-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore[security]: bump urijs from 1.19.5 to 1.19.6 #260
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.6. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.5...v1.19.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
dependabot-preview
bot
requested review from
bushjames,
elnyry-sam-k,
eoln,
lewisdaly,
mdebarros,
oderayi,
shashi165,
vgenev and
vijayg10
as code owners
March 1, 2021 21:47
dependabot-preview
bot
added
dependencies
Pull requests that update a dependency file
security
Pull requests that address a security vulnerability
labels
Mar 1, 2021
elnyry-sam-k
approved these changes
Apr 6, 2021
elnyry-sam-k
changed the title
[Security] Bump urijs from 1.19.5 to 1.19.6
chore[security]: bump urijs from 1.19.5 to 1.19.6
Apr 6, 2021
shashi165
added a commit
to shashi165/quoting-service
that referenced
this pull request
Oct 13, 2021
* Issue934-FixSetEnvVarRCAsBooleanInsteadOfString (mojaloop#81) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * Issue934-JestUnitTestChangeUpdate * WIP * mockConfig done * Issue934-AddParseStringInObjectDependencyAndUpdateDeps * Issue934-UpdatePackageVersionTo8dot4dot1-snapshotAndUpdateDependencies * bugfix/1066 Remove Put Accept Header (mojaloop#86) - Added noAccept parameter - Upgraded dependencies * More unit tests and some code cleanup (mojaloop#87) * Tests converted to Jest * Added rules engine jsonpath dynamic fact * Updated rules engine API. Added jsonpath package to dependencies. Added rules engine tests. Added Jest config. Added example rules.json. * Updated hapi/subtext to patch vulnerability * Updated example rules and corresponding tests to reflect real form of payer and payee * Added switch endpoint to config to obtain payer and payee information for rules engine. Stubbed validateQuoteRequest method in relevant tests. Running rules engine in validateQuoteRequest (but not doing anything with the results yet). * Tests converted to Jest * Replaced coverage-check script. Added coverage threshold to jest config. Removed Istanbul config. * Uninstalled and reinstalled jest to fix vulnerability * Added junit + config. Added test:junit npm script. Modified circle config to call junit script. Added test results directory to gitignore. * Modified example rules and corresponding tests to better reflect actual payer and payee facts * Updated redirect address to redirect fsp. Made the linter happy. Added rule execution and event handling. Removed empty quote validation, replaced with rules engine execution. Removed redundant setImmediate. New test for INVALID_QUOTE_REQUEST event. Expanded INVALID_QUOTE_REQUEST unit tests. * Manual merge from upstream * Integrated properly the new `model/rules.js` into `model/quotes.js` and updated the `quotes.tests.js` accordingly. * Simplified block of code that was unnecessarily using `map`. * Forwarding event-handler-modified quote request and headers instead of originals * Fixed tests by poorly mocking handleRuleEvents on the quotes model * Cleaned a little bit the result of `handleRuleEvents`; Updated unit tests in order to pass according to latest code changes. * Deduplicated the functionality of request sending * Removed `setImmediate` from all places that it was used. * Use `CreateInternalServerFSPIOPError` instead of `CreateFSPIOPError` * fixed the name of rules.json * rename file rules.example.json * Refactored existing unit tests in order to make them cleaner and avoid duplication; Added more unit tests for `handleQuoteRequest` to cover all possible paths. * Refactored `handleQuoteRequest` to make it more readable and avoid duplication; Cleaned some minor parts of the whole `quotes.js` file. * Resolved issue with merge * Added unit tests for `quotesModel.handleRuleEvents` * Minor update to behaviour and corresponding test update. Minor test change. * Lint fix * Added unit tests for `quotesModel.executeRules` * Added more unit tests to `quotesModel.executeRules` to cover rejected promises of `axios.request` * Minor refactoring on the unit tests of `RulesEngine` to use `describe` blocks and `it()` instead of `test()` for consistency. * Added missing dependency that got removed after merging. * Updated quotes model unit tests to match the new implementation of config.js * Updated comments in codebase. * Removed ``^` sign from dependency in package.json * Bump npm-check-updates from 3.2.1 to 3.2.2 (mojaloop#88) Bumps [npm-check-updates](https://github.com/tjunnone/npm-check-updates) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/tjunnone/npm-check-updates/releases) - [Commits](raineorshine/npm-check-updates@v3.2.1...v3.2.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump eslint from 6.6.0 to 6.7.1 (mojaloop#89) Bumps [eslint](https://github.com/eslint/eslint) from 6.6.0 to 6.7.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v6.6.0...v6.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * bugfix/1079 Extensions Longer Than 128 Chars (mojaloop#90) - truncateExtension config - fix issues with standardJS * Dissasociated unit tests from the actual contents of file `config/rules.json`; (mojaloop#92) Added a `rules.example.json` file. * bugfix/1085 Quote to Inactive Fsp (mojaloop#91) - Proper generate request headers when from switch * mowdev-3411 * added more rules * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * added more rules and tests * test discard * test discard * test discard * updated dependencies (mojaloop#105) * stripe off accept header for PUT requests * added package-lock.json * Feature/1003 add container scans (mojaloop#103) * Add anchore image scanning, update circleci config * Fix config.yml validity issues * Bump package version, ensure latest deps are installed * Feature/1047 improve test coverage (mojaloop#108) * Add unit tests to bring coverage up to 90%+ remove redundant nyc config Set up dir structure for tests Set up dir structure for tests Add inspect util for ease of testing working on quotes error test Add istanbul ignore comments for mockgen only files working on health check mocks Working on config mocks Add bulk quotes not implemented tests Working on health check tests Working on health check tests remove unused comments working on quotes test working on config default tests working on utils tests working on utils tests find and replace all stack inspection