[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	Yes	Proof of Concept
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mojaloop/central-ledger

The new version differs by 107 commits.

• 31d2189 fix: dep update (#812)
• ebeb3d8 fix(settlements)!: SettlementModel currency is mandatory (#811)
• 47d173c chore: adding codeowners list (#810)
• 0ac56b1 feat(settlements)!: Continuous Gross Settlement (#808)
• 68882fd fix: package.json & package-lock.json to reduce vulnerabilities (#809)
• 3308ec2 [Security] Bump urijs from 1.19.3 to 1.19.5 (#806)
• 97f0566 chore: update dependencies, maintenance
• 8abd0c3 fix: package.json & package-lock.json to reduce vulnerabilities (#800)
• ab96ea1 [Security] Bump ini from 1.3.5 to 1.3.8 (#801)
• 6286b5e #1885: Update API documentation endpoints (#798)
• eb5fdbb chore: update license file (#797)
• 7419b25 Fix for https://github.com/Inconsistent Transfer Timeout error messages being sent by Central-Ledger mojaloop/project#1877 (#795)
• 2b168b1 Update standard version & fix linting issues (#794)
• ce4f7c9 Update central-services-database and other deps (#793)
• 2762305 BugFix 1444 - Ignore Dups on Seed insert (#792)
• 867fb1d updated dependencies for helm release (#789)
• 16f582c Bugfix/1710 1709 headers invalid case (#787)
• f8f574f Add unit tests for timeout callback fix (#786)
• b577761 Fix error callback for expired transfers (#785)
• 3f8cfd0 Feature/#1615 content headers (#782)
• caf392c Fix bug in volumes of temp_curl service (#778)
• 4223655 fix: package.json & package-lock.json to reduce vulnerabilities (#775)
• b1cc709 #1547: Update dependencies (central-object-store etc.) (#774)
• 647b966 #1547: Fail transfer fulfill with "RESERVED" state and v1.0 content-type (#773)

See the full diff

Package name: @mojaloop/central-services-logger

The new version differs by 7 commits.

• 8503b55 Feature/fix dependency audit issues ([Snyk] Fix for 1 vulnerabilities #21)
• 1640e00 Resolved audit issues and updated test dependencies ([Snyk] Fix for 1 vulnerabilities #19)
• 68ac6da #1289LogOptimisationFix - fix for error/warn levels mistake ([Snyk] Fix for 1 vulnerabilities #18)
• 233c503 Bumped package version to 9.5.0 ([Snyk] Fix for 1 vulnerabilities #16)
• 774bb2f feature/#1289 Log optimisation - added log level helpers ([Snyk] Fix for 1 vulnerabilities #15)
• 340fadc Added updated Mojaloop license ([Snyk] Fix for 1 vulnerabilities #13)
• fbcb323 updated to latest node LTS version 12.16.0 ([Snyk] Security upgrade hapi-openapi from 1.2.6 to 2.0.2 #12)

See the full diff

Package name: @mojaloop/central-services-shared

The new version differs by 45 commits.

• a6c1b84 added changes to cater for bulk quotes api (Settlement v2 deon mojaloop/central-settlement#237)
• 8ec5082 #1456: Added extensions list object for unsupported version error (Bump sinon from 7.5.0 to 8.1.1 mojaloop/central-settlement#235)
• 80955f9 Feature/#1334 patch request notif (Settlement v2 deon mojaloop/central-settlement#234)
• d80967a added config for bulk-abort to fulfil and positions topicMap (1166-IntegrateEventFrameworkIntoCentralSettlement mojaloop/central-settlement#233)
• abd3e02 Feature/#1334 patch request notif (Bump @mojaloop/central-services-shared from 8.6.3 to 8.8.2 mojaloop/central-settlement#232)
• 8afe1d7 Changes for bug https://github.com/ExtensionList missing when unsupported version requested for services mojaloop/project#1378 (feature/1100 Settlement By Currency Wrap Up mojaloop/central-settlement#231)
• 24812c9 #1423: Bulk transfers error processing(feature/1157-anchore-report-summary mojaloop/central-settlement#230)
• cb6b128 Feature/fix dependency audit issues for error handling (feature/1099 Update Settlement by ID Changes mojaloop/central-settlement#229)
• 4612d08 Resolve some of central-services-shared audit issues (Bump sinon from 7.5.0 to 8.1.0 mojaloop/central-settlement#228)
• ef657f2 #1381: Add Kafka topic mapping for 'timeout-reserved' action (Bump mustache from 3.1.0 to 4.0.0 mojaloop/central-settlement#227)
• 78ee2f9 Feature/add spans to request openapi backend (feature/1096 Create Settlement Changes #1 mojaloop/central-settlement#224)
• a6e6786 adding support for openapi backend events, as well as schema validati… (Bump tape from 4.11.0 to 4.13.0 mojaloop/central-settlement#221)
• 463b819 do not modify the headers in jwsSigner ([Snyk] Security upgrade @mojaloop/central-ledger from 8.2.4 to 15.1.3 #220)
• f585d81 added feature to JWS sign request ([Snyk] Fix for 1 vulnerabilities #217)
• d29c67e Update dependencies to fix 'cause' extension entry bug' ([Snyk] Security upgrade @mojaloop/central-ledger from 8.2.4 to 15.1.3 #218)
• 1e1c5b9 Release/v9.5.5 ([Snyk] Fix for 1 vulnerabilities #215)
• efec76e Release/v9.5.5 ([Snyk] Security upgrade @mojaloop/central-ledger from 8.2.4 to 9.2.0 #214)
• d740f6c Release/v9.5.4 ([Snyk] Fix for 1 vulnerabilities #213)
• b383982 #1289 Log optimisation - added log calls opt-out ([Snyk] Fix for 1 vulnerabilities #210)
• f84e749 Add 'authorization' to known resources for header validation ([Snyk] Fix for 1 vulnerabilities #209)
• 0b60c36 Bugfix/fix header validation for empty header values ([Snyk] Fix for 1 vulnerabilities #207)
• 8e2ebb6 updated headerValidation event ([Snyk] Fix for 1 vulnerabilities #206)
• f8417b7 Feature/event sdk update ([Snyk] Fix for 1 vulnerabilities #203)
• 022e2bc fixes for central-services issues ([Snyk] Fix for 15 vulnerabilities #201)

See the full diff

Package name: @now-ims/hapi-now-auth

The new version differs by 2 commits.

• dc778af 2.0.1
• 3dc134a updating core dependencies for security

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution