npm - quoting-service - Versions diffs - 17.13.6 → 17.13.7 - Mend

quoting-service 17.13.6 → 17.13.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/.grype.yaml CHANGED Viewed

@@ -5,6 +5,7 @@ ignore:
   - vulnerability: CVE-2025-9230
   - vulnerability: CVE-2025-9232
   - vulnerability: CVE-2025-9231
+  - vulnerability: GHSA-9965-vmph-33xx
 # Set output format defaults
 output:

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,18 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+### [17.13.7](https://github.com/mojaloop/quoting-service/compare/v17.13.6...v17.13.7) (2025-10-31)
+### Chore
+* **sbom:** update sbom [skip ci] ([60ff730](https://github.com/mojaloop/quoting-service/commit/60ff7300a80985b763a2b7a7678887e269aa4ac9))
+### Refactors
+* update requests with http timeout ([#436](https://github.com/mojaloop/quoting-service/issues/436)) ([8d3efee](https://github.com/mojaloop/quoting-service/commit/8d3efee4e119545d814fc975a2982e012a56cd65))
 ### [17.13.6](https://github.com/mojaloop/quoting-service/compare/v17.13.5...v17.13.6) (2025-10-06)

package/audit-ci.jsonc CHANGED Viewed

@@ -4,5 +4,6 @@
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
   "allowlist": [
+    "GHSA-9965-vmph-33xx"
   ]
 }

package/config/default.json CHANGED Viewed

@@ -12,6 +12,7 @@
     "PRECISION": 18,
     "SCALE": 4
   },
+  "HTTP_REQUEST_TIMEOUT_MS": 20000,
   "PROTOCOL_VERSIONS": {
     "CONTENT": {
       "DEFAULT": "2.0",

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "quoting-service",
   "description": "Quoting Service hosted by a scheme",
   "license": "Apache-2.0",
-  "version": "17.13.6",
+  "version": "17.13.7",
   "author": "ModusBox",
   "contributors": [
     "Georgi Georgiev <georgi.georgiev@modusbox.com>",
@@ -116,18 +116,18 @@
     "@mojaloop/central-services-health": "15.2.0",
     "@mojaloop/central-services-logger": "11.10.1",
     "@mojaloop/central-services-metrics": "12.8.0",
-    "@mojaloop/central-services-shared": "18.34.1",
-    "@mojaloop/central-services-stream": "11.8.8",
-    "@mojaloop/event-sdk": "14.8.0",
+    "@mojaloop/central-services-shared": "18.34.3",
+    "@mojaloop/central-services-stream": "11.8.10",
+    "@mojaloop/event-sdk": "14.8.1",
     "@mojaloop/inter-scheme-proxy-cache-lib": "2.9.0",
     "@mojaloop/ml-number": "11.4.0",
     "@mojaloop/ml-schema-transformer-lib": "2.7.8",
     "@mojaloop/sdk-standard-components": "19.18.0",
     "ajv": "8.17.1",
     "ajv-keywords": "5.1.0",
-    "axios": "1.12.2",
+    "axios": "1.13.1",
     "blipp": "4.0.2",
-    "commander": "14.0.1",
+    "commander": "14.0.2",
     "event-stream": "4.0.1",
     "fast-safe-stringify": "2.1.1",
     "joi": "18.0.1",
@@ -135,7 +135,7 @@
     "knex": "3.1.0",
     "memory-cache": "0.2.0",
     "minimist": "1.2.8",
-    "mysql2": "^3.15.1",
+    "mysql2": "^3.15.3",
     "node-fetch": "3.3.2",
     "parse-strings-in-object": "2.0.0",
     "rc": "1.2.8"
@@ -145,10 +145,10 @@
     "eslint": "8.57.1",
     "eslint-config-standard": "17.1.0",
     "eslint-plugin-jest": "29.0.1",
-    "ioredis-mock": "8.13.0",
+    "ioredis-mock": "8.13.1",
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
-    "npm-check-updates": "19.0.0",
+    "npm-check-updates": "19.1.2",
     "nyc": "17.1.0",
     "pre-commit": "1.2.2",
     "replace": "1.2.2",

package/src/lib/config.js CHANGED Viewed

@@ -165,6 +165,7 @@ class Config {
     this.payloadCache = RC.PAYLOAD_CACHE
     this.originalPayloadStorage = RC.ORIGINAL_PAYLOAD_STORAGE || PAYLOAD_STORAGES.none
     this.simpleAudit = RC.SIMPLE_AUDIT || false
+    this.httpRequestTimeoutMs = RC.HTTP_REQUEST_TIMEOUT_MS || 20000
   }
 }

