ml-testing-toolkit 18.16.6 → 18.17.0-snapshot.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/.grype.yaml +16 -9
  2. package/.nvmrc +1 -1
  3. package/audit-ci.jsonc +1 -1
  4. package/package.json +7 -7
  5. package/src/lib/db/adapters/dbAdapter.js +1 -4
  6. package/src/lib/mocking/middleware-functions/ilpModel.js +33 -1
  7. package/src/lib/mocking/openApiMockHandler.js +20 -1
  8. package/src/lib/objectStore.js +3 -1
package/.grype.yaml CHANGED
@@ -1,13 +1,20 @@
1
1
  ignore:
2
- # Ignore cross-spawn vulnerabilities by CVE ID due to false positive
3
- # as grype looks at package-lock.json where it shows versions with
4
- # vulnerabilities, npm ls shows only 7.0.6 verion is used
5
- - vulnerability: CVE-2025-9230
6
- - vulnerability: CVE-2025-9232
7
- - vulnerability: CVE-2025-9231
8
- - vulnerability: GHSA-3xgq-45jj-v275
9
- - vulnerability: GHSA-5j98-mcp5-4vw2 # false positive report for glob 10.4.5, not found in package-lock.json
10
- - vulnerability: CVE-2025-60876 # busybox and ssl_client from node 22.15.1 alpine image
2
+ # Remove this ignore after verifying CI builds fresh image
3
+ - vulnerability: GHSA-5j98-mcp5-4vw2
4
+ include-aliases: true
5
+ - vulnerability: CVE-2025-60876
6
+ reason: "No fixes available as of 2026-01-14 on Dockerfile base image 22.21.1-alpine3.23"
7
+ - vulnerability: CVE-2026-22184
8
+ reason: "No fixes available as of 2026-01-16 on Dockerfile base image 22.21.1-alpine3.23"
9
+ - vulnerability: CVE-2026-28309
10
+ - vulnerability: CVE-2025-59465
11
+ - vulnerability: CVE-2025-55131
12
+ - vulnerability: GHSA-r6q2-hw4h-h46w
13
+ - vulnerability: GHSA-8qq5-rm4j-mr97
14
+ - vulnerability: CVE-2025-55130
15
+ - vulnerability: CVE-2026-21637
16
+ - vulnerability: CVE-2025-59466
17
+ - vulnerability: GHSA-xxjr-mmjv-4gpg
11
18
 
12
19
  # Set output format defaults
13
20
  output:
package/.nvmrc CHANGED
@@ -1 +1 @@
1
- 22.15.1
1
+ 22.21.1
package/audit-ci.jsonc CHANGED
@@ -4,6 +4,6 @@
4
4
  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
5
5
  "moderate": true,
6
6
  "allowlist": [
7
-
7
+ "GHSA-xxjr-mmjv-4gpg"
8
8
  ]
9
9
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "ml-testing-toolkit",
3
3
  "description": "Testing Toolkit for Mojaloop implementations",
4
- "version": "18.16.6",
4
+ "version": "18.17.0-snapshot.11",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Vijaya Kumar Guthi, ModusBox Inc. ",
7
7
  "contributors": [
@@ -78,22 +78,22 @@
78
78
  "@hapi/hapi": "21.4.4",
79
79
  "@hapi/inert": "7.1.0",
80
80
  "@hapi/vision": "7.0.3",
81
- "@mojaloop/central-services-logger": "11.10.2",
81
+ "@mojaloop/central-services-logger": "11.10.3",
82
82
  "@mojaloop/central-services-metrics": "12.8.3",
83
83
  "@mojaloop/ml-schema-transformer-lib": "2.7.13",
84
- "@mojaloop/ml-testing-toolkit-shared-lib": "14.3.1",
84
+ "@mojaloop/ml-testing-toolkit-shared-lib": "14.3.2",
85
85
  "@mojaloop/sdk-standard-components": "19.18.4",
86
86
  "@now-ims/hapi-now-auth": "2.1.0",
87
87
  "@types/socket.io": "3.0.2",
88
88
  "adm-zip": "0.5.16",
89
89
  "ajv-formats": "3.0.1",
90
90
  "atob": "2.1.2",
91
- "axios": "1.13.2",
91
+ "axios": "1.13.3",
92
92
  "chai": "4.4.1",
93
93
  "connection-string": "^5.0.0",
94
94
  "cookie-parser": "1.4.7",
95
95
  "cookies": "0.9.1",
96
- "cors": "2.8.5",
96
+ "cors": "2.8.6",
97
97
  "dotenv": "17.2.3",
98
98
  "express": "5.2.1",
99
99
  "express-validator": "7.3.1",
@@ -107,8 +107,8 @@
107
107
  "json-refs": "3.0.15",
108
108
  "json-rules-engine": "7.3.1",
109
109
  "jsonwebtoken": "9.0.3",
110
- "lodash": "4.17.21",
111
- "mongoose": "9.1.2",
110
+ "lodash": "4.17.23",
111
+ "mongoose": "9.1.5",
112
112
  "multer": "2.0.2",
113
113
  "mustache": "4.2.0",
114
114
  "mv": "2.1.1",
package/src/lib/db/adapters/dbAdapter.js CHANGED
@@ -48,10 +48,7 @@ const getConnection = async () => {
48
48
  }
49
49
 
50
50
  // TLS/SSL support
51
- const mongoOptions = {
52
- useNewUrlParser: true,
53
- useUnifiedTopology: true
54
- }
51
+ const mongoOptions = {}
55
52
 
56
53
  if (systemConfig.DB.SSL_ENABLED) {
57
54
  mongoOptions.tls = true
package/src/lib/mocking/middleware-functions/ilpModel.js CHANGED
@@ -30,6 +30,7 @@
30
30
  const { ilpFactory, ILP_VERSIONS } = require('@mojaloop/sdk-standard-components').Ilp
31
31
  const customLogger = require('../../requestLogger')
32
32
  const { logger } = require('../../logger')
33
+ const objectStore = require('../../objectStore')
33
34
 
34
35
  let ilpObj = null
35
36
  let ilpV4Obj = null
@@ -140,8 +141,39 @@ const handleTransferIlp = (context, response) => {
140
141
  response.body.TxInfAndSts.ExctnConf = generatedFulfilment
141
142
  }
142
143
  }
144
+
145
+ customLogger.logMessage('debug', 'Generated callback body', { additionalData: { context, response } })
143
146
  if (context.request.method === 'get' && response.method === 'put' && pathMatch.test(response.path)) {
144
- delete response.body.fulfilment
147
+ customLogger.logMessage('debug', 'Returning stored fulfilment if exists for transfer GET')
148
+ const transferId = response.path.match(pathMatch)[1]
149
+ customLogger.logMessage('debug', 'Fetching stored transfer for fulfilment', { additionalData: { transferId } })
150
+ // Use objectStore to get the stored transfer
151
+ const storedTransfer = objectStore.get('storedTransfers', transferId)
152
+ customLogger.logMessage('debug', 'Stored transfer fetched for fulfilment', { additionalData: { storedTransfer, context } })
153
+ // Check if stored request exists and is within 30 seconds
154
+ if (storedTransfer) {
155
+ if (storedTransfer.data?.request?.ilpPacket) {
156
+ customLogger.logMessage('debug', 'Stored transfer has ilpPacket. Generating fulfilment.', { additionalData: { transferId, ilpPacket: storedTransfer.data.request.ilpPacket } })
157
+ const generatedFulfilment = ilpObj.calculateFulfil(storedTransfer.data.request.ilpPacket).replace('"', '')
158
+ response.body.fulfilment = generatedFulfilment
159
+ customLogger.logMessage('debug', 'Fulfilment set in response body', { additionalData: { transferId, fulfilment: generatedFulfilment } })
160
+ } else if (storedTransfer.data?.request?.CdtTrfTxInf?.VrfctnOfTerms?.IlpV4PrepPacket) {
161
+ customLogger.logMessage('debug', 'Stored transfer has IlpV4PrepPacket. Generating fulfilment.', { additionalData: { transferId, IlpV4PrepPacket: storedTransfer.data.request.CdtTrfTxInf.VrfctnOfTerms.IlpV4PrepPacket } })
162
+ const generatedFulfilment = ilpV4Obj.calculateFulfil(storedTransfer.data.request.CdtTrfTxInf.VrfctnOfTerms.IlpV4PrepPacket).replace('"', '')
163
+ response.body.TxInfAndSts.ExctnConf = generatedFulfilment
164
+ customLogger.logMessage('debug', 'ExctnConf set in response body', { additionalData: { transferId, ExctnConf: generatedFulfilment } })
165
+ } else {
166
+ customLogger.logMessage('warn', 'No ILP packet or IlpV4PrepPacket found in stored transfer request', { additionalData: { transferId, storedTransfer } })
167
+ }
168
+ // Remove the stored transfer from objectStore
169
+ objectStore.get('storedTransfers', undefined) // Ensure init
170
+ objectStore.set('storedTransfers', {
171
+ ...objectStore.get('storedTransfers', undefined),
172
+ [transferId]: undefined
173
+ })
174
+ } else {
175
+ delete response.body.fulfilment
176
+ }
145
177
  }
146
178
  }
147
179
 
