdssK2oIbSo9r2CAJmX3SSogWorvUafWdDoUZwlHfoylUfW+BhHgQYsyS3JRR
|
|
35
|
-
ZTwCveZwTPA0FgdeFE7niQKBgQCHaD8+ZFhbCejDqXb4MXdUJ3rY5Lqwsq491YwF
|
|
36
|
-
huKPn32iNNQnJcqCxclv3iln1Cr6oLx34Fig1KSyLv/IS32OcuY635Y6UPznumxe
|
|
37
|
-
u+aJIjADIILXNOwdAplZy6s4oWkRFaSx1rmbCa3tew2zImTv1eJxR76MpOGmupt3
|
|
38
|
-
uiQw3wKBgFjBT/aVKdBeHeP1rIHHldQV5QQxZNkc6D3qn/oAFcwpj9vcGfRjQWjO
|
|
39
|
-
ARzXM2vUWEet4OVn3DXyOdaWFR1ppehz7rAWBiPgsMg4fjAusYb9Mft1GMxMzuwT
|
|
40
|
-
Oyqsp6pzAWFrCD3JAoTLxClV+j5m+SXZ/ItD6ziGpl/h7DyayrFZ
|
|
41
|
-
-----END RSA PRIVATE KEY-----`
|
|
42
13
|
|
|
43
14
|
Test('ParticipantEndpoint Model Test', modelTest => {
|
|
44
15
|
let sandbox
|
|
@@ -483,10 +454,9 @@ Test('ParticipantEndpoint Model Test', modelTest => {
|
|
|
483
454
|
method: 'post',
|
|
484
455
|
headers: Helper.defaultHeaders(fsp, Enum.Http.HeaderResources.PARTICIPANTS, payeefsp)
|
|
485
456
|
}
|
|
486
|
-
const jwsSigner =
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
})
|
|
457
|
+
const jwsSigner = {
|
|
458
|
+
getSignature: () => 'mock-jws-signature'
|
|
459
|
+
}
|
|
490
460
|
request = sandbox.stub().returns({ status: 200 })
|
|
491
461
|
Model = proxyquire('../../../src/util/request', { axios: request })
|
|
492
462
|
const signSpy = Sinon.spy(jwsSigner, 'getSignature')
|
|
@@ -517,10 +487,9 @@ Test('ParticipantEndpoint Model Test', modelTest => {
|
|
|
517
487
|
method: 'post',
|
|
518
488
|
headers: Helper.defaultHeaders(fsp, Enum.Http.HeaderResources.PARTICIPANTS, payeefsp)
|
|
519
489
|
}
|
|
520
|
-
const jwsSigner =
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
})
|
|
490
|
+
const jwsSigner = {
|
|
491
|
+
getSignature: () => 'mock-jws-signature'
|
|
492
|
+
}
|
|
524
493
|
request = sandbox.stub().returns({ status: 200 })
|
|
525
494
|
Model = proxyquire('../../../src/util/request', { axios: request })
|
|
526
495
|
const signSpy = Sinon.spy(jwsSigner, 'getSignature')
|