find and replace all stack inspection Working on quote tests Move http into its own library for ease of mocking Move http into its own library for ease of mocking fix existing tests once mocking out http add tests for handleException add tests for handleException add tests for handleException finish getting model testing up to scratch fix missing conditions on rule engine tests Add tests for http refactor start script to improve tests work on server testing working on database mocking working on knex mocks working on knex mocks working on knex mocks working on knex mocks working on knex mocks replace err.stack || util.inspect(err) with getStackOrInspect work on quite tests work on quite tests finish work on cachedDatabase update dependencies, bump package version to 8.7.0 * remove unneeded test files * run standard --fix * bump package version to 8.7.1-snapshot * bump package version to 8.7.2-snapshot * added more rules * fixed the package.json version * fixed version number * fixed the Object.assign * removed rules.json * update package-lock.json * Attempt cache refresh * Replace audit:check with audit * Debug with verbose audit * Skip vulnerability check because of network errors * Skip vuln check step * downgrade helm version * #1147 - Update dependencies (mojaloop#118) * Update sinon * Bump version to 8.8.0 * temp logging * renamed switchEndpoint to a better name * removed config from dockerfile * Fix for #1169 - GET /quotes for malformed ID error response is 1001 instead of 3xxx (mojaloop#125) * Add quote ID validation in swagger.json * Update dependencies and fix unit test * Fix version * Added synchronous responses for rules engine invalid quote errors (mojaloop#127) * Added synchronous responses for rules engine invalid quote errors * Corrected import * Corrected error variable name * Moved response handling out of model, into handlers * Fixed tests * added error code * added swagger changes * Bugfix/1172empty quote values (mojaloop#128) * Added minLength of 1 for quoteId and transactionId for post quotes * Added a comment to remove the minLength property from quoteId and transactionId once the enjoi library has been fixed. * Upgrading version to v8.8.0-snapshot (mojaloop#129) * Upgrading version to v8.8.0-snapshot and now we have test coverage >90% * Feature/1157 anchore report summary (mojaloop#132) * Add anchore summary report upload * fix missing aws credentials * Update dependencies (mojaloop#133) * added error handling when there are no active accounts * added error handling when there are no active accounts * added error handling when there are no active accounts * 893-UpdateRegexToValidateIncomingErrorCodeAtEndpointCallbackAndUpdateDependencies (mojaloop#113) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * WIP * mockConfig done * 893-AddSwaggerValidationForIncomingErrorCodePlusUnitTestChangeAndUpdateDependencies * Fix unit test, update dependencies plus Merge remote-tracking branch 'origin/893-ValidateIncomingErrorCodeAtErroCallbackEndpoint' into 893-ValidateIncomingErrorCodeAtErroCallbackEndpoint Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> * fixed error responses sync and async * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * removed fspiop-uri header * removed fspiop-signature header * added one more error code to sync errors * added more error handling * Fix for #1173 - GET /quotes for unknown quote ID error response is 1001 instead of 3205 (mojaloop#139) * Bump version to 9.0.0-snapshot * Fix response codes for PUT /quotes/{id} and PUT /quotes/{id}/error from 202 to 200 * Update dependencies. Freeze json-rules-engine due to breaking changes * Bump version to 9.1.0 * Remove hard-coded response codes in test * Return error 3000 - Generic client error and not 1001 on 404 errors * Update dependencies * Fix span bug * Update cs-shared * Upgrade to Node 12.16.0 LTS version (mojaloop#150) - Updated CircleCI and Docker scripts to use Node 12.16.0 LTS version. - Updated dependencies * Added updated Mojaloop license (mojaloop#151) * Added updated Mojaloop license (mojaloop#152) * Hotfix: Fix startup failure error (mojaloop#153) * Lock hapi version * Resolve audit issue, temporarily * Fix/1107 circleci deploy (mojaloop#154) * remove sensitive notes * resolve npm audit issues * temp disable some cicd steps for speed up tests * fix missing aws config * Add parameters into orb config * Updating deploy config * helm deploy fixes * temporarily disable the coverage checks * replace inline deployment orb with orb reference * update deploy orb to v0.1.1 * removing duplicate configs * working on helm config * bump orb version to 0.1.4 * Working on executor config * Working on executor config * fix helm set values * more work on helm set values * more work on helm set values * Reenable skipped ci steps * bump package version to 9.2.2-snapshot, add hapi to the audit fix * Fixed /quote/\{id\}/error destination (mojaloop#156) * Updated package version (mojaloop#157) * Updated package version * Updated dependencies (mojaloop#158) * updated to newly released version of event-sdk * updated dependencies and version * Feature/updating dependencies (mojaloop#159) * updated to newly released version of event-sdk * updated dependencies and version * updated dependencies * #1178: Bug fixes for POST /quotes with unknown destination FSP (mojaloop#160) * Validate that FSP Ids in headers and payload match for both payerfsp and payeefsp * Hotfix: Revert #1178 changes (mojaloop#161) * Revert #1178 changes. Update depenedencies. Bump version * Undo version bump * Bugfix/restore handle quote error headers (mojaloop#168) * Modified `forwardQuoteUpdate` so it handles special cases where it doesn't need to modify/set the headers. * Bumped to 9.3.4-snapshot; Added myself to the hall of fame. * Updated unit tests. * Changed bumped version to 9.4.0 to cope with the current versioning status. * Changed the places where the sendErrorCallback is called with `true` flag. * run `npm run audit:resolve` and skipped for a week. * Do not modify headers in case they are only being relayed to another DFSP. * Do not delete `FSPIOP-Signature` header unless if `modifyHeaders` is `true`. * Store extensionLists for quote requests and responses. (mojaloop#184) * store extension list items for quote requests and responses * Adding unit test coverage for quote request and response extensionList saving to database * postpone audit failures * attempt to resolve further audit issues * Delete package-lock.json * another attempt to resolve audit issues * Bump package version * Proposed code changes for extensionLists PR (mojaloop#185) * Proposed code changes for extensionLists PR * Lint Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Feature/otc 218 enhance post quote partyIdInfo with extension list (mojaloop#190) * Added the extension list under the partyidinfo obj * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info Updated dependencies Postponed audit issue * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info * Add custom mojaloop policy for evaluating anchore-cli scans (mojaloop#192) * Update dependencies (mojaloop#200) * Update dependencies * Temporarily resolve audit issues * Hotfix for docker image to support async logging (mojaloop#202) - Added async logging support to DockerFile - Updated dependencies for Jest - Fixed vulnerability issues - Bumped version to v10.1.1 * Merged `master` into this branch. * added JWS support for switch generated msg (mojaloop#203) * added JWS support for switch generated msg * added unit tests * added coverage tests * fix audit issues * removed un-necessary header fix * added a valid default private key * added a default private key * not modify request in jwsSigner * fixed the version issue * bumped up the version * bumped up the version Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * fixed the bug with createQuoteExtensions * Fixed the arguments passed to `createQuoteExtensions`. (mojaloop#213) * Fixed the arguments passed to `createQuoteExtensions`. * Updated expected error message in unit test. * fixed issue with createQuoteExtension * Fixed issue with `createQuoteExtension` (mojaloop#214) * Revert change of the error message as it breaks tests. * Updated versions for error-handler, etc... (mojaloop#218) * Change CI/CD notifications to their own slack channel, bump package to 10.3.1 (mojaloop#219) * Fix DB transaction leaks. Update unit tests (mojaloop#220) - Fixed DB transaction/connection leaks - Updated unit tests - Bumped version * Feature/validation for name place accents (mojaloop#221) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Updated python in Circle CI (mojaloop#222) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Changes: Updated python in circle CI * Updated dependencies and version for issue: mojaloop/project#1378 (mojaloop#223) * Aligned an error message with the master branch to match Postman test's assertions. * Fixed some npm vulnerabilities and skipped the rest. * Updated circle CI config according to master branch. * Removed `quoteId` from error log message as it causes error due its exceeding length. * Removed `quoteId` from error log message as it causes error due its exceeding length. (mojaloop#224) * fixed error message * Bugfix/1385 fix post quotes header (mojaloop#225) * updated to newly released version of event-sdk * updated dependencies and version * updated to remove accept header from PUT quotes callback * fix error message (mojaloop#226) * fix error message * fix error message Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Bugfix/fix participant lookup to use currency (mojaloop#227) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * Bugfix/fix participant lookup to use currency (mojaloop#228) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * Bugfix/fix participant lookup to use currency (mojaloop#230) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * updated the order the sql is run in, seems to give and issue during testing * Bugfix/fix participant lookup to use currency (mojaloop#231) Fix for createPartyQuote not passing all values to getParticipant * Feature/1468 support for bulk quotes post passthrough (mojaloop#233) * updated to newly released version of event-sdk * updated dependencies and version * added support for bulk quotes post functionality updated dependencies to fix audit issues * added put, and get functionality for bulk quotes * Fix log text * added the put bulkQuotes error endpoint * updated according to stevens comments * removed unnecessary await * removed the await * awaits need to be there for audits * fixes for error handling according to @oderayi to handle exceptions in model instead of throwing it up to handler * #1484: Update FSPIOP API version (mojaloop#235) * Update FSPIOP API version * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Update API description * Attempt to fix 'jest not found' error in circleci * Attempt to fix 'jest not found' error in circleci * Lock version update for jest and jest-unit, restore npm scripts * Update jest and jest-junit * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version in attempt to bypass ci bug with caches Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Add ISO test currencies (XTS, XXX) (mojaloop#238) * Add ISO test currencies * Bump package version * added test currencies * resolve audit issues * fix audit issues * fix audit issues * Convert handlers to async, update deps, and bump version (mojaloop#239) * Feature/#1615 content headers (mojaloop#240) * added support for resource versions * updated dependencies Co-authored-by: Valentin <valentin.genev@modusbox.com> * fixed resource api version to be changed only if message originates from the switch (mojaloop#241) Co-authored-by: Valentin <valentin.genev@modusbox.com> * updated dependencies and removed old audit records (mojaloop#243) * Updated to cater for spans finishing early (mojaloop#244) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * fixes (mojaloop#245) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * needed to handle error in the model as the handler has already processed * #1456: Feature/docker config fixes (mojaloop#247) * Update docker configs with master, bump patch version, update dependencies, and fix linting errors with Standard * Update tests * Clean up * Clean up * validate dfsps in payload for simple routing mode (mojaloop#248) * #1875: Replace wildcard routes with explicit routes. (mojaloop#249) * Replace wildcard routes with explicit routes. Add hapi-swagger for API documentation (swagger). Update dependencies. Bump patch version * Fix dependencies * chore: update license file (mojaloop#251) * #1885: Add API documentation library (mojaloop#250) * Add API documentation endpoints * Update dependencies * Resolve audit * Force update event-stream (Widdershins dep) due to license audit issues * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (mojaloop#252) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump axios from 0.21.0 to 0.21.1 (mojaloop#255) Bumps [axios](https://github.com/axios/axios) from 0.21.0 to 0.21.1. **This update includes a security fix.** - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md) - [Commits](axios/axios@v0.21.0...v0.21.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump urijs from 1.19.2 to 1.19.5 (mojaloop#254) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.2 to 1.19.5. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.2...v1.19.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * feat(ci/cd): add pr title check (mojaloop#256) * chore: adding codeowners file (mojaloop#257) * chore: maintenance upgrades, audit check resolve update (mojaloop#258) * chore: adding codeowners file * chore: maintenance upgrades, audit check resolve update * fix(headers)!: made fspiop-destination header mandatory (mojaloop#259) * fix(headers) ! :made fspiop-destination header mandatory * added unit test * added unit test * [Security] Bump urijs from 1.19.5 to 1.19.6 (mojaloop#260) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.6. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.5...v1.19.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * fix(security): Bump y18n from 3.2.1 to 3.2.2 (mojaloop#261) Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.** - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix(security): Bump djv from 2.1.2 to 2.1.4 (mojaloop#263) Bumps [djv](https://github.com/korzio/djv) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/korzio/djv/releases) - [Changelog](https://github.com/korzio/djv/blob/master/CHANGELOG.md) - [Commits](https://github.com/korzio/djv/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: #2103 fix subid functionality in POST quotes request (mojaloop#264) * Fixed issue with subId * Bumped up the version and postponed the audits * Fixed unit test * Update src/data/database.js Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> * feat(#2119): fixes for updated for AJV error objects change (mojaloop#265) - Including new release of Central-services-error-handling: https://github.com/mojaloop/central-services-error-handling/releases/tag/v11.2.0 - Upgraded dependencies - Added AJV as it was a "peer dependency" - Bump to version - Updated audit-resolve for known security issue * fix(#2182): regex validations against swagger interface spec no longer working (mojaloop#267) - Updated central-services-shared dependency - Bump to version - Audit-resolve issues * fix: helm release v12.1.0 (mojaloop#269) - Updated dependencies - Bump to patch level - Standardised npm lint script - Fixes for audit issues * [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (mojaloop#266) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: helm release v12.1.0 (mojaloop#270) - updated missing dependency updates due to ncurc - 'allow.auto.create.topics=true' had been added to Kafka Consumer configs. This will enable Kafka Consumers to trigger auto creation of topics, ref: https://github.com/edenhill/librdkafka/releases/tag/v1.5.0. * fix(mojaloop/project#2246): updated dependency version (mojaloop#272) -Bumped Version -Fixed pre-commit task, misspelling Co-authored-by: JoNel <Johann.nel@sybrin.co.za> * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings (mojaloop#278) * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings [#2358](mojaloop/project#2358) - Updated regex to match [\w](https://unicode.org/reports/tr18/#word) (used by the [Mojaloop Specification](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/fspiop-v1.1-openapi3.yaml#L2347)) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification. - Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName - Bump to patch version - Updated dependencies to the latest version - Fixed audit-resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week * chore(#864): change instanbul to nyc for coverage on all projects (mojaloop#279) chore(#864): change instanbul to nyc for coverage on all projects - removed .ncurc.yml as code-coverage is configured in the jest.config.js - fixes for audit resolve ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point * fix(mojaloop/#2439): quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (mojaloop#280) fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE - added typesafe checks for validate quote request logic - added devspace patterns to gitignore - minor formatting of the serverStart unit tests for clarity - updated dependencies to latest version - added circleci config for automated releases - added standard-version dependency for automated releases - fixed audit resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point * fix: updated circleci config to use the SHA1 hash of the last commit of the current build (mojaloop#281) * chore(release): 12.0.8 [skip ci] * fix: circleci slack webhook typo fix (mojaloop#282) * fixes for CI-CD typo image-scan failure on slack webhook * chore(release): 12.0.9 [skip ci] * chore: updated readme with automated-releases, potential-problems and additional-notes placeholder (mojaloop#283) * updated readme with Automated Releases, Potential Problems and Additional Notes placeholder * fixed markdown lint issues for readme * chore(release): 12.0.10 [skip ci] * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * Fixed the tests * changed the way we add headers * refactoring * refactoring * removed the hardcoded headers * removed the hardcoded headers * updated README * fixed swagger * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes Co-authored-by: Juan Correa <gibaros@users.noreply.github.com> Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Vassilis Barzokas <vassilis.barzokas@modusbox.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: shashi165 <shashikant.hirugade@softwaregroup.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: ndonnan <neal.donnan@gmail.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Miguel de Barros <miguel@debarros.me> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: Johann Nel <29751181+JohannWNel@users.noreply.github.com> Co-authored-by: JoNel <Johann.nel@sybrin.co.za> Co-authored-by: mojaloopci <info@mojaloop.io>
shashi165
added a commit
to shashi165/quoting-service
that referenced
this pull request
Oct 13, 2021
* Issue934-FixSetEnvVarRCAsBooleanInsteadOfString (mojaloop#81) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * Issue934-JestUnitTestChangeUpdate * WIP * mockConfig done * Issue934-AddParseStringInObjectDependencyAndUpdateDeps * Issue934-UpdatePackageVersionTo8dot4dot1-snapshotAndUpdateDependencies * bugfix/1066 Remove Put Accept Header (mojaloop#86) - Added noAccept parameter - Upgraded dependencies * More unit tests and some code cleanup (mojaloop#87) * Tests converted to Jest * Added rules engine jsonpath dynamic fact * Updated rules engine API. Added jsonpath package to dependencies. Added rules engine tests. Added Jest config. Added example rules.json. * Updated hapi/subtext to patch vulnerability * Updated example rules and corresponding tests to reflect real form of payer and payee * Added switch endpoint to config to obtain payer and payee information for rules engine. Stubbed validateQuoteRequest method in relevant tests. Running rules engine in validateQuoteRequest (but not doing anything with the results yet). * Tests converted to Jest * Replaced coverage-check script. Added coverage threshold to jest config. Removed Istanbul config. * Uninstalled and reinstalled jest to fix vulnerability * Added junit + config. Added test:junit npm script. Modified circle config to call junit script. Added test results directory to gitignore. * Modified example rules and corresponding tests to better reflect actual payer and payee facts * Updated redirect address to redirect fsp. Made the linter happy. Added rule execution and event handling. Removed empty quote validation, replaced with rules engine execution. Removed redundant setImmediate. New test for INVALID_QUOTE_REQUEST event. Expanded INVALID_QUOTE_REQUEST unit tests. * Manual merge from upstream * Integrated properly the new `model/rules.js` into `model/quotes.js` and updated the `quotes.tests.js` accordingly. * Simplified block of code that was unnecessarily using `map`. * Forwarding event-handler-modified quote request and headers instead of originals * Fixed tests by poorly mocking handleRuleEvents on the quotes model * Cleaned a little bit the result of `handleRuleEvents`; Updated unit tests in order to pass according to latest code changes. * Deduplicated the functionality of request sending * Removed `setImmediate` from all places that it was used. * Use `CreateInternalServerFSPIOPError` instead of `CreateFSPIOPError` * fixed the name of rules.json * rename file rules.example.json * Refactored existing unit tests in order to make them cleaner and avoid duplication; Added more unit tests for `handleQuoteRequest` to cover all possible paths. * Refactored `handleQuoteRequest` to make it more readable and avoid duplication; Cleaned some minor parts of the whole `quotes.js` file. * Resolved issue with merge * Added unit tests for `quotesModel.handleRuleEvents` * Minor update to behaviour and corresponding test update. Minor test change. * Lint fix * Added unit tests for `quotesModel.executeRules` * Added more unit tests to `quotesModel.executeRules` to cover rejected promises of `axios.request` * Minor refactoring on the unit tests of `RulesEngine` to use `describe` blocks and `it()` instead of `test()` for consistency. * Added missing dependency that got removed after merging. * Updated quotes model unit tests to match the new implementation of config.js * Updated comments in codebase. * Removed ``^` sign from dependency in package.json * Bump npm-check-updates from 3.2.1 to 3.2.2 (mojaloop#88) Bumps [npm-check-updates](https://github.com/tjunnone/npm-check-updates) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/tjunnone/npm-check-updates/releases) - [Commits](raineorshine/npm-check-updates@v3.2.1...v3.2.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump eslint from 6.6.0 to 6.7.1 (mojaloop#89) Bumps [eslint](https://github.com/eslint/eslint) from 6.6.0 to 6.7.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v6.6.0...v6.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * bugfix/1079 Extensions Longer Than 128 Chars (mojaloop#90) - truncateExtension config - fix issues with standardJS * Dissasociated unit tests from the actual contents of file `config/rules.json`; (mojaloop#92) Added a `rules.example.json` file. * bugfix/1085 Quote to Inactive Fsp (mojaloop#91) - Proper generate request headers when from switch * mowdev-3411 * added more rules * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * added more rules and tests * test discard * test discard * test discard * updated dependencies (mojaloop#105) * stripe off accept header for PUT requests * added package-lock.json * Feature/1003 add container scans (mojaloop#103) * Add anchore image scanning, update circleci config * Fix config.yml validity issues * Bump package version, ensure latest deps are installed * Feature/1047 improve test coverage (mojaloop#108) * Add unit tests to bring coverage up to 90%+ remove redundant nyc config Set up dir structure for tests Set up dir structure for tests Add inspect util for ease of testing working on quotes error test Add istanbul ignore comments for mockgen only files working on health check mocks Working on config mocks Add bulk quotes not implemented tests Working on health check tests Working on health check tests remove unused comments working on quotes test working on config default tests working on utils tests working on utils tests find and replace all stack inspection find and replace all stack inspection Working on quote tests Move http into its own library for ease of mocking Move http into its own library for ease of mocking fix existing tests once mocking out http add tests for handleException add tests for handleException add tests for handleException finish getting model testing up to scratch fix missing conditions on rule engine tests Add tests for http refactor start script to improve tests work on server testing working on database mocking working on knex mocks working on knex mocks working on knex mocks working on knex mocks working on knex mocks replace err.stack || util.inspect(err) with getStackOrInspect work on quite tests work on