package/src/lib/mocking/openApiMockHandler.js CHANGED
@@ -318,6 +318,25 @@ const generateAsyncCallback = async (item, context, req) => {
318
318
  return
319
319
  }
320
320
  } else {
321
+ // Store transfers early - right after validation
322
+ const transferPathMatch = /\/transfers(?:\/([^/]+))?$/
323
+ const fxTransferPathMatch = /\/fxTransfers(?:\/([^/]+))?$/
324
+ customLogger.logMessage('debug', 'Processing transfer request', { additionalData: { method: req.method, path: req.path }, request: req })
325
+ if (req.method === 'post' && (transferPathMatch.test(req.path) || fxTransferPathMatch.test(req.path))) {
326
+ const isFxTransfer = fxTransferPathMatch.test(req.path)
327
+ let transferId = (req.payload && req.payload.transferId) || (req.payload && req.payload.commitRequestId)
328
+ if (!transferId && req.payload && req.payload.CdtTrfTxInf && req.payload.CdtTrfTxInf.PmtId && req.payload.CdtTrfTxInf.PmtId.TxId) {
329
+ transferId = req.payload.CdtTrfTxInf.PmtId.TxId
330
+ }
331
+ customLogger.logMessage('debug', 'Storing transfer for validation', { additionalData: { transferId }, request: req })
332
+
333
+ // Use objectStore to store the transfer
334
+ objectStore.push('storedTransfers', transferId, {
335
+ request: req.payload,
336
+ type: isFxTransfer ? 'fxTransfer' : 'transfer'
337
+ })
338
+ }
339
+
321
340
  // Getting callback info from callback map file
322
341
  try {
323
342
  const cbMapRawdata = await utils.readFileAsync(item.callbackMapFile)
@@ -426,7 +445,7 @@ const generateAsyncCallback = async (item, context, req) => {
426
445
  return
427
446
  }
428
447
  }
429
-
448
+ customLogger.logMessage('debug', 'Generated callback body', { additionalData: { body: generatedCallback.body }, request: req })
430
449
  if (generatedCallback.body) {
431
450
  // Append ILP properties to callback
432
451
  const fulfilment = IlpModel.handleQuoteIlp(context, generatedCallback)
package/src/lib/objectStore.js CHANGED
@@ -35,7 +35,8 @@ const storedObject = {
35
35
  transactions: {},
36
36
  inboundEnvironment: {},
37
37
  requests: {},
38
- callbacks: {}
38
+ callbacks: {},
39
+ storedTransfers: {}
39
40
  }
40
41
  }
41
42
 
@@ -103,6 +104,7 @@ const clearOldObjects = () => {
103
104
  clear('callbacks', interval)
104
105
  clear('requestsHistory', interval)
105
106
  clear('callbacksHistory', interval)
107
+ clear('storedTransfers', interval)
106
108
  }
107
109
 
108
110
  const initObjectStore = (initConfig = null) => {