ml-testing-toolkit 18.19.0 → 18.19.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.grype.yaml +27 -14
- package/CHANGELOG.md +19 -0
- package/Dockerfile +1 -2
- package/audit-ci.jsonc +4 -3
- package/package.json +25 -20
- package/{sbom-v18.17.3.csv → sbom-v18.19.0.csv} +48 -47
- package/src/lib/mocking/openApiMockHandler.js +11 -4
- package/src/lib/mocking/openApiRulesEngine.js +3 -1
- package/src/lib/test-outbound/outbound-initiator.js +7 -3
- package/src/lib/utils.js +82 -0
package/.grype.yaml
CHANGED
|
@@ -1,30 +1,43 @@
|
|
|
1
|
+
scan-type: source
|
|
2
|
+
|
|
1
3
|
ignore:
|
|
2
|
-
# fast-xml-parser vulnerability
|
|
3
4
|
- vulnerability: GHSA-37qj-frw5-hhjh
|
|
4
|
-
# lodash vulnerabilities
|
|
5
5
|
- vulnerability: GHSA-xxjr-mmjv-4gpg
|
|
6
|
-
# @isaacs/brace-expansion vulnerability
|
|
7
6
|
- vulnerability: GHSA-7h2j-956f-4vf2
|
|
8
|
-
# busybox vulnerabilities
|
|
9
7
|
- vulnerability: CVE-2025-60876
|
|
10
|
-
# glob vulnerabilities
|
|
11
8
|
- vulnerability: GHSA-5j98-mcp5-4vw2
|
|
12
|
-
# tar vulnerabilities
|
|
13
9
|
- vulnerability: GHSA-34x7-hfp2-rc4v
|
|
14
10
|
- vulnerability: GHSA-r6q2-hw4h-h46w
|
|
15
11
|
- vulnerability: GHSA-8qq5-rm4j-mr97
|
|
16
12
|
- vulnerability: GHSA-29xp-372q-xqph
|
|
17
|
-
# diff vulnerability
|
|
18
13
|
- vulnerability: GHSA-73rr-hh4g-fpgx
|
|
19
|
-
# npm vulnerability
|
|
20
14
|
- vulnerability: GHSA-3966-f6p6-2qr9
|
|
21
|
-
|
|
15
|
+
- vulnerability: GHSA-3ppc-4f35-3m26
|
|
16
|
+
include-aliases: true
|
|
17
|
+
reason: >-
|
|
18
|
+
Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
|
|
19
|
+
2026-02-25 (high severity)
|
|
20
|
+
- vulnerability: GHSA-83g3-92jg-28cx
|
|
21
|
+
include-aliases: true
|
|
22
|
+
reason: >-
|
|
23
|
+
Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
|
|
24
|
+
2026-02-25 (high severity)
|
|
25
|
+
- vulnerability: CVE-2026-27171
|
|
26
|
+
include-aliases: true
|
|
27
|
+
reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-25 (moderate severity)"
|
|
28
|
+
- vulnerability: GHSA-m7jm-9gc2-mpf2
|
|
29
|
+
include-aliases: true
|
|
30
|
+
reason: "Unfixable npm transitive vulnerability: fast-xml-parser (critical severity) as of 2026-02-25"
|
|
31
|
+
- vulnerability: GHSA-2g4f-4pwh-qvx6
|
|
32
|
+
include-aliases: true
|
|
33
|
+
reason: "Unfixable npm transitive vulnerability: ajv (high severity) as of 2026-02-25"
|
|
34
|
+
- vulnerability: GHSA-jmr7-xgp7-cmfj
|
|
35
|
+
include-aliases: true
|
|
36
|
+
reason: "Unfixable npm transitive vulnerability: fast-xml-parser (high severity) as of 2026-02-25"
|
|
22
37
|
output:
|
|
23
|
-
-
|
|
24
|
-
-
|
|
25
|
-
|
|
26
|
-
# Modify your CircleCI job to check critical count
|
|
38
|
+
- table
|
|
39
|
+
- json
|
|
27
40
|
search:
|
|
28
|
-
scope:
|
|
41
|
+
scope: squashed
|
|
29
42
|
quiet: false
|
|
30
43
|
check-for-app-update: false
|
package/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,23 @@
|
|
|
1
1
|
# Changelog: [mojaloop/thirdparty-api-svc](https://github.com/mojaloop/thirdparty-api-svc)
|
|
2
|
+
### [18.19.2](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.19.1...v18.19.2) (2026-02-26)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
### Chore
|
|
6
|
+
|
|
7
|
+
* **ci:** update CircleCI orb to 1.1.16 ([#373](https://github.com/mojaloop/ml-testing-toolkit/issues/373)) ([6927427](https://github.com/mojaloop/ml-testing-toolkit/commit/6927427e44fce0e1947fb837553babb30c6aaad1))
|
|
8
|
+
|
|
9
|
+
### [18.19.1](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.19.0...v18.19.1) (2026-02-12)
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
### Bug Fixes
|
|
13
|
+
|
|
14
|
+
* download spec files issue [#4197](https://github.com/mojaloop/ml-testing-toolkit/issues/4197) ([#371](https://github.com/mojaloop/ml-testing-toolkit/issues/371)) ([cefcbdd](https://github.com/mojaloop/ml-testing-toolkit/commit/cefcbdd9dba28eedad9b93d40415b67ab140c35b))
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
### Chore
|
|
18
|
+
|
|
19
|
+
* **sbom:** update sbom [skip ci] ([2078f44](https://github.com/mojaloop/ml-testing-toolkit/commit/2078f44a133fb1a82f890d4e1fb61b4b8371d8cf))
|
|
20
|
+
|
|
2
21
|
## [18.19.0](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.18.0...v18.19.0) (2026-02-06)
|
|
3
22
|
|
|
4
23
|
|
package/Dockerfile
CHANGED
package/audit-ci.jsonc
CHANGED
|
@@ -3,8 +3,9 @@
|
|
|
3
3
|
// audit-ci supports reading JSON, JSONC, and JSON5 config files.
|
|
4
4
|
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
|
|
5
5
|
"moderate": true,
|
|
6
|
-
"allowlist": [
|
|
7
|
-
"GHSA-
|
|
8
|
-
"GHSA-
|
|
6
|
+
"allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
|
|
7
|
+
"GHSA-m7jm-9gc2-mpf2",
|
|
8
|
+
"GHSA-2g4f-4pwh-qvx6",
|
|
9
|
+
"GHSA-jmr7-xgp7-cmfj"
|
|
9
10
|
]
|
|
10
11
|
}
|
package/package.json
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ml-testing-toolkit",
|
|
3
3
|
"description": "Testing Toolkit for Mojaloop implementations",
|
|
4
|
-
"version": "18.19.
|
|
4
|
+
"version": "18.19.2",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "Vijaya Kumar Guthi, ModusBox Inc. ",
|
|
7
7
|
"contributors": [
|
|
8
8
|
"Georgi Logodazhki <georgi.logodazhki@modusbox.com>",
|
|
9
9
|
"Sam Kummary <sam@modusbox.com>",
|
|
10
10
|
"Steven Oderayi <steven.oderayi@modusbox.com>",
|
|
11
|
-
"Vijay Kumar <vijaya.guthi@modusbox.com>"
|
|
11
|
+
"Vijay Kumar <vijaya.guthi@modusbox.com>",
|
|
12
|
+
"Shashikant Hirugade <shashi.mojaloop@gmail.com>"
|
|
12
13
|
],
|
|
13
14
|
"engines": {
|
|
14
15
|
"node": ">=22.x"
|
|
@@ -71,33 +72,32 @@
|
|
|
71
72
|
"genexec": "pkg -t node8-win ."
|
|
72
73
|
},
|
|
73
74
|
"dependencies": {
|
|
74
|
-
"@elastic/elasticsearch": "9.3.
|
|
75
|
+
"@elastic/elasticsearch": "9.3.2",
|
|
75
76
|
"@hapi/basic": "7.0.2",
|
|
76
77
|
"@hapi/boom": "10.0.1",
|
|
77
78
|
"@hapi/good": "9.0.1",
|
|
78
|
-
"@hapi/hapi": "21.4.
|
|
79
|
+
"@hapi/hapi": "21.4.6",
|
|
79
80
|
"@hapi/inert": "7.1.0",
|
|
80
81
|
"@hapi/vision": "7.0.3",
|
|
81
|
-
"@mojaloop/central-services-logger": "11.10.
|
|
82
|
-
"@mojaloop/central-services-metrics": "12.8.
|
|
82
|
+
"@mojaloop/central-services-logger": "11.10.4",
|
|
83
|
+
"@mojaloop/central-services-metrics": "12.8.5",
|
|
83
84
|
"@mojaloop/ml-schema-transformer-lib": "2.9.0",
|
|
84
|
-
"@mojaloop/ml-testing-toolkit-shared-lib": "14.3.
|
|
85
|
-
"@mojaloop/sdk-standard-components": "19.18.
|
|
85
|
+
"@mojaloop/ml-testing-toolkit-shared-lib": "14.3.3",
|
|
86
|
+
"@mojaloop/sdk-standard-components": "19.18.8",
|
|
86
87
|
"@now-ims/hapi-now-auth": "2.1.0",
|
|
87
88
|
"@types/socket.io": "3.0.2",
|
|
88
89
|
"adm-zip": "0.5.16",
|
|
89
90
|
"ajv-formats": "3.0.1",
|
|
90
91
|
"atob": "2.1.2",
|
|
91
|
-
"axios": "1.13.
|
|
92
|
+
"axios": "1.13.5",
|
|
92
93
|
"chai": "4.4.1",
|
|
93
94
|
"connection-string": "^5.0.0",
|
|
94
95
|
"cookie-parser": "1.4.7",
|
|
95
96
|
"cookies": "0.9.1",
|
|
96
97
|
"cors": "2.8.6",
|
|
97
|
-
"dotenv": "17.
|
|
98
|
+
"dotenv": "17.3.1",
|
|
98
99
|
"express": "5.2.1",
|
|
99
100
|
"express-validator": "7.3.1",
|
|
100
|
-
"fs": "0.0.1-security",
|
|
101
101
|
"handlebars": "4.7.8",
|
|
102
102
|
"hapi-auth-bearer-token": "8.0.0",
|
|
103
103
|
"hapi-openapi": "3.0.0",
|
|
@@ -108,13 +108,13 @@
|
|
|
108
108
|
"json-rules-engine": "7.3.1",
|
|
109
109
|
"jsonwebtoken": "9.0.3",
|
|
110
110
|
"lodash": "4.17.23",
|
|
111
|
-
"mongoose": "9.
|
|
111
|
+
"mongoose": "9.2.2",
|
|
112
112
|
"multer": "2.0.2",
|
|
113
113
|
"mustache": "4.2.0",
|
|
114
114
|
"mv": "2.1.1",
|
|
115
115
|
"node-dir": "0.1.17",
|
|
116
116
|
"node-strings": "1.0.2",
|
|
117
|
-
"openapi-backend": "5.
|
|
117
|
+
"openapi-backend": "5.16.1",
|
|
118
118
|
"parse-strings-in-object": "1.6.0",
|
|
119
119
|
"passport": "0.7.0",
|
|
120
120
|
"passport-jwt": "4.0.1",
|
|
@@ -137,9 +137,9 @@
|
|
|
137
137
|
"get-port": "7.1.0",
|
|
138
138
|
"jest": "29.7.0",
|
|
139
139
|
"jest-junit": "16.0.0",
|
|
140
|
-
"nodemon": "3.1.
|
|
141
|
-
"npm-check-updates": "19.
|
|
142
|
-
"nyc": "
|
|
140
|
+
"nodemon": "3.1.14",
|
|
141
|
+
"npm-check-updates": "19.5.0",
|
|
142
|
+
"nyc": "18.0.0",
|
|
143
143
|
"parse-strings-in-object": "1.6.0",
|
|
144
144
|
"pre-commit": "1.2.2",
|
|
145
145
|
"proxyquire": "2.1.3",
|
|
@@ -169,8 +169,9 @@
|
|
|
169
169
|
}
|
|
170
170
|
},
|
|
171
171
|
"overrides": {
|
|
172
|
-
"
|
|
173
|
-
"
|
|
172
|
+
"axios": "1.13.5",
|
|
173
|
+
"form-data": "4.0.5",
|
|
174
|
+
"brace-expansion": "1.1.12",
|
|
174
175
|
"npm-check-updates": {
|
|
175
176
|
"rimraf": "4.1.2"
|
|
176
177
|
},
|
|
@@ -178,6 +179,8 @@
|
|
|
178
179
|
"read-package-json": "6.0.0",
|
|
179
180
|
"cacache": "17.0.4"
|
|
180
181
|
},
|
|
182
|
+
"lodash": "4.17.23",
|
|
183
|
+
"lodash-es": "4.17.23",
|
|
181
184
|
"make-fetch-happen": {
|
|
182
185
|
"cacache": "17.0.4"
|
|
183
186
|
},
|
|
@@ -189,11 +192,13 @@
|
|
|
189
192
|
"jsonpointer": "5.0.1"
|
|
190
193
|
},
|
|
191
194
|
"cross-spawn": "7.0.6",
|
|
192
|
-
"markdown-it": "14.1.
|
|
195
|
+
"markdown-it": "14.1.1",
|
|
193
196
|
"jsonwebtoken": "9.0.3",
|
|
194
197
|
"yargs-parser": "21.1.1",
|
|
195
198
|
"oas-validator": {
|
|
196
199
|
"ajv": "6.12.3"
|
|
197
|
-
}
|
|
200
|
+
},
|
|
201
|
+
"minimatch": "3.1.3",
|
|
202
|
+
"qs": "6.14.2"
|
|
198
203
|
}
|
|
199
204
|
}
|