Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(mojaloop/#2480): central-ledger migration scripts to configure quote party table utf8 support #862

Merged
merged 2 commits into from
Sep 16, 2021
Merged

feat(mojaloop/#2480): central-ledger migration scripts to configure quote party table utf8 support #862

merged 2 commits into from
Sep 16, 2021

Commits on Sep 16, 2021

  1. feat(mojaloop/#2480): central-ledger migration scripts to configure q… 

    …uote party table utf8 support

- added migration script (500601_party-2480.js) to alter party table for utf8 support
- updated dependencies
- fixes for audit-resolve

```text
--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.16 || >=5.0.0 <5.0.8 || >=6.0.0 <6.1.7 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
```

> Outcome: Fixed

```text
--------------------------------------------------
 yargs-parser needs your attention.

[ low ] Prototype Pollution
 vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
 - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser
```

> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point

```text
--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
```

> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point
    @mdebarros
    mdebarros committed Sep 16, 2021
    Configuration menu
    Copy the full SHA
    5e2fe91 View commit details
    Browse the repository at this point in the history

  2. chore: updated circleci config to use the last commit sha1 hash inste… 

    …ad of the package.json checksum to ensure that build caches are now specific to the changes being made
    @mdebarros
    mdebarros committed Sep 16, 2021
    Configuration menu
    Copy the full SHA
    2aa3436 View commit details
    Browse the repository at this point in the history