ml-testing-toolkit 18.17.2 → 18.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.grype.yaml +20 -44
- package/.nvmrc +1 -1
- package/CHANGELOG.md +20 -0
- package/audit-ci.jsonc +2 -2
- package/examples/collections/dfsp/p2p_fx_happy_path.json +6 -34
- package/examples/collections/dfsp/p2p_happy_path.json +4 -39
- package/examples/environments/dfsp_local_environment.json +6 -6
- package/package.json +6 -6
- package/{sbom-v18.17.1.csv → sbom-v18.17.3.csv} +145 -146
- package/spec_files/rules_callback/default.json +5 -5
- package/src/index.js +16 -0
- package/src/lib/api-management.js +7 -1
- package/src/lib/api-routes/config.js +22 -0
- package/src/lib/api-server.js +35 -0
- package/src/lib/arrayStore.js +14 -1
- package/src/lib/httpAgentStore.js +22 -2
- package/src/lib/mocking/middleware-functions/ilpModel.js +5 -5
- package/src/lib/mocking/openApiMockHandler.js +7 -1
- package/src/lib/notificationEmitter.js +7 -0
- package/src/lib/objectStore.js +14 -1
- package/src/lib/performanceOptimizer.js +102 -0
- package/src/lib/requestLogger.js +2 -1
- package/src/lib/scripting-engines/postman-sandbox.js +114 -9
- package/src/lib/scripting-engines/vm-javascript-sandbox.js +115 -1
- package/src/lib/test-outbound/outbound-initiator.js +12 -4
package/.grype.yaml
CHANGED
|
@@ -1,52 +1,28 @@
|
|
|
1
1
|
ignore:
|
|
2
|
-
|
|
2
|
+
- vulnerability: GHSA-37qj-frw5-hhjh
|
|
3
|
+
reason: "fast-xml-parser 4.5.3→5.3.4"
|
|
4
|
+
- vulnerability: GHSA-xxjr-mmjv-4gpg
|
|
5
|
+
reason: "lodash/lodash-es 4.17.21→4.17.23"
|
|
6
|
+
- vulnerability: GHSA-7h2j-956f-4vf2
|
|
7
|
+
reason: "@isaacs/brace-expansion 5.0.0→5.0.1"
|
|
8
|
+
- vulnerability: CVE-2025-60876
|
|
9
|
+
reason: "busybox 1.37.0-r30 (busybox-binsh, ssl_client)"
|
|
3
10
|
- vulnerability: GHSA-5j98-mcp5-4vw2
|
|
4
11
|
include-aliases: true
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
- vulnerability: CVE-2025-59465
|
|
11
|
-
- vulnerability: CVE-2025-55131
|
|
12
|
+
reason: "glob 10.4.5→10.5.0 and 11.0.3→11.1.0"
|
|
13
|
+
- vulnerability: GHSA-34x7-hfp2-rc4v
|
|
14
|
+
reason: "tar 7.5.1→7.5.7"
|
|
15
|
+
- vulnerability: GHSA-73rr-hh4g-fpgx
|
|
16
|
+
reason: "diff 8.0.2→8.0.3"
|
|
12
17
|
- vulnerability: GHSA-r6q2-hw4h-h46w
|
|
18
|
+
reason: "tar 7.5.1→7.5.4"
|
|
19
|
+
- vulnerability: GHSA-3966-f6p6-2qr9
|
|
20
|
+
reason: "npm 11.6.2"
|
|
13
21
|
- vulnerability: GHSA-8qq5-rm4j-mr97
|
|
14
|
-
|
|
15
|
-
- vulnerability:
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
# High severity vulnerabilities
|
|
19
|
-
- vulnerability: CVE-2025-69420
|
|
20
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
21
|
-
- vulnerability: GHSA-34x7-hfp2-rc4v
|
|
22
|
-
reason: "tar 6.2.1, 7.4.3"
|
|
23
|
-
# Medium severity vulnerabilities
|
|
24
|
-
- vulnerability: CVE-2026-22796
|
|
25
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
26
|
-
# libcrypto3 3.3.5-r0 / libssl3 3.3.5-r0: CVE-2025-15467
|
|
27
|
-
- vulnerability: CVE-2025-15467
|
|
28
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
29
|
-
# High severity vulnerabilities
|
|
30
|
-
- vulnerability: GHSA-37qj-frw5-hhjh
|
|
31
|
-
reason: "fast-xml-parser 4.5.3"
|
|
32
|
-
- vulnerability: CVE-2025-69419
|
|
33
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
34
|
-
- vulnerability: CVE-2025-69421
|
|
35
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
36
|
-
# Medium severity vulnerabilities
|
|
37
|
-
- vulnerability: CVE-2025-66199
|
|
38
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
39
|
-
- vulnerability: CVE-2025-15468
|
|
40
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
41
|
-
- vulnerability: CVE-2026-22795
|
|
42
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
43
|
-
- vulnerability: GHSA-p5wg-g6qr-c7cg
|
|
44
|
-
reason: "eslint 8.57.1"
|
|
45
|
-
- vulnerability: CVE-2025-68160
|
|
46
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
47
|
-
- vulnerability: CVE-2025-69418
|
|
48
|
-
reason: "libcrypto3 3.3.5-r0, libssl3 3.3.5-r0"
|
|
49
|
-
# Set output format defaults
|
|
22
|
+
reason: "tar 7.5.1→7.5.3"
|
|
23
|
+
- vulnerability: GHSA-29xp-372q-xqph
|
|
24
|
+
reason: "tar 7.5.1→7.5.2"
|
|
25
|
+
|
|
50
26
|
output:
|
|
51
27
|
- "table"
|
|
52
28
|
- "json"
|
package/.nvmrc
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
22.