quite tests finish work on cachedDatabase update dependencies, bump package version to 8.7.0 * remove unneeded test files * run standard --fix * bump package version to 8.7.1-snapshot * bump package version to 8.7.2-snapshot * added more rules * fixed the package.json version * fixed version number * fixed the Object.assign * removed rules.json * update package-lock.json * Attempt cache refresh * Replace audit:check with audit * Debug with verbose audit * Skip vulnerability check because of network errors * Skip vuln check step * downgrade helm version * #1147 - Update dependencies (mojaloop#118) * Update sinon * Bump version to 8.8.0 * temp logging * renamed switchEndpoint to a better name * removed config from dockerfile * Fix for #1169 - GET /quotes for malformed ID error response is 1001 instead of 3xxx (mojaloop#125) * Add quote ID validation in swagger.json * Update dependencies and fix unit test * Fix version * Added synchronous responses for rules engine invalid quote errors (mojaloop#127) * Added synchronous responses for rules engine invalid quote errors * Corrected import * Corrected error variable name * Moved response handling out of model, into handlers * Fixed tests * added error code * added swagger changes * Bugfix/1172empty quote values (mojaloop#128) * Added minLength of 1 for quoteId and transactionId for post quotes * Added a comment to remove the minLength property from quoteId and transactionId once the enjoi library has been fixed. * Upgrading version to v8.8.0-snapshot (mojaloop#129) * Upgrading version to v8.8.0-snapshot and now we have test coverage >90% * Feature/1157 anchore report summary (mojaloop#132) * Add anchore summary report upload * fix missing aws credentials * Update dependencies (mojaloop#133) * added error handling when there are no active accounts * added error handling when there are no active accounts * added error handling when there are no active accounts * 893-UpdateRegexToValidateIncomingErrorCodeAtEndpointCallbackAndUpdateDependencies (mojaloop#113) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * WIP * mockConfig done * 893-AddSwaggerValidationForIncomingErrorCodePlusUnitTestChangeAndUpdateDependencies * Fix unit test, update dependencies plus Merge remote-tracking branch 'origin/893-ValidateIncomingErrorCodeAtErroCallbackEndpoint' into 893-ValidateIncomingErrorCodeAtErroCallbackEndpoint Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> * fixed error responses sync and async * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * removed fspiop-uri header * removed fspiop-signature header * added one more error code to sync errors * added more error handling * Fix for #1173 - GET /quotes for unknown quote ID error response is 1001 instead of 3205 (mojaloop#139) * Bump version to 9.0.0-snapshot * Fix response codes for PUT /quotes/{id} and PUT /quotes/{id}/error from 202 to 200 * Update dependencies. Freeze json-rules-engine due to breaking changes * Bump version to 9.1.0 * Remove hard-coded response codes in test * Return error 3000 - Generic client error and not 1001 on 404 errors * Update dependencies * Fix span bug * Update cs-shared * Upgrade to Node 12.16.0 LTS version (mojaloop#150) - Updated CircleCI and Docker scripts to use Node 12.16.0 LTS version. - Updated dependencies * Added updated Mojaloop license (mojaloop#151) * Added updated Mojaloop license (mojaloop#152) * Hotfix: Fix startup failure error (mojaloop#153) * Lock hapi version * Resolve audit issue, temporarily * Fix/1107 circleci deploy (mojaloop#154) * remove sensitive notes * resolve npm audit issues * temp disable some cicd steps for speed up tests * fix missing aws config * Add parameters into orb config * Updating deploy config * helm deploy fixes * temporarily disable the coverage checks * replace inline deployment orb with orb reference * update deploy orb to v0.1.1 * removing duplicate configs * working on helm config * bump orb version to 0.1.4 * Working on executor config * Working on executor config * fix helm set values * more work on helm set values * more work on helm set values * Reenable skipped ci steps * bump package version to 9.2.2-snapshot, add hapi to the audit fix * Fixed /quote/\{id\}/error destination (mojaloop#156) * Updated package version (mojaloop#157) * Updated package version * Updated dependencies (mojaloop#158) * updated to newly released version of event-sdk * updated dependencies and version * Feature/updating dependencies (mojaloop#159) * updated to newly released version of event-sdk * updated dependencies and version * updated dependencies * #1178: Bug fixes for POST /quotes with unknown destination FSP (mojaloop#160) * Validate that FSP Ids in headers and payload match for both payerfsp and payeefsp * Hotfix: Revert #1178 changes (mojaloop#161) * Revert #1178 changes. Update depenedencies. Bump version * Undo version bump * Bugfix/restore handle quote error headers (mojaloop#168) * Modified `forwardQuoteUpdate` so it handles special cases where it doesn't need to modify/set the headers. * Bumped to 9.3.4-snapshot; Added myself to the hall of fame. * Updated unit tests. * Changed bumped version to 9.4.0 to cope with the current versioning status. * Changed the places where the sendErrorCallback is called with `true` flag. * run `npm run audit:resolve` and skipped for a week. * Do not modify headers in case they are only being relayed to another DFSP. * Do not delete `FSPIOP-Signature` header unless if `modifyHeaders` is `true`. * Store extensionLists for quote requests and responses. (mojaloop#184) * store extension list items for quote requests and responses * Adding unit test coverage for quote request and response extensionList saving to database * postpone audit failures * attempt to resolve further audit issues * Delete package-lock.json * another attempt to resolve audit issues * Bump package version * Proposed code changes for extensionLists PR (mojaloop#185) * Proposed code changes for extensionLists PR * Lint Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Feature/otc 218 enhance post quote partyIdInfo with extension list (mojaloop#190) * Added the extension list under the partyidinfo obj * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info Updated dependencies Postponed audit issue * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info * Add custom mojaloop