ml-testing-toolkit 18.19.1 → 18.19.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.grype.yaml +27 -14
- package/CHANGELOG.md +7 -0
- package/Dockerfile +1 -2
- package/audit-ci.jsonc +4 -1
- package/package.json +19 -17
package/.grype.yaml
CHANGED
|
@@ -1,30 +1,43 @@
|
|
|
1
|
+
scan-type: source
|
|
2
|
+
|
|
1
3
|
ignore:
|
|
2
|
-
# fast-xml-parser vulnerability
|
|
3
4
|
- vulnerability: GHSA-37qj-frw5-hhjh
|
|
4
|
-
# lodash vulnerabilities
|
|
5
5
|
- vulnerability: GHSA-xxjr-mmjv-4gpg
|
|
6
|
-
# @isaacs/brace-expansion vulnerability
|
|
7
6
|
- vulnerability: GHSA-7h2j-956f-4vf2
|
|
8
|
-
# busybox vulnerabilities
|
|
9
7
|
- vulnerability: CVE-2025-60876
|
|
10
|
-
# glob vulnerabilities
|
|
11
8
|
- vulnerability: GHSA-5j98-mcp5-4vw2
|
|
12
|
-
# tar vulnerabilities
|
|
13
9
|
- vulnerability: GHSA-34x7-hfp2-rc4v
|
|
14
10
|
- vulnerability: GHSA-r6q2-hw4h-h46w
|
|
15
11
|
- vulnerability: GHSA-8qq5-rm4j-mr97
|
|
16
12
|
- vulnerability: GHSA-29xp-372q-xqph
|
|
17
|
-
# diff vulnerability
|
|
18
13
|
- vulnerability: GHSA-73rr-hh4g-fpgx
|
|
19
|
-
# npm vulnerability
|
|
20
14
|
- vulnerability: GHSA-3966-f6p6-2qr9
|
|
21
|
-
|
|
15
|
+
- vulnerability: GHSA-3ppc-4f35-3m26
|
|
16
|
+
include-aliases: true
|
|
17
|
+
reason: >-
|
|
18
|
+
Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
|
|
19
|
+
2026-02-25 (high severity)
|
|
20
|
+
- vulnerability: GHSA-83g3-92jg-28cx
|
|
21
|
+
include-aliases: true
|
|
22
|
+
reason: >-
|
|
23
|
+
Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
|
|
24
|
+
2026-02-25 (high severity)
|
|
25
|
+
- vulnerability: CVE-2026-27171
|
|
26
|
+
include-aliases: true
|
|
27
|
+
reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-25 (moderate severity)"
|
|
28
|
+
- vulnerability: GHSA-m7jm-9gc2-mpf2
|
|
29
|
+
include-aliases: true
|
|
30
|
+
reason: "Unfixable npm transitive vulnerability: fast-xml-parser (critical severity) as of 2026-02-25"
|
|
31
|
+
- vulnerability: GHSA-2g4f-4pwh-qvx6
|
|
32
|
+
include-aliases: true
|
|
33
|
+
reason: "Unfixable npm transitive vulnerability: ajv (high severity) as of 2026-02-25"
|
|
34
|
+
- vulnerability: GHSA-jmr7-xgp7-cmfj
|
|
35
|
+
include-aliases: true
|
|
36
|
+
reason: "Unfixable npm transitive vulnerability: fast-xml-parser (high severity) as of 2026-02-25"
|
|
22
37
|
output:
|
|
23
|
-
-
|
|
24
|
-
-
|
|
25
|
-
|
|
26
|
-
# Modify your CircleCI job to check critical count
|
|
38
|
+
- table
|
|
39
|
+
- json
|
|
27
40
|
search:
|
|
28
|
-
scope:
|
|
41
|
+
scope: squashed
|
|
29
42
|
quiet: false
|
|
30
43
|
check-for-app-update: false
|
package/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
1
|
# Changelog: [mojaloop/thirdparty-api-svc](https://github.com/mojaloop/thirdparty-api-svc)
|
|
2
|
+
### [18.19.2](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.19.1...v18.19.2) (2026-02-26)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
### Chore
|
|
6
|
+
|
|
7
|
+
* **ci:** update CircleCI orb to 1.1.16 ([#373](https://github.com/mojaloop/ml-testing-toolkit/issues/373)) ([6927427](https://github.com/mojaloop/ml-testing-toolkit/commit/6927427e44fce0e1947fb837553babb30c6aaad1))
|
|
8
|
+
|
|
2
9
|
### [18.19.1](https://github.com/mojaloop/ml-testing-toolkit/compare/v18.19.0...v18.19.1) (2026-02-12)
|
|
3
10
|
|
|
4
11
|
|
package/Dockerfile
CHANGED
package/audit-ci.jsonc
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
// audit-ci supports reading JSON, JSONC, and JSON5 config files.
|
|
4
4
|
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
|
|
5
5
|
"moderate": true,
|
|
6
|
-
"allowlist": [
|
|
6
|
+
"allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
|
|
7
|
+
"GHSA-m7jm-9gc2-mpf2",
|
|
8
|
+
"GHSA-2g4f-4pwh-qvx6",
|
|
9
|
+
"GHSA-jmr7-xgp7-cmfj"
|
|
7
10
|
]
|
|
8
11
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ml-testing-toolkit",
|
|
3
3
|
"description": "Testing Toolkit for Mojaloop implementations",
|
|
4
|
-
"version": "18.19.
