[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	Yes	Proof of Concept
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mojaloop/central-ledger

The new version differs by 141 commits.

• 6914dad chore(release): 13.10.0 [skip ci]
• 2b1ecab feat(2151): helm-release-v12.1.0 (#844)
• cecdcff chore(release): 13.9.0 [skip ci]
• 02fa819 feat(2151): helm-release-v12.1.0 (#843)
• 0680e4a chore(release): 13.8.0 [skip ci]
• 459c9e0 feat(2151): helm-release-v12.1.0 (#842)
• f9f2834 chore(release): 13.6.0 [skip ci]
• 605177a feat(#2123): default settlement model added (#839)
• 2a47f61 chore(release): 13.4.0 [skip ci]
• 233785e feat: add services endpoint seeds (#838)
• 0b6c567 chore(release): 13.3.0 [skip ci]
• de5077a feat(db migrations): fix subid db (#836)
• 182a591 chore(deps): bump djv from 2.1.2 to 2.1.4 (#833)
• 32346e5 fix(security): Bump y18n from 3.2.1 to 3.2.2 (#830)
• 16a75af fix: package.json & package-lock.json to reduce vulnerabilities (#829)
• a3e17c4 chore(release): 13.2.6 [skip ci]
• 6cb311a chore: add patch consentRequest and put cr error endpoints (#828)
• e45a71b chore(release): 13.2.5 [skip ci]
• 2bb426d fix: #1977 timeout enumeration for cron job fixed (#824)
• eda654b chore(release): 13.2.4 [skip ci]
• 1c692ab [Security] Bump urijs from 1.19.5 to 1.19.6 (#825)
• 33c53fd chore(release): 13.2.3 [skip ci]
• 9e4d017 chore: add accounts callback endpoints (#822)
• 3a4ff95 chore(release): 13.2.2 [skip ci]

See the full diff

Package name: @mojaloop/central-services-shared

The new version differs by 107 commits.

• 333abca chore(release): 14.0.0 [skip ci]
• cedc359 fix(mojaloop/#2470)!: central-services-shared streamingprotocol encode/decode functionality fix (Upgraded central-services-shared library to 10.5.3, bump version mojaloop/central-settlement#313)
• a8f2011 chore(release): 13.4.1 [skip ci]
• 0dc78fc fix(index.d.ts): missing eventTypeEnum (fix for integration tests failing on latest version of simulator mojaloop/central-settlement#312)
• 6e0ba34 chore(release): 13.4.0 [skip ci]
• 3ec7998 feat(ci): automate releases (Feature/otc 390 implement interchange fee calculation mojaloop/central-settlement#311)
• 332869b feat(enums): add enums for /tpr/authorizations and /tpr/verifications (Fixed cache issue with checksum calculation mojaloop/central-settlement#310)
• 40a759a chore(deps): [security] bump postcss from 7.0.35 to 7.0.36 (Feature/otc300 consume commit message mojaloop/central-settlement#305)
• cda0756 chore: add header validation code to exports (Feature/otc300 consume commit message mojaloop/central-settlement#306)
• fc78b7b chore: remove enums added by mistake (Feature/otc mojaloop/central-settlement#304)
• 53a1580 chore: add enums for account linking endpoints (Feature/otc300 consume commit message mojaloop/central-settlement#303)
• 470f6e9 chore: add missed services http enum (Updated versions for error-handler, etc... mojaloop/central-settlement#302)
• b25012f fix(Central Shared Services - Header validation does not take into account valid structure mojaloop/project#2246): header validation regex failed to take into account valid structure (Bump npm-check-updates from 4.0.4 to 6.0.0 mojaloop/central-settlement#299)
• f68a772 [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (Feature/1223 anchore policy mojaloop/central-settlement#292)
• 0f2e98f feat(2151): helm release v12.1.0 (Bump standard from 14.3.1 to 14.3.4 mojaloop/central-settlement#298)
• 14f0b3e feat(2151)!: helm-release-v12.1.0 (Bump npm-check-updates from 4.0.4 to 5.0.0 mojaloop/central-settlement#297)
• a5d9141 chore: fix service type typescript enum (Bump tape from 4.13.2 to 5.0.0 mojaloop/central-settlement#296)
• 5aaf087 fix(#2182)!: regex validations against swagger interface spec no longer working (Release/v9.5.0 mojaloop/central-settlement#295)
• 0e538d8 chore: bump package version (release v9.5.0 mojaloop/central-settlement#294)
• fc4fe7e chore: add 'example' as whitelisted keyword (Bump @mojaloop/central-services-shared from 9.3.0 to 9.5.5 mojaloop/central-settlement#293)
• 6f9496d chore: address vulnerabilities (Bump @mojaloop/central-services-shared from 9.3.0 to 9.5.3 mojaloop/central-settlement#291)
• 6275eb0 chore: add services endpoints (Bump npm-check-updates from 4.0.4 to 4.1.2 mojaloop/central-settlement#290)
• 5860510 feat(#2119): fixes for updated for AJV error objects change (Bump @mojaloop/central-services-shared from 9.3.0 to 9.5.2 mojaloop/central-settlement#289)
• b83a8bd fixed typo (Bump nyc from 15.0.0 to 15.0.1 mojaloop/central-settlement#288)

See the full diff

Package name: @now-ims/hapi-now-auth

The new version differs by 2 commits.

• dc778af 2.0.1
• 3dc134a updating core dependencies for security

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic