@mojaloop/sdk-scheme-adapter 24.9.8-snapshot.7 → 24.10.0

package/.circleci/config.yml

@@ -1,7 +1,7 @@
 version: 2.1
 setup: true
 orbs:
-  build: mojaloop/build@1.0.55
+  build: mojaloop/build@1.0.67
 workflows:
   setup:
     jobs:

package/.grype.yaml

@@ -0,0 +1,15 @@
+ignore:
+  - vulnerability: CVE-2025-3277 #  sqlite-libs 3.48.0-r2 
+  - vulnerability: CVE-2024-9410 # ada-libs 2.9.2-r1
+  
+
+# Set output format defaults
+output:
+  - "table"
+  - "json"
+
+# Modify your CircleCI job to check critical count
+search:
+  scope: "squashed"
+quiet: false
+check-for-app-update: false

package/.nvmrc

@@ -1 +1 @@
-18.20.4
+22.15.1

package/CHANGELOG.md

@@ -1,4 +1,11 @@
 # Changelog: [mojaloop/sdk-scheme-adapter](https://github.com/mojaloop/sdk-scheme-adapter)
+## [24.10.0](https://github.com/mojaloop/sdk-scheme-adapter/compare/v24.9.7...v24.10.0) (2025-06-05)
+
+
+### Features
+
+* bump up the node version to v22.15.1 ([#586](https://github.com/mojaloop/sdk-scheme-adapter/issues/586)) ([2c09d28](https://github.com/mojaloop/sdk-scheme-adapter/commit/2c09d28363d065c826899b5613c148dc8d0dd0b4))
+
 ### [24.9.7](https://github.com/mojaloop/sdk-scheme-adapter/compare/v24.9.6...v24.9.7) (2025-06-02)
 
 

package/audit-ci.jsonc

@@ -4,7 +4,5 @@
     // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
     "moderate": true,
     "allowlist": [
-        "GHSA-968p-4wvh-cqc8", // https://github.com/advisories/GHSA-968p-4wvh-cqc8
-        "GHSA-jr5f-v2jv-69x6" // https://github.com/advisories/GHSA-jr5f-v2jv-69x6
     ]
 }

package/modules/api-svc/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-api-svc",
-  "version": "21.0.0-snapshot.45",
+  "version": "21.0.0-snapshot.37",
   "description": "An adapter for connecting to Mojaloop API enabled switches.",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -86,7 +86,6 @@
     "javascript-state-machine": "3.1.0",
     "js-yaml": "4.1.0",
     "json-schema-ref-parser": "9.0.9",
-    "knex": "3.1.0",
     "koa": "3.0.0",
     "koa-body": "6.0.1",
     "lodash": "4.17.21",

package/modules/api-svc/src/InboundServer/index.js

@@ -26,6 +26,7 @@
  ******/
 const Koa = require('koa');
 
+const _ = require('lodash');
 const assert = require('assert').strict;
 const https = require('https');
 const http = require('http');
@@ -86,6 +87,16 @@ class InboundApi extends EventEmitter {
         return this._api.callback();
     }
 
+    _updatePeerJwsKeys(peerJwsKeys) {
+        if (this._conf.pm4mlEnabled && !_.isEqual(this._jwsVerificationKeys, peerJwsKeys) &&
+            this._jwsVerificationKeys && typeof this._jwsVerificationKeys === 'object') {
+            this._logger && this._logger.isVerboseEnabled && this._logger.verbose('Clearing existing JWS verification keys');
+            Object.keys(this._jwsVerificationKeys).forEach(key => delete this._jwsVerificationKeys[key]);
+            this._logger && this._logger.isVerboseEnabled && this._logger.verbose('Assigning new peer JWS keys');
+            Object.assign(this._jwsVerificationKeys, peerJwsKeys);
+        }
+    }
+
     _startJwsWatcher() {
         const FS_EVENT_TYPES = {
             CHANGE: 'change',