|
|
4
|
+
"version": "18.19.2",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "Vijaya Kumar Guthi, ModusBox Inc. ",
|
|
7
7
|
"contributors": [
|
|
@@ -72,18 +72,18 @@
|
|
|
72
72
|
"genexec": "pkg -t node8-win ."
|
|
73
73
|
},
|
|
74
74
|
"dependencies": {
|
|
75
|
-
"@elastic/elasticsearch": "9.3.
|
|
75
|
+
"@elastic/elasticsearch": "9.3.2",
|
|
76
76
|
"@hapi/basic": "7.0.2",
|
|
77
77
|
"@hapi/boom": "10.0.1",
|
|
78
78
|
"@hapi/good": "9.0.1",
|
|
79
|
-
"@hapi/hapi": "21.4.
|
|
79
|
+
"@hapi/hapi": "21.4.6",
|
|
80
80
|
"@hapi/inert": "7.1.0",
|
|
81
81
|
"@hapi/vision": "7.0.3",
|
|
82
|
-
"@mojaloop/central-services-logger": "11.10.
|
|
83
|
-
"@mojaloop/central-services-metrics": "12.8.
|
|
82
|
+
"@mojaloop/central-services-logger": "11.10.4",
|
|
83
|
+
"@mojaloop/central-services-metrics": "12.8.5",
|
|
84
84
|
"@mojaloop/ml-schema-transformer-lib": "2.9.0",
|
|
85
|
-
"@mojaloop/ml-testing-toolkit-shared-lib": "14.3.
|
|
86
|
-
"@mojaloop/sdk-standard-components": "19.18.
|
|
85
|
+
"@mojaloop/ml-testing-toolkit-shared-lib": "14.3.3",
|
|
86
|
+
"@mojaloop/sdk-standard-components": "19.18.8",
|
|
87
87
|
"@now-ims/hapi-now-auth": "2.1.0",
|
|
88
88
|
"@types/socket.io": "3.0.2",
|
|
89
89
|
"adm-zip": "0.5.16",
|
|
@@ -95,7 +95,7 @@
|
|
|
95
95
|
"cookie-parser": "1.4.7",
|
|
96
96
|
"cookies": "0.9.1",
|
|
97
97
|
"cors": "2.8.6",
|
|
98
|
-
"dotenv": "17.
|
|
98
|
+
"dotenv": "17.3.1",
|
|
99
99
|
"express": "5.2.1",
|
|
100
100
|
"express-validator": "7.3.1",
|
|
101
101
|
"handlebars": "4.7.8",
|
|
@@ -108,13 +108,13 @@
|
|
|
108
108
|
"json-rules-engine": "7.3.1",
|
|
109
109
|
"jsonwebtoken": "9.0.3",
|
|
110
110
|
"lodash": "4.17.23",
|
|
111
|
-
"mongoose": "9.2.
|
|
111
|
+
"mongoose": "9.2.2",
|
|
112
112
|
"multer": "2.0.2",
|
|
113
113
|
"mustache": "4.2.0",
|
|
114
114
|
"mv": "2.1.1",
|
|
115
115
|
"node-dir": "0.1.17",
|
|
116
116
|
"node-strings": "1.0.2",
|
|
117
|
-
"openapi-backend": "5.
|
|
117
|
+
"openapi-backend": "5.16.1",
|
|
118
118
|
"parse-strings-in-object": "1.6.0",
|
|
119
119
|
"passport": "0.7.0",
|
|
120
120
|
"passport-jwt": "4.0.1",
|
|
@@ -137,9 +137,9 @@
|
|
|
137
137
|
"get-port": "7.1.0",
|
|
138
138
|
"jest": "29.7.0",
|
|
139
139
|
"jest-junit": "16.0.0",
|
|
140
|
-
"nodemon": "3.1.
|
|
141
|
-
"npm-check-updates": "19.
|
|
142
|
-
"nyc": "
|
|
140
|
+
"nodemon": "3.1.14",
|
|
141
|
+
"npm-check-updates": "19.5.0",
|
|
142
|
+
"nyc": "18.0.0",
|
|
143
143
|
"parse-strings-in-object": "1.6.0",
|
|
144
144
|
"pre-commit": "1.2.2",
|
|
145
145
|
"proxyquire": "2.1.3",
|
|
@@ -170,8 +170,8 @@
|
|
|
170
170
|
},
|
|
171
171
|
"overrides": {
|
|
172
172
|
"axios": "1.13.5",
|
|
173
|
-
"form-data": "4.0.
|
|
174
|
-
"brace-expansion": "
|
|
173
|
+
"form-data": "4.0.5",
|
|
174
|
+
"brace-expansion": "1.1.12",
|
|
175
175
|
"npm-check-updates": {
|
|
176
176
|
"rimraf": "4.1.2"
|
|
177
177
|
},
|
|
@@ -192,11 +192,13 @@
|
|
|
192
192
|
"jsonpointer": "5.0.1"
|
|
193
193
|
},
|
|
194
194
|
"cross-spawn": "7.0.6",
|
|
195
|
-
"markdown-it": "14.1.
|
|
195
|
+
"markdown-it": "14.1.1",
|
|
196
196
|
"jsonwebtoken": "9.0.3",
|
|
197
197
|
"yargs-parser": "21.1.1",
|
|
198
198
|
"oas-validator": {
|
|
199
199
|
"ajv": "6.12.3"
|
|
200
|
-
}
|
|
200
|
+
},
|
|
201
|
+
"minimatch": "3.1.3",
|
|
202
|
+
"qs": "6.14.2"
|
|
201
203
|
}
|
|
202
204
|
}
|