|
|
1
|
+
22.22.0
|
package/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,24 @@
|
|
|
1
1
|
# Changelog: [mojaloop/thirdparty-api-svc](https://github.com/mojaloop/thirdparty-api-svc)
|
|
2
|
+
## [18.18.0](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.17.3...v18.18.0) (2026-02-06)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
### Features
|
|
6
|
+
|
|
7
|
+
* performance-optimization ([#366](https://github.com/mojaloop/ml-testing-toolkit/issues/366)) ([0aafd2f](https://github.com/mojaloop/ml-testing-toolkit/commit/0aafd2fc9a23d3ae1b98e50f3f5fcc8936e29419))
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
### Chore
|
|
11
|
+
|
|
12
|
+
* **sbom:** update sbom [skip ci] ([be08be3](https://github.com/mojaloop/ml-testing-toolkit/commit/be08be36ae15b70e61b194f7ffe41efbd026172c))
|
|
13
|
+
|
|
14
|
+
### [18.17.3](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.17.2...v18.17.3) (2026-02-05)
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
### Chore
|
|
18
|
+
|
|
19
|
+
* dep update ([#365](https://github.com/mojaloop/ml-testing-toolkit/issues/365)) ([953855d](https://github.com/mojaloop/ml-testing-toolkit/commit/953855dc31b867ab0622f1501465e5c27e3a29af))
|
|
20
|
+
* **sbom:** update sbom [skip ci] ([a588fc3](https://github.com/mojaloop/ml-testing-toolkit/commit/a588fc325d92e5adf6d8e29fc1105d311405813d))
|
|
21
|
+
|
|
2
22
|
### [18.17.2](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.17.1...v18.17.2) (2026-02-03)
|
|
3
23
|
|
|
4
24
|
|
package/audit-ci.jsonc
CHANGED
|
@@ -159,13 +159,6 @@
|
|
|
159
159
|
"expect(callback.headers['Content-Length']).to.not.equal('0')"
|
|
160
160
|
]
|
|
161
161
|
},
|
|
162
|
-
{
|
|
163
|
-
"id": 4,
|
|
164
|
-
"description": "Callback FSP Destination equal to request FSP Source",
|
|
165
|
-
"exec": [
|
|
166
|
-
"expect(callback.headers['fspiop-destination']).to.equal('{$request.headers['FSPIOP-Source']}')"
|
|
167
|
-
]
|
|
168
|
-
},
|
|
169
162
|
{
|
|
170
163
|
"id": 5,
|
|
171
164
|
"description": "Callback body should contain conversionTerms",
|
|
@@ -211,8 +204,8 @@
|
|
|
211
204
|
"operationPath": "/quotes",
|
|
212
205
|
"method": "post",
|
|
213
206
|
"headers": {
|
|
214
|
-
"Accept": "
|
|
215
|
-
"Content-Type": "
|
|
207
|
+
"Accept": "{$inputs.acceptQuotes}",
|
|
208
|
+
"Content-Type": "{$inputs.contentTypeQuotes}",
|
|
216
209
|
"Date": "{$function.generic.curDate}",
|
|
217
210
|
"FSPIOP-Source": "{$inputs.fromFspId}",
|
|
218
211
|
"FSPIOP-Destination": "{$prev.1.callback.body.party.partyIdInfo.fspId}"
|
|
@@ -276,13 +269,6 @@
|
|
|
276
269
|
"expect(callback.headers['Content-Length']).to.not.equal('0')"
|
|
277
270
|
]
|
|
278
271
|
},
|
|
279
|
-
{
|
|
280
|
-
"id": 4,
|
|
281
|
-
"description": "Callback FSP Destination equal to request FSP Source",
|
|
282
|
-
"exec": [
|
|
283
|
-
"expect(callback.headers['fspiop-destination']).to.equal('{$request.headers['FSPIOP-Source']}')"
|
|
284
|
-
]
|
|
285
|
-
},
|
|
286
272
|
{
|
|
287
273
|
"id": 5,
|
|
288
274
|
"description": "Callback body should contain transferAmount",
|
|
@@ -348,8 +334,8 @@
|
|
|
348
334
|
"path": "/fxTransfers",
|
|
349
335
|
"method": "post",
|
|
350
336
|
"headers": {
|
|
351
|
-
"Accept": "application/vnd.interoperability.fxTransfers+json;version=
|
|
352
|
-
"Content-Type": "application/vnd.interoperability.fxTransfers+json;version=
|
|
337
|
+
"Accept": "application/vnd.interoperability.fxTransfers+json;version=2.0",
|
|
338
|
+
"Content-Type": "application/vnd.interoperability.fxTransfers+json;version=2.0",
|
|
353
339
|
"Date": "{$function.generic.curDate}",
|
|
354
340
|
"FSPIOP-Source": "{$inputs.fromFspId}"
|
|
355
341
|
},
|
|
@@ -392,13 +378,6 @@
|
|
|
392
378
|
"exec": [
|
|
393
379
|
"expect(callback.headers['Content-Length']).to.not.equal('0')"
|
|
394
380
|
]
|
|
395
|
-
},
|
|
396
|
-
{
|
|
397
|
-
"id": 4,
|
|
398
|
-
"description": "Callback FSP Destination equal to request FSP Source",
|
|
399
|
-
"exec": [
|
|
400
|
-
"expect(callback.headers['fspiop-destination']).to.equal('{$request.headers['FSPIOP-Source']}')"
|
|
401
|
-
]
|
|
402
381
|
}
|
|
403
382
|
]
|
|
404
383
|
},
|
|
@@ -416,8 +395,8 @@
|
|
|
416
395
|
"operationPath": "/transfers",
|
|
417
396
|
"method": "post",
|
|
418
397
|
"headers": {
|
|
419
|
-
"Accept": "
|
|
420
|
-
"Content-Type": "
|
|
398
|
+
"Accept": "{$inputs.acceptTransfers}",
|
|
399
|
+
"Content-Type": "{$inputs.contentTransfers}",
|
|
421
400
|
"Date": "{$function.generic.curDate}",
|
|
422
401
|
"FSPIOP-Source": "{$inputs.fromFspId}"
|
|
423
402
|
},
|
|
@@ -456,13 +435,6 @@
|
|
|
456
435
|
"expect(callback.headers['Content-Length']).to.not.equal('0')"
|
|
457
436
|
]
|
|
458
437
|
},
|
|
459
|
-
{
|
|
460
|
-
"id": 4,
|
|
461
|
-
"description": "Callback FSP Destination equal to request FSP Source",
|
|
462
|
-
"exec": [
|
|
463
|
-
"expect(callback.headers['fspiop-destination']).to.equal('{$request.headers['FSPIOP-Source']}')"
|
|
464
|
-
]
|
|
465
|
-
},
|
|
466
438
|
{
|
|
467
439
|
"id": 5,
|
|
468
440
|
"description": "Callback transferState to be COMMITTED",
|
|
@@ -1,26 +1,5 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dfsp-p2p-tests",
|
|
3
|
-
"inputValues": {
|
|
4
|
-
"fromIdType": "MSISDN",
|
|
5
|
-
"fromIdValue": "44123456789",
|
|
6
|
-
"fromFirstName": "Firstname-Test",
|
|
7
|
-
"fromLastName": "Lastname-Test",
|
|
8
|
-
"fromDOB": "1984-01-01",
|
|
9
|
-
"note": "Test Payment",
|
|
10
|
-
"currency": "USD",
|
|
11
|
-
"amount": "100",
|
|
12
|
-
"homeTransactionId": "123ABC",
|
|
13
|
-
"fromFspId": "testingtoolkitdfsp",
|
|
14
|
-
"accept": "application/vnd.interoperability.parties+json;version=1.0",
|
|
15
|
-
"contentType": "application/vnd.interoperability.parties+json;version=1.0",
|
|
16
|
-
"toIdValue": "9876543210",
|
|
17
|
-
"toIdType": "MSISDN",
|
|
18
|
-
"toFspId": "userdfsp",
|
|
19
|
-
"acceptQuotes": "application/vnd.interoperability.quotes+json;version=1.0",
|
|
20
|
-
"contentTypeQuotes": "application/vnd.interoperability.quotes+json;version=1.0",
|
|
21
|
-
"acceptTransfers": "application/vnd.interoperability.transfers+json;version=1.0",
|
|
22
|
-
"contentTransfers": "application/vnd.interoperability.transfers+json;version=1.0"
|
|
23
|
-
},
|
|
24
3
|
"test_cases": [
|
|
25
4
|
{
|
|
26
5
|
"id": 1,
|
|
@@ -121,8 +100,8 @@
|
|
|
121
100
|
"operationPath": "/quotes",
|
|
122
101
|
"method": "post",
|
|
123
102
|
"headers": {
|
|
124
|
-
"Accept": "
|
|
125
|
-
"Content-Type": "
|
|
103
|
+
"Accept": "{$inputs.acceptQuotes}",
|
|
104
|
+
"Content-Type": "{$inputs.contentTypeQuotes}",
|
|
126
105
|
"Date": "{$function.generic.curDate}",
|
|
127
106
|
"FSPIOP-Source": "{$inputs.fromFspId}",
|
|
128
107
|
"FSPIOP-Destination": "{$prev.1.callback.body.party.partyIdInfo.fspId}"
|
|
@@ -208,13 +187,6 @@
|
|
|
208
187
|
"expect(callback.body.transferAmount.currency).to.equal('{$request.body.amount.currency}')"
|
|
209
188
|
]
|
|
210
189
|
},
|
|
211
|
-
{
|
|
212
|
-
"id": 7,
|
|
213
|
-
"description": "Callback content-type to be quotes",
|
|
214
|
-
"exec": [
|
|
215
|
-
"expect(callback.headers['content-type']).to.equal('application/vnd.interoperability.quotes+json;version=1.0')"
|
|
216
|
-
]
|
|
217
|
-
},
|
|
218
190
|
{
|
|
219
191
|
"id": 8,
|
|
220
192
|
"description": "Request amountType to be SEND",
|
|
@@ -258,8 +230,8 @@
|
|
|
258
230
|
"operationPath": "/transfers",
|
|
259
231
|
"method": "post",
|
|
260
232
|
"headers": {
|
|
261
|
-
"Accept": "
|
|
262
|
-
"Content-Type": "
|
|
233
|
+
"Accept": "{$inputs.acceptTransfers}",
|
|
234
|
+
"Content-Type": "{$inputs.contentTransfers}",
|
|
263
235
|
"Date": "{$function.generic.curDate}",
|
|
264
236
|
"FSPIOP-Source": "{$inputs.fromFspId}"
|
|
265
237
|
},
|
|
@@ -312,13 +284,6 @@
|
|
|
312
284
|
"expect(callback.body.transferState).to.equal('COMMITTED')"
|
|
313
285
|
]
|
|
314
286
|
},
|
|
315
|
-
{
|
|
316
|
-
"id": 6,
|
|
317
|
-
"description": "Callback content-type to be transfers",
|
|
318
|
-
"exec": [
|
|
319
|
-
"expect(callback.headers['content-type']).to.equal('application/vnd.interoperability.transfers+json;version=1.0')"
|
|
320
|
-
]
|
|
321
|
-
},
|
|
322
287
|
{
|
|
323
288
|
"id": 7,
|
|
324
289
|
"description": "Request transferId same as quote request transferId",
|
|
@@ -9,15 +9,15 @@
|
|
|
9
9
|
"HOST_SIMULATOR": "http://moja-simulator.local",
|
|
10
10
|
"HOST_TRANSACTION_REQUESTS_SERVICE": "http://transaction-request-service.local",
|
|
11
11
|
"HUB_OPERATOR_BEARER_TOKEN": "NOT_APPLICABLE",
|
|
12
|
-
"accept": "application/vnd.interoperability.parties+json;version=
|
|
13
|
-
"acceptQuotes": "application/vnd.interoperability.quotes+json;version=
|
|
14
|
-
"acceptTransfers": "application/vnd.interoperability.transfers+json;version=
|
|
12
|
+
"accept": "application/vnd.interoperability.parties+json;version=2.0",
|
|
13
|
+
"acceptQuotes": "application/vnd.interoperability.quotes+json;version=2.0",
|
|
14
|
+
"acceptTransfers": "application/vnd.interoperability.transfers+json;version=2.0",
|
|
15
15
|
"accountId": "6",
|
|
16
16
|
"amount": "100",
|
|
17
17
|
"condition": "HOr22-H3AfTDHrSkPjJtVPRdKouuMkDXTR4ejlQa8Ks",
|
|
18
|
-
"contentTransfers": "application/vnd.interoperability.transfers+json;version=
|
|
19
|
-
"contentType": "application/vnd.interoperability.parties+json;version=
|
|
20
|
-
"contentTypeQuotes": "application/vnd.interoperability.quotes+json;version=
|
|
18
|
+
"contentTransfers": "application/vnd.interoperability.transfers+json;version=2.0",
|
|
19
|
+
"contentType": "application/vnd.interoperability.parties+json;version=2.0",
|
|
20
|
+
"contentTypeQuotes": "application/vnd.interoperability.quotes+json;version=2.0",
|
|
21
21
|
"currency": "USD",
|
|
22
22
|
"fromDOB": "1984-01-01",
|
|
23
23
|
"fromFirstName": "Firstname-Test",
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ml-testing-toolkit",
|
|
3
3
|
"description": "Testing Toolkit for Mojaloop implementations",
|
|
4
|
-
"version": "18.
|
|
4
|
+
"version": "18.18.0",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "Vijaya Kumar Guthi, ModusBox Inc. ",
|
|
7
7
|
"contributors": [
|
|
@@ -71,7 +71,7 @@
|
|
|
71
71
|
"genexec": "pkg -t node8-win ."
|
|
72
72
|
},
|
|
73
73
|
"dependencies": {
|
|
74
|
-
"@elastic/elasticsearch": "9.
|
|
74
|
+
"@elastic/elasticsearch": "9.3.0",
|
|
75
75
|
"@hapi/basic": "7.0.2",
|
|
76
76
|
"@hapi/boom": "10.0.1",
|
|
77
77
|
"@hapi/good": "9.0.1",
|
|
@@ -80,9 +80,9 @@
|
|
|
80
80
|
"@hapi/vision": "7.0.3",
|
|
81
81
|
"@mojaloop/central-services-logger": "11.10.3",
|
|
82
82
|
"@mojaloop/central-services-metrics": "12.8.3",
|
|
83
|
-
"@mojaloop/ml-schema-transformer-lib": "2.
|
|
83
|
+
"@mojaloop/ml-schema-transformer-lib": "2.9.0",
|
|
84
84
|
"@mojaloop/ml-testing-toolkit-shared-lib": "14.3.2",
|
|
85
|
-
"@mojaloop/sdk-standard-components": "19.18.
|
|
85
|
+
"@mojaloop/sdk-standard-components": "19.18.7",
|
|
86
86
|
"@now-ims/hapi-now-auth": "2.1.0",
|
|
87
87
|
"@types/socket.io": "3.0.2",
|
|
88
88
|
"adm-zip": "0.5.16",
|
|
@@ -94,7 +94,7 @@
|
|
|
94
94
|
"cookie-parser": "1.4.7",
|
|
95
95
|
"cookies": "0.9.1",
|
|
96
96
|
"cors": "2.8.6",
|
|
97
|
-
"dotenv": "17.2.
|
|
97
|
+
"dotenv": "17.2.4",
|
|
98
98
|
"express": "5.2.1",
|
|
99
99
|
"express-validator": "7.3.1",
|
|
100
100
|
"fs": "0.0.1-security",
|
|
@@ -108,7 +108,7 @@
|
|
|
108
108
|
"json-rules-engine": "7.3.1",
|
|
109
109
|
"jsonwebtoken": "9.0.3",
|
|
110
110
|
"lodash": "4.17.23",
|
|
111
|
-
"mongoose": "9.1.
|
|
111
|
+
"mongoose": "9.1.6",
|
|
112
112
|
"multer": "2.0.2",
|
|
113
113
|
"mustache": "4.2.0",
|
|
114
114
|
"mv": "2.1.1",
|