npm - ml-testing-toolkit - Versions diffs - 18.16.5 → 18.17.0-snapshot.2 - Mend

ml-testing-toolkit 18.16.5 → 18.17.0-snapshot.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.grype.yaml +16 -8
package/.nvmrc +1 -1
package/CHANGELOG.md +8 -0
package/audit-ci.jsonc +1 -1
package/package.json +19 -19
package/{sbom-v18.16.4.csv → sbom-v18.16.5.csv} +92 -92
package/src/lib/db/adapters/dbAdapter.js +1 -4
package/src/lib/mocking/middleware-functions/ilpModel.js +17 -1
package/src/lib/mocking/openApiMockHandler.js +17 -0

package/.grype.yaml CHANGED Viewed

@@ -1,12 +1,20 @@
 ignore:
-  # Ignore cross-spawn vulnerabilities by CVE ID due to false positive
-  # as grype looks at package-lock.json where it shows versions with
-  # vulnerabilities, npm ls shows only 7.0.6 verion is used
-  - vulnerability: CVE-2025-9230
-  - vulnerability: CVE-2025-9232
-  - vulnerability: CVE-2025-9231
-  - vulnerability: GHSA-3xgq-45jj-v275
-  - vulnerability: GHSA-5j98-mcp5-4vw2 # false positive report for glob 10.4.5, not found in package-lock.json
+  # Remove this ignore after verifying CI builds fresh image
+  - vulnerability: GHSA-5j98-mcp5-4vw2
+    include-aliases: true
+  - vulnerability: CVE-2025-60876
+    reason: "No fixes available as of 2026-01-14 on Dockerfile base image 22.21.1-alpine3.23"
+  - vulnerability: CVE-2026-22184
+    reason: "No fixes available as of 2026-01-16 on Dockerfile base image 22.21.1-alpine3.23"
+  - vulnerability: CVE-2026-28309
+  - vulnerability: CVE-2025-59465
+  - vulnerability: CVE-2025-55131
+  - vulnerability: GHSA-r6q2-hw4h-h46w
+  - vulnerability: GHSA-8qq5-rm4j-mr97
+  - vulnerability: CVE-2025-55130
+  - vulnerability: CVE-2026-21637
+  - vulnerability: CVE-2025-59466
+  - vulnerability: GHSA-xxjr-mmjv-4gpg
 # Set output format defaults
 output:

package/.nvmrc CHANGED Viewed

	@@ -1 +1 @@
1	- 22.15.1
1	+ 22.21.1

package/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,12 @@
 # Changelog: [mojaloop/thirdparty-api-svc](https://github.com/mojaloop/thirdparty-api-svc)
+### [18.16.6](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.16.5...v18.16.6) (2026-01-08)
+### Chore
+* **sbom:** update sbom [skip ci] ([f555028](https://github.com/mojaloop/ml-testing-toolkit/commit/f555028ff231b8554b78ae76d1ce228298e849b3))
+* update deps ([#359](https://github.com/mojaloop/ml-testing-toolkit/issues/359)) ([18ea189](https://github.com/mojaloop/ml-testing-toolkit/commit/18ea189eef7c15f01e20679b6aec2c33f9194b41))
 ### [18.16.5](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.16.4...v18.16.5) (2025-11-18)

package/audit-ci.jsonc CHANGED Viewed

@@ -4,6 +4,6 @@
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
   "allowlist": [
+    "GHSA-xxjr-mmjv-4gpg"
   ]
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "ml-testing-toolkit",
   "description": "Testing Toolkit for Mojaloop implementations",
-  "version": "18.16.5",
+  "version": "18.17.0-snapshot.2",
   "license": "Apache-2.0",
   "author": "Vijaya Kumar Guthi, ModusBox Inc. ",
   "contributors": [
@@ -78,11 +78,11 @@
     "@hapi/hapi": "21.4.4",
     "@hapi/inert": "7.1.0",
     "@hapi/vision": "7.0.3",
-    "@mojaloop/central-services-logger": "11.10.1",
-    "@mojaloop/central-services-metrics": "12.8.1",
-    "@mojaloop/ml-schema-transformer-lib": "2.7.8",
-    "@mojaloop/ml-testing-toolkit-shared-lib": "14.3.1",
-    "@mojaloop/sdk-standard-components": "19.18.0",
+    "@mojaloop/central-services-logger": "11.10.3",
+    "@mojaloop/central-services-metrics": "12.8.3",
+    "@mojaloop/ml-schema-transformer-lib": "2.7.13",
+    "@mojaloop/ml-testing-toolkit-shared-lib": "14.3.2",
+    "@mojaloop/sdk-standard-components": "19.18.4",
     "@now-ims/hapi-now-auth": "2.1.0",
     "@types/socket.io": "3.0.2",
     "adm-zip": "0.5.16",
@@ -93,10 +93,10 @@
     "connection-string": "^5.0.0",
     "cookie-parser": "1.4.7",
     "cookies": "0.9.1",
-    "cors": "2.8.5",
+    "cors": "2.8.6",
     "dotenv": "17.2.3",
-    "express": "5.1.0",
-    "express-validator": "7.3.0",
+    "express": "5.2.1",
+    "express-validator": "7.3.1",
     "fs": "0.0.1-security",
     "handlebars": "4.7.8",
     "hapi-auth-bearer-token": "8.0.0",
@@ -106,9 +106,9 @@
     "js-yaml": "4.1.1",
     "json-refs": "3.0.15",
     "json-rules-engine": "7.3.1",
-    "jsonwebtoken": "9.0.2",
-    "lodash": "4.17.21",
-    "mongoose": "8.20.0",
+    "jsonwebtoken": "9.0.3",
+    "lodash": "4.17.23",
+    "mongoose": "9.1.5",
     "multer": "2.0.2",
     "mustache": "4.2.0",
     "mv": "2.1.1",
@@ -124,11 +124,11 @@
     "rc": "1.2.8",
     "request-to-curl": "0.1.6",
     "selectn": "1.3.0",
-    "socket.io": "4.8.1",
-    "socket.io-client": "4.8.1",
+    "socket.io": "4.8.3",
+    "socket.io-client": "4.8.3",
     "ulidx": "2.4.1",
     "uuid": "11.1.0",
-    "ws": "8.18.3"
+    "ws": "8.19.0"
   },
   "devDependencies": {
     "@types/jest": "29.5.14",
@@ -138,16 +138,16 @@
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
     "nodemon": "3.1.11",
-    "npm-check-updates": "19.1.2",
+    "npm-check-updates": "19.3.1",
     "nyc": "17.1.0",
     "parse-strings-in-object": "1.6.0",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",
     "replace": "1.2.2",
-    "sinon": "21.0.0",
+    "sinon": "21.0.1",
     "standard": "17.1.2",
     "standard-version": "9.5.0",
-    "supertest": "7.1.4",
+    "supertest": "7.2.2",
     "tap-xunit": "2.4.1"
   },
   "imports": {
@@ -190,7 +190,7 @@
     },
     "cross-spawn": "7.0.6",
     "markdown-it": "14.1.0",
-    "jsonwebtoken": "9.0.2",
+    "jsonwebtoken": "9.0.3",
     "yargs-parser": "21.1.1",
     "oas-validator": {
       "ajv": "6.12.3"