package/modules/api-svc/src/index.js

@@ -140,60 +140,8 @@ class Server extends EventEmitter {
     }
 
     _shouldUpdateInboundServer(newConf) {
-        const isInboundDifferent = !_.isEqual(this.conf.inbound, newConf.inbound);
-        const isOutboundDifferent = !_.isEqual(this.conf.outbound, newConf.outbound);
-        const isPeerJWSKeysDifferent = !_.isEqual(this.conf.peerJWSKeys, newConf.peerJWSKeys);
-        const isJwsSigningKeyDifferent = !_.isEqual(this.conf.jwsSigningKey, newConf.jwsSigningKey);
-
-        if (isInboundDifferent) {
-            this.logger.debug('Inbound config is different', {
-                oldInbound: this.conf.inbound,
-                newInbound: newConf.inbound
-            });
-        }
-        if (isOutboundDifferent) {
-            this.logger.debug('Outbound config is different (checked in inbound update)', {
-                oldOutbound: this.conf.outbound,
-                newOutbound: newConf.outbound
-            });
-        }
-
-        if (isPeerJWSKeysDifferent) {
-            this.logger.debug('Peer JWS Keys config is different', {
-                oldPeerJWSKeys: this.conf.peerJWSKeys,
-                newPeerJWSKeys: newConf.peerJWSKeys
-            });
-        }
-
-        if (isJwsSigningKeyDifferent) {
-            this.logger.debug('JWS Signing Key config is different', {
-                oldJwsSigningKey: this.conf.jwsSigningKey,
-                newJwsSigningKey: newConf.jwsSigningKey
-            });
-        }
-
-        return isInboundDifferent || isOutboundDifferent || isPeerJWSKeysDifferent || isJwsSigningKeyDifferent;
-    }
-
-    _shouldUpdateOutboundServer(newConf) {
-        const isOutboundDifferent = !_.isEqual(this.conf.outbound, newConf.outbound);
-        const isJwsSigningKeyDifferent = !_.isEqual(this.conf.jwsSigningKey, newConf.jwsSigningKey);
-
-        if (isOutboundDifferent) {
-            this.logger.debug('Outbound config is different', {
-                oldOutbound: this.conf.outbound,
-                newOutbound: newConf.outbound
-            });
-        }
-
-        if (isJwsSigningKeyDifferent) {
-            this.logger.debug('JWS Signing Key config is different', {
-                oldJwsSigningKey: this.conf.jwsSigningKey,
-                newJwsSigningKey: newConf.jwsSigningKey
-            });
-        }
-
-        return isOutboundDifferent || isJwsSigningKeyDifferent;
+        return !_.isEqual(this.conf.inbound, newConf.inbound)
+            || !_.isEqual(this.conf.outbound, newConf.outbound);
     }
 
     async start() {
@@ -281,11 +229,8 @@ class Server extends EventEmitter {
         }
 
         this.logger.isDebugEnabled && this.logger.push({ oldConf: this.conf.inbound, newConf: newConf.inbound }).debug('Inbound server configuration');
-        const updateInboundServer = this._shouldUpdateInboundServer(newConf);
+        const updateInboundServer = this._shouldUpdateInboundServer(this.conf, newConf);
         if (updateInboundServer) {
-            const stopStartLabel = 'InboundServer stop/start duration';
-            // eslint-disable-next-line no-console
-            console.time(stopStartLabel);
             await this.inboundServer.stop();
             this.inboundServer = new InboundServer(
                 newConf,
@@ -299,17 +244,14 @@ class Server extends EventEmitter {
                 this.emit('error', errMessage);
             });
             await this.inboundServer.start();
-            // eslint-disable-next-line no-console
-            console.timeEnd(stopStartLabel);
             restartActionsTaken.updateInboundServer = true;
         }
 
+        this.inboundServer._api._updatePeerJwsKeys(newConf.peerJWSKeys);
+
         this.logger.isDebugEnabled && this.logger.push({ oldConf: this.conf.outbound, newConf: newConf.outbound }).debug('Outbound server configuration');
-        const updateOutboundServer = this._shouldUpdateOutboundServer(newConf);
+        const updateOutboundServer = !_.isEqual(this.conf.outbound, newConf.outbound);
         if (updateOutboundServer) {
-            const stopStartLabel = 'OutboundServer stop/start duration';
-            // eslint-disable-next-line no-console
-            console.time(stopStartLabel);
             await this.outboundServer.stop();
             this.outboundServer = new OutboundServer(
                 newConf,
@@ -324,8 +266,6 @@ class Server extends EventEmitter {
                 this.emit('error', errMessage);
             });
             await this.outboundServer.start();
-            // eslint-disable-next-line no-console
-            console.timeEnd(stopStartLabel);
             restartActionsTaken.updateOutboundServer = true;
         }
 

package/modules/api-svc/test/unit/InboundServer.test.js

@@ -490,5 +490,59 @@ describe('Inbound Server', () => {
 
             expect(Jws.validator.__validationKeys['mock-jws'].toString()).toEqual('foo-key-updated');
         });
+
+        it('should overwrite an existing peer JWS key when _updatePeerJwsKeys is called with the same key name', async () => {
+            // Arrange
+            const serverConfig = JSON.parse(JSON.stringify(defaultConfig));
+            serverConfig.validateInboundJws = true;
+            const cache = new Cache({
+                cacheUrl: serverConfig.cacheUrl,
+                logger: logger.push({ component: 'cache' }),
+                unsubscribeTimeoutMs: serverConfig.unsubscribeTimeoutMs,
+            });
+            serverConfig.validateInboundJws = true;
+            serverConfig.pm4mlEnabled = true;
+            serverConfig.peerJWSKeys = {
+                'peer1': 'original-key'
+            };
+            const svr = new InboundServer(serverConfig, logger, cache);
+
+            // Save reference before update
+            const keysRef = svr._api._jwsVerificationKeys;
+
+            // Act: Overwrite the key
+            svr._api._updatePeerJwsKeys({ 'peer1': 'new-key' });
+
+            // Assert
+            expect(svr._api._jwsVerificationKeys['peer1']).toBe('new-key');
+            expect(svr._api._jwsVerificationKeys).toBe(keysRef); // memory reference unchanged
+        });
+
+        it('should add a new peer JWS key when _updatePeerJwsKeys is called with a new key name', async () => {
+            // Arrange
+            const serverConfig = JSON.parse(JSON.stringify(defaultConfig));
+            serverConfig.validateInboundJws = true;
+            const cache = new Cache({
+                cacheUrl: serverConfig.cacheUrl,
+                logger: logger.push({ component: 'cache' }),
+                unsubscribeTimeoutMs: serverConfig.unsubscribeTimeoutMs,
+            });
+            serverConfig.validateInboundJws = true;
+            serverConfig.pm4mlEnabled = true;
+            serverConfig.peerJWSKeys = {
+                'peer1': 'original-key'
+            };
+            const svr = new InboundServer(serverConfig, logger, cache);
+
+            // Save reference before update
+            const keysRef = svr._api._jwsVerificationKeys;
+
+            // Act: Add a new key
+            svr._api._updatePeerJwsKeys({ 'peer1': 'original-key', 'peer2': 'another-key' });
+            // Assert
+            expect(svr._api._jwsVerificationKeys['peer1']).toBe('original-key');
+            expect(svr._api._jwsVerificationKeys['peer2']).toBe('another-key');
+            expect(svr._api._jwsVerificationKeys).toBe(keysRef); // memory reference unchanged
+        });
     });
 });

package/modules/outbound-command-event-handler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-outbound-command-event-handler",
-  "version": "0.3.0-snapshot.42",
+  "version": "0.3.0-snapshot.34",
   "description": "Mojaloop sdk scheme adapter command event handler",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/sdk-scheme-adapter/",

package/modules/outbound-domain-event-handler/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@mojaloop/sdk-scheme-adapter-outbound-domain-event-handler",
-    "version": "0.3.0-snapshot.42",
+    "version": "0.3.0-snapshot.34",
     "description": "mojaloop sdk scheme adapter outbound domain event handler",
     "license": "Apache-2.0",
     "homepage": "https://github.com/mojaloop/sdk-scheme-adapter/",

package/modules/private-shared-lib/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-private-shared-lib",
-  "version": "0.4.0-snapshot.42",
+  "version": "0.4.0-snapshot.34",
   "description": "SDK Scheme Adapter private shared library.",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/accounts-and-balances-bc/tree/main/modules/private-types",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter",
-  "version": "24.9.8-snapshot.7",
+  "version": "24.10.0",
   "description": "mojaloop sdk-scheme-adapter",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/sdk-scheme-adapter",
@@ -92,6 +92,7 @@
     "eslint-plugin-import": "2.31.0",
     "husky": "9.1.7",
     "jest": "29.7.0",
+    "knex": "3.1.0",
     "nodemon": "3.1.10",
     "npm-check-updates": "16.7.10",
     "replace": "1.2.2",