package/src/lib/http.js CHANGED Viewed

@@ -42,10 +42,12 @@ const ErrorHandler = require('@mojaloop/central-services-error-handling')
 const { logger } = require('../lib')
 const { getStackOrInspect } = require('../lib/util')
+const Config = require('./config')
 axios.defaults.httpAgent = new http.Agent({ keepAlive: true })
 axios.defaults.httpAgent.toJSON = () => ({})
 axios.defaults.headers.common = {}
+const config = new Config()
 /**
  * Encapsulates making an HTTP request and translating any error response into a domain-specific
@@ -56,15 +58,12 @@ axios.defaults.headers.common = {}
  * @returns {Promise<void>}
  */
 async function httpRequest (opts, fspiopSource) {
-  // Network errors lob an exception. Bear in mind 3xx 4xx and 5xx are not network errors so we
-  // need to wrap the request below in a `try catch` to handle network errors
-  let res
-  let body
   const log = logger.child({ component: 'httpRequest', fspiopSource })
   log.debug('httpRequest is started...')
+  let res
+  let body
   try {
-    res = await axios.request(opts)
+    res = await httpRequestBase(opts)
     body = await res.data
     log.verbose('httpRequest is finished', { body, opts })
   } catch (e) {
@@ -77,7 +76,6 @@ async function httpRequest (opts, fspiopSource) {
       fspiopSource)
   }
-  // handle non network related errors below
   if (res.status < 200 || res.status >= 300) {
     const errObj = {
       opts,
@@ -96,6 +94,14 @@ async function httpRequest (opts, fspiopSource) {
   return body
 }
+async function httpRequestBase (opts, axiosInstance = axios) {
+  return axiosInstance.request({
+    timeout: config.httpRequestTimeoutMs,
+    ...opts
+  })
+}
 module.exports = {
-  httpRequest
+  httpRequest,
+  httpRequestBase
 }

package/src/lib/util.js CHANGED Viewed

@@ -37,7 +37,6 @@
 const crypto = require('node:crypto')
 const path = require('node:path')
 const util = require('node:util')
-const axios = require('axios')
 const ErrorHandler = require('@mojaloop/central-services-error-handling')
 const { Enum, Util } = require('@mojaloop/central-services-shared')
 const { AuditEventAction } = require('@mojaloop/event-sdk')
@@ -47,6 +46,7 @@ const { logger } = require('../lib')
 const Config = require('./config')
 const rethrow = require('@mojaloop/central-services-shared').Util.rethrow.with('QS')
+const { httpRequestBase } = require('./http')
 const config = new Config()
 const failActionHandler = async (request, h, err) => {
@@ -295,8 +295,8 @@ const fetchParticipantInfo = async (source, destination, cache, proxyClient) =>
 const cacheParticipantData = async (dfspId, config, cache) => {
   const url = `${config.switchEndpoint}/participants/${dfspId}`
-  const { data } = await axios.request({ url })
-  const participantData = { data }
+  const res = await httpRequestBase({ url })
+  const participantData = { data: res.data }
   cache && cache.put(`fetchParticipantInfo_${dfspId}`, participantData, config.participantDataCacheExpiresInMs)
   return participantData
 }

package/src/model/bulkQuotes.js CHANGED Viewed

@@ -40,6 +40,7 @@ const EventSdk = require('@mojaloop/event-sdk')
 const LOCAL_ENUM = require('../lib/enum')
 const BaseQuotesModel = require('./BaseQuotesModel')
+const { httpRequestBase } = require('../lib/http')
 const reformatFSPIOPError = ErrorHandler.Factory.reformatFSPIOPError
@@ -420,7 +421,7 @@ class BulkQuotesModel extends BaseQuotesModel {
         super.addFspiopSignatureHeader(opts)
         step = 'axios-request-2'
-        res = await axios.request(opts)
+        res = await httpRequestBase(opts, axios)
       } catch (err) {
         log.warn('error in axios.request:', err)
         const extensions = err.extensions || []

package/src/model/fxQuotes.js CHANGED Viewed

@@ -39,6 +39,7 @@ const dto = require('../lib/dto')
 const { RESOURCES, ERROR_MESSAGES } = require('../constants')
 const BaseQuotesModel = require('./BaseQuotesModel')
+const { httpRequestBase } = require('../lib/http')
 const reformatFSPIOPError = ErrorHandler.Factory.reformatFSPIOPError
@@ -804,7 +805,7 @@ class FxQuotesModel extends BaseQuotesModel {
     let step
     try {
       step = 'axios-request-1'
-      return axios.request(options)
+      return await httpRequestBase(options, axios)
     } catch (err) {
       this.log.warn('error in sendHttpRequest: ', err)
       const extensions = err.extensions || []

package/src/model/quotes.js CHANGED Viewed

@@ -46,7 +46,7 @@ const Metrics = require('@mojaloop/central-services-metrics')
 const LOCAL_ENUM = require('../lib/enum')
 const dto = require('../lib/dto')
-const { httpRequest } = require('../lib/http')
+const { httpRequest, httpRequestBase } = require('../lib/http')
 const { RESOURCES } = require('../constants')
 const BaseQuotesModel = require('./BaseQuotesModel')
@@ -1035,7 +1035,7 @@ class QuotesModel extends BaseQuotesModel {
       try {
         super.addFspiopSignatureHeader(opts)
         step = 'axios-request-2'
-        res = await axios.request(opts)
+        res = await httpRequestBase(opts, axios)
         // todo: use wrapper on axios
         histTimer({ success: true, queryName: 'quote_sendErrorCallback' })
       } catch (err) {