@mojaloop/database-lib 11.3.2 → 11.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/.circleci/config.yml +22 -1
  2. package/.grype.yaml +36 -10
  3. package/CHANGELOG.md +2 -0
  4. package/README.md +4 -0
  5. package/package.json +6 -6
package/.circleci/config.yml CHANGED
@@ -1,11 +1,32 @@
1
+ # CircleCI configuration using the mojaloop/build orb
2
+ # This streamlined config uses the mojaloop/build orb for standardized CI/CD workflows
3
+ #
4
+ # The orb automatically handles:
5
+ # - PR title checking
6
+ # - Dependency installation and caching
7
+ # - Linting
8
+ # - Unit, integration, and functional testing
9
+ # - Vulnerability checking (npm audit)
10
+ # - License scanning
11
+ # - Grype security scanning (source code scanning for this library)
12
+ # - Automated releases to npm and GitHub
13
+ # - Slack notifications
14
+ #
15
+ # To enable this configuration:
16
+ # 1. Go to CircleCI project settings → Advanced
17
+ # 2. Ensure "Enable dynamic config using setup workflows" is enabled
18
+
1
19
  version: 2.1
2
20
  setup: true
21
+
3
22
  orbs:
4
- build: mojaloop/build@1.1.0
23
+ build: mojaloop/build@1.1.6
24
+
5
25
  workflows:
6
26
  setup:
7
27
  jobs:
8
28
  - build/workflow:
29
+ context: org-global
9
30
  filters:
10
31
  tags:
11
32
  only: /v\d+(\.\d+){2}(-[a-zA-Z-][0-9a-zA-Z-]*\.\d+)?/
package/.grype.yaml CHANGED
@@ -1,14 +1,40 @@
1
- disabled: true
1
+ # Grype vulnerability scanning configuration for database-lib
2
+ # This is a library project without Docker images, so we use source scanning
3
+ scan-type: source
2
4
 
5
+ # Enable vulnerability scanning
6
+ disabled: false
7
+
8
+ # Vulnerability ignore rules
9
+ # Add specific CVEs here if they are false positives or acceptable risks
3
10
  ignore:
11
+ # Example format for ignoring specific vulnerabilities:
12
+ # - vulnerability: "CVE-2023-xxxxx"
13
+ # reason: "False positive in dev dependency that doesn't affect production"
14
+ # - vulnerability: "GHSA-xxxx-xxxx-xxxx"
15
+ # package:
16
+ # name: "package-name"
17
+ # version: "1.0.0"
18
+ # reason: "Not exploitable in our usage context"
4
19
 
5
- # Set output format defaults
20
+ # Output formats for scan results
6
21
  output:
7
- - "table"
8
- - "json"
9
-
10
- # Modify your CircleCI job to check critical count
11
- search:
12
- scope: "squashed"
13
- quiet: false
14
- check-for-app-update: false
22
+ - "table" # Human-readable table format
23
+ - "json" # Machine-readable JSON for further processing
24
+
25
+ # Grype configuration options
26
+ quiet: false # Show progress and status messages
27
+ check-for-app-update: false # Don't check for Grype updates during CI
28
+ only-fixed: false # Show all vulnerabilities, not just those with fixes
29
+ add-cpes-if-none: false # Don't add CPEs if none are found
30
+ by-cve: false # Group by vulnerability rather than CVE
31
+
32
+ # Database settings
33
+ db:
34
+ auto-update: true # Auto-update the vulnerability database
35
+ validate-age: true # Validate the age of the vulnerability database
36
+ max-allowed-built-age: 120h # Maximum age of the vulnerability database (5 days)
37
+
38
+ # Severity thresholds (handled by the orb, but documented here for clarity)
39
+ # The build will fail on Critical, High, or Medium severity vulnerabilities
40
+ # Low and Negligible severities are reported but won't fail the build
package/CHANGELOG.md CHANGED
@@ -2,6 +2,8 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
+ ### [11.3.3](https://github.com/mojaloop/database-lib/compare/v11.3.2...v11.3.3) (2025-09-26)
6
+
5
7
  ### [11.3.2](https://github.com/mojaloop/database-lib/compare/v11.3.1...v11.3.2) (2025-07-23)
6
8
 
7
9
  ### [11.3.1](https://github.com/mojaloop/database-lib/compare/v11.3.0...v11.3.1) (2025-07-21)
package/README.md CHANGED
@@ -7,6 +7,10 @@
7
7
 
8
8
  Shared database code for central services
9
9
 
10
+ ## CI/CD
11
+
12
+ This repository uses the [mojaloop/build](https://github.com/mojaloop/ci-config-orb-build) CircleCI orb for standardized CI/CD workflows, including automated Grype vulnerability scanning for source code security.
13
+
10
14
  Contents:
11
15
 
12
16
  - [Usage](#usage)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mojaloop/database-lib",
3
- "version": "11.3.2",
3
+ "version": "11.3.3",
4
4
  "description": "Shared database code for central services",
5
5
  "main": "src/index.js",
6
6
  "license": "Apache-2.0",
@@ -44,12 +44,12 @@
44
44
  "release": "standard-version --releaseCommitMessageFormat 'chore(release): {{currentTag}} [skip ci]'"
45
45
  },
46
46
  "dependencies": {
47
- "@mojaloop/central-services-error-handling": "13.1.0",
47
+ "@mojaloop/central-services-error-handling": "13.1.3",
48
48
  "async-exit-hook": "^2.0.1",
49
49
  "knex": "3.1.0",
50
50
  "lodash": "4.17.21",
51
51
  "mysql": "^2.18.1",
52
- "mysql2": "^3.14.2"
52
+ "mysql2": "^3.15.1"
53
53
  },
54
54
  "overrides": {
55
55
  "form-data": "4.0.4",
@@ -74,10 +74,10 @@
74
74
  "yargs-parser": "21.1.1"
75
75
  },
76
76
  "devDependencies": {
77
- "@mojaloop/sdk-standard-components": "19.16.4",
77
+ "@mojaloop/sdk-standard-components": "19.17.0",
78
78
  "audit-ci": "^7.1.0",
79
- "jest": "^30.0.5",
80
- "npm-check-updates": "18.0.2",
79
+ "jest": "^30.1.3",
80
+ "npm-check-updates": "18.3.0",
81
81
  "nyc": "17.1.0",
82
82
  "pre-commit": "1.2.2",
83
83
  "proxyquire": "2.1.3",