npm - @mojaloop/database-lib - Versions diffs - 11.3.2 → 11.3.4 - Mend

@mojaloop/database-lib 11.3.2 → 11.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.circleci/config.yml CHANGED Viewed

@@ -1,11 +1,32 @@
+# CircleCI configuration using the mojaloop/build orb
+# This streamlined config uses the mojaloop/build orb for standardized CI/CD workflows
+#
+# The orb automatically handles:
+# - PR title checking
+# - Dependency installation and caching
+# - Linting
+# - Unit, integration, and functional testing
+# - Vulnerability checking (npm audit)
+# - License scanning
+# - Grype security scanning (source code scanning for this library)
+# - Automated releases to npm and GitHub
+# - Slack notifications
+#
+# To enable this configuration:
+# 1. Go to CircleCI project settings → Advanced
+# 2. Ensure "Enable dynamic config using setup workflows" is enabled
 version: 2.1
 setup: true
 orbs:
-  build: mojaloop/build@1.1.0
+  build: mojaloop/build@1.1.6
 workflows:
   setup:
     jobs:
       - build/workflow:
+          context: org-global
           filters:
             tags:
               only: /v\d+(\.\d+){2}(-[a-zA-Z-][0-9a-zA-Z-]*\.\d+)?/

package/.grype.yaml CHANGED Viewed

@@ -1,14 +1,40 @@
-disabled: true
+# Grype vulnerability scanning configuration for database-lib
+# This is a library project without Docker images, so we use source scanning
+scan-type: source
+# Enable vulnerability scanning
+disabled: false
+# Vulnerability ignore rules
+# Add specific CVEs here if they are false positives or acceptable risks
 ignore:
+  # Example format for ignoring specific vulnerabilities:
+  # - vulnerability: "CVE-2023-xxxxx"
+  #   reason: "False positive in dev dependency that doesn't affect production"
+  # - vulnerability: "GHSA-xxxx-xxxx-xxxx"
+  #   package:
+  #     name: "package-name"
+  #     version: "1.0.0"
+  #   reason: "Not exploitable in our usage context"
-# Set output format defaults
+# Output formats for scan results
 output:
-  - "table"
-  - "json"
-# Modify your CircleCI job to check critical count
-search:
-  scope: "squashed"
-quiet: false
-check-for-app-update: false
+  - "table"  # Human-readable table format
+  - "json"   # Machine-readable JSON for further processing
+# Grype configuration options
+quiet: false                    # Show progress and status messages
+check-for-app-update: false     # Don't check for Grype updates during CI
+only-fixed: false               # Show all vulnerabilities, not just those with fixes
+add-cpes-if-none: false         # Don't add CPEs if none are found
+by-cve: false                   # Group by vulnerability rather than CVE
+# Database settings
+db:
+  auto-update: true             # Auto-update the vulnerability database
+  validate-age: true            # Validate the age of the vulnerability database
+  max-allowed-built-age: 120h   # Maximum age of the vulnerability database (5 days)
+# Severity thresholds (handled by the orb, but documented here for clarity)
+# The build will fail on Critical, High, or Medium severity vulnerabilities
+# Low and Negligible severities are reported but won't fail the build

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,10 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+### [11.3.4](https://github.com/mojaloop/database-lib/compare/v11.3.3...v11.3.4) (2025-11-05)
+### [11.3.3](https://github.com/mojaloop/database-lib/compare/v11.3.2...v11.3.3) (2025-09-26)
 ### [11.3.2](https://github.com/mojaloop/database-lib/compare/v11.3.1...v11.3.2) (2025-07-23)
 ### [11.3.1](https://github.com/mojaloop/database-lib/compare/v11.3.0...v11.3.1) (2025-07-21)

package/README.md CHANGED Viewed

@@ -7,6 +7,10 @@
 Shared database code for central services
+## CI/CD
+This repository uses the [mojaloop/build](https://github.com/mojaloop/ci-config-orb-build) CircleCI orb for standardized CI/CD workflows, including automated Grype vulnerability scanning for source code security.
 Contents:
 - [Usage](#usage)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/database-lib",
-  "version": "11.3.2",
+  "version": "11.3.4",
   "description": "Shared database code for central services",
   "main": "src/index.js",
   "license": "Apache-2.0",
@@ -44,12 +44,12 @@
     "release": "standard-version --releaseCommitMessageFormat 'chore(release): {{currentTag}} [skip ci]'"
   },
   "dependencies": {
-    "@mojaloop/central-services-error-handling": "13.1.0",
+    "@mojaloop/central-services-error-handling": "13.1.3",
     "async-exit-hook": "^2.0.1",
     "knex": "3.1.0",
     "lodash": "4.17.21",
     "mysql": "^2.18.1",
-    "mysql2": "^3.14.2"
+    "mysql2": "^3.15.3"
   },
   "overrides": {
     "form-data": "4.0.4",
@@ -71,13 +71,14 @@
     "cross-spawn": "7.0.6",
     "trim": "0.0.3",
     "undici": "6.21.2",
-    "yargs-parser": "21.1.1"
+    "yargs-parser": "21.1.1",
+    "validator": "13.15.20"
   },
   "devDependencies": {
-    "@mojaloop/sdk-standard-components": "19.16.4",
+    "@mojaloop/sdk-standard-components": "19.18.0",
     "audit-ci": "^7.1.0",
-    "jest": "^30.0.5",
-    "npm-check-updates": "18.0.2",
+    "jest": "^30.2.0",
+    "npm-check-updates": "19.1.2",
     "nyc": "17.1.0",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",