policy for evaluating anchore-cli scans (mojaloop#192) * Update dependencies (mojaloop#200) * Update dependencies * Temporarily resolve audit issues * Hotfix for docker image to support async logging (mojaloop#202) - Added async logging support to DockerFile - Updated dependencies for Jest - Fixed vulnerability issues - Bumped version to v10.1.1 * Merged `master` into this branch. * added JWS support for switch generated msg (mojaloop#203) * added JWS support for switch generated msg * added unit tests * added coverage tests * fix audit issues * removed un-necessary header fix * added a valid default private key * added a default private key * not modify request in jwsSigner * fixed the version issue * bumped up the version * bumped up the version Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * fixed the bug with createQuoteExtensions * Fixed the arguments passed to `createQuoteExtensions`. (mojaloop#213) * Fixed the arguments passed to `createQuoteExtensions`. * Updated expected error message in unit test. * fixed issue with createQuoteExtension * Fixed issue with `createQuoteExtension` (mojaloop#214) * Revert change of the error message as it breaks tests. * Updated versions for error-handler, etc... (mojaloop#218) * Change CI/CD notifications to their own slack channel, bump package to 10.3.1 (mojaloop#219) * Fix DB transaction leaks. Update unit tests (mojaloop#220) - Fixed DB transaction/connection leaks - Updated unit tests - Bumped version * Feature/validation for name place accents (mojaloop#221) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Updated python in Circle CI (mojaloop#222) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Changes: Updated python in circle CI * Updated dependencies and version for issue: mojaloop/project#1378 (mojaloop#223) * Aligned an error message with the master branch to match Postman test's assertions. * Fixed some npm vulnerabilities and skipped the rest. * Updated circle CI config according to master branch. * Removed `quoteId` from error log message as it causes error due its exceeding length. * Removed `quoteId` from error log message as it causes error due its exceeding length. (mojaloop#224) * fixed error message * Bugfix/1385 fix post quotes header (mojaloop#225) * updated to newly released version of event-sdk * updated dependencies and version * updated to remove accept header from PUT quotes callback * fix error message (mojaloop#226) * fix error message * fix error message Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Bugfix/fix participant lookup to use currency (mojaloop#227) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * Bugfix/fix participant lookup to use currency (mojaloop#228) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * Bugfix/fix participant lookup to use currency (mojaloop#230) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * updated the order the sql is run in, seems to give and issue during testing * Bugfix/fix participant lookup to use currency (mojaloop#231) Fix for createPartyQuote not passing all values to getParticipant * Feature/1468 support for bulk quotes post passthrough (mojaloop#233) * updated to newly released version of event-sdk * updated dependencies and version * added support for bulk quotes post functionality updated dependencies to fix audit issues * added put, and get functionality for bulk quotes * Fix log text * added the put bulkQuotes error endpoint * updated according to stevens comments * removed unnecessary await * removed the await * awaits need to be there for audits * fixes for error handling according to @oderayi to handle exceptions in model instead of throwing it up to handler * #1484: Update FSPIOP API version (mojaloop#235) * Update FSPIOP API version * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Update API description * Attempt to fix 'jest not found' error in circleci * Attempt to fix 'jest not found' error in circleci * Lock version update for jest and jest-unit, restore npm scripts * Update jest and jest-junit * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version in attempt to bypass ci bug with caches Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Add ISO test currencies (XTS, XXX) (mojaloop#238) * Add ISO test currencies * Bump package version * added test currencies * resolve audit issues * fix audit issues * fix audit issues * Convert handlers to async, update deps, and bump version (mojaloop#239) * Feature/#1615 content headers (mojaloop#240) * added support for resource versions * updated dependencies Co-authored-by: Valentin <valentin.genev@modusbox.com> * fixed resource api version to be changed only if message originates from the switch (mojaloop#241) Co-authored-by: Valentin <valentin.genev@modusbox.com> * updated dependencies and removed old audit records (mojaloop#243) * Updated to cater for spans finishing early (mojaloop#244) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * fixes (mojaloop#245) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * needed to handle error in the model as the handler has already processed * #1456: Feature/docker config fixes (mojaloop#247) * Update docker configs with master, bump patch version, update dependencies, and fix linting errors with Standard * Update tests * Clean up * Clean up * validate dfsps in payload for simple routing mode (mojaloop#248) * #1875: Replace wildcard routes with explicit routes. (mojaloop#249) * Replace wildcard routes with explicit routes. Add hapi-swagger for API documentation (swagger). Update dependencies. Bump patch version * Fix dependencies * chore: update license file (mojaloop#251) * #1885: Add API documentation library (mojaloop#250) * Add API documentation endpoints * Update dependencies * Resolve audit * Force update event-stream (Widdershins dep) due to license audit issues * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (mojaloop#252) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump axios from 0.21.0 to 0.21.1 (mojaloop#255) Bumps [axios](https://github.com/axios/axios) from 0.21.0 to 0.21.1. **This update includes a security fix.** - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md) - [Commits](axios/axios@v0.21.0...v0.21.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump urijs from 1.19.2 to 1.19.5 (mojaloop#254) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.2 to 1.19.5. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.2...v1.19.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * feat(ci/cd): add pr title check (mojaloop#256) * chore: adding codeowners file (mojaloop#257) * chore: maintenance upgrades, audit check resolve update (mojaloop#258) * chore: adding codeowners file * chore: maintenance upgrades, audit check resolve update * fix(headers)!: made fspiop-destination header mandatory (mojaloop#259) * fix(headers) ! :made fspiop-destination header mandatory * added unit test * added unit test * [Security] Bump urijs from 1.19.5 to 1.19.6 (mojaloop#260) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.6. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.5...v1.19.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * fix(security): Bump y18n from 3.2.1 to 3.2.2 (mojaloop#261) Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.** - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix(security): Bump djv from 2.1.2 to 2.1.4 (mojaloop#263) Bumps [djv](https://github.com/korzio/djv) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/korzio/djv/releases) - [Changelog](https://github.com/korzio/djv/blob/master/CHANGELOG.md) - [Commits](https://github.com/korzio/djv/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: #2103 fix subid functionality in POST quotes request (mojaloop#264) * Fixed issue with subId * Bumped up the version and postponed the audits * Fixed unit test * Update src/data/database.js Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> * feat(#2119): fixes for updated for AJV error objects change (mojaloop#265) - Including new release of Central-services-error-handling: https://github.com/mojaloop/central-services-error-handling/releases/tag/v11.2.0 - Upgraded dependencies - Added AJV as it was a "peer dependency" - Bump to version - Updated audit-resolve for known security issue * fix(#2182): regex validations against swagger interface spec no longer working (mojaloop#267) - Updated central-services-shared dependency - Bump to version - Audit-resolve issues * fix: helm release v12.1.0 (mojaloop#269) - Updated dependencies - Bump to patch level - Standardised npm lint script - Fixes for audit issues * [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (mojaloop#266) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: helm release v12.1.0 (mojaloop#270) - updated missing dependency updates due to ncurc - 'allow.auto.create.topics=true' had been added to Kafka Consumer configs. This will enable Kafka Consumers to trigger auto creation of topics, ref: https://github.com/edenhill/librdkafka/releases/tag/v1.5.0. * fix(mojaloop/project#2246): updated dependency version (mojaloop#272) -Bumped Version -Fixed pre-commit task, misspelling Co-authored-by: JoNel <Johann.nel@sybrin.co.za> * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings (mojaloop#278) * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings [#2358](mojaloop/project#2358) - Updated regex to match [\w](https://unicode.org/reports/tr18/#word) (used by the [Mojaloop Specification](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/fspiop-v1.1-openapi3.yaml#L2347)) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification. - Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName - Bump to patch version - Updated dependencies to the latest version - Fixed audit-resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week * chore(#864): change instanbul to nyc for coverage on all projects (mojaloop#279) chore(#864): change instanbul to nyc for coverage on all projects - removed .ncurc.yml as code-coverage is configured in the jest.config.js - fixes for audit resolve ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point * fix(mojaloop/#2439): quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (mojaloop#280) fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE - added typesafe checks for validate quote request logic - added devspace patterns to gitignore - minor formatting of the serverStart unit tests for clarity - updated dependencies to latest version - added circleci config for automated releases - added standard-version dependency for automated releases - fixed audit resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point * fix: updated circleci config to use the SHA1 hash of the last commit of the current build (mojaloop#281) * chore(release): 12.0.8 [skip ci] * fix: circleci slack webhook typo fix (mojaloop#282) * fixes for CI-CD typo image-scan failure on slack webhook * chore(release): 12.0.9 [skip ci] * chore: updated readme with automated-releases, potential-problems and additional-notes placeholder (mojaloop#283) * updated readme with Automated Releases, Potential Problems and Additional Notes placeholder * fixed markdown lint issues for readme * chore(release): 12.0.10 [skip ci] * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * Fixed the tests * changed the way we add headers * refactoring * refactoring * removed the hardcoded headers * removed the hardcoded headers * updated README * fixed swagger * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes Co-authored-by: Juan Correa <gibaros@users.noreply.github.com> Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Vassilis Barzokas <vassilis.barzokas@modusbox.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: shashi165 <shashikant.hirugade@softwaregroup.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: ndonnan <neal.donnan@gmail.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Miguel de Barros <miguel@debarros.me> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: Johann Nel <29751181+JohannWNel@users.noreply.github.com> Co-authored-by: JoNel <Johann.nel@sybrin.co.za> Co-authored-by: mojaloopci <info@mojaloop.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
security
Pull requests that address a security vulnerability
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps urijs from 1.19.5 to 1.19.6. This update includes a security fix.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
... (truncated)
Release notes
Sourced from urijs's releases.
Changelog
Sourced from urijs's changelog.
Commits
46c8ac0
chore(build): bumping to version 1.19.6a1ad8bc
fix(parse): treat backslash as forwardslash in scheme delimiterDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard: