Skip to content

Commit

Permalink
fix: protobuff vuln issue (#455)
Browse files Browse the repository at this point in the history 
Follow-up to chore(mojaloop/[#3386](https://github.com/kleyow/sdk-scheme-adapter/issues/3386)): sdk nodejs maintenance upgrade - mojaloop/project#3386
- fix: updated to audit-ci 
    - added protobuff vuln
    - cleaned up vuln that are no longer an issue
- chore: updated deps
  • Loading branch information
@mdebarros
mdebarros committed Jul 10, 2023
1 parent 9ac931a commit fa600ad
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 64 deletions.
15 changes: 3 additions & 12 deletions audit-ci.jsonc
View file
Expand Up @@ -11,28 +11,19 @@
"GHSA-6vfc-qv3f-vr6c",
"GHSA-rjqq-98f6-6j3r",
"GHSA-phwq-j96m-2c2q",
"GHSA-pfrx-2q88-qq97",
"GHSA-wc69-rhjr-hc9g",
"GHSA-3cvr-822r-rqcc",
"GHSA-8qr4-xgw6-wmr3",
"GHSA-f772-66g8-q5h3",
"GHSA-cph5-m8f7-6c5x",
"GHSA-hrpp-h998-j3pp",
"GHSA-8cf7-32gw-wr33",
// Vulnerabilities for jsonwebtoken in
// sdk-standard-components
// central-services-error-handling
// central-services-shared
"GHSA-27h2-hvpr-p74q",
"GHSA-hjrf-2m68-5959",
"GHSA-qwph-4952-7xr6",
"GHSA-9c47-m6qq-7p4h",
"GHSA-h452-7996-h45h",
"GHSA-rc47-6667-2j5j",
"GHSA-8x6c-cv3v-vp6g",
// Some audit issues with api-snippets
"GHSA-r6ch-mqf9-qc9w",
"GHSA-5r9g-qh6m-jxff",
"GHSA-c2qf-rxjj-qqgw"
"GHSA-c2qf-rxjj-qqgw",
// Issue with protobuffs (https://github.com/advisories/GHSA-h755-8qp9-cq85). No fix available.
"GHSA-h755-8qp9-cq85"
]
}
6 changes: 3 additions & 3 deletions modules/outbound-command-event-handler/package.json
View file
Expand Up @@ -51,14 +51,14 @@
"express": "^4.18.2",
"openapi-backend": "^5.9.2",
"redis": "^4.6.7",
"swagger-ui-express": "^4.6.3",
"swagger-ui-express": "^5.0.0",
"yamljs": "^0.3.0"
},
"devDependencies": {
"@types/convict": "^6.1.3",
"@types/express": "^4.17.17",
"@types/jest": "^29.5.2",
"@types/node": "^20.4.0",
"@types/node": "^20.4.1",
"@types/node-cache": "^4.2.5",
"@types/supertest": "^2.0.12",
"@types/swagger-ui-express": "^4.1.3",
Expand All @@ -68,7 +68,7 @@
"copyfiles": "^2.4.1",
"eslint": "^8.44.0",
"jest": "^29.6.1",
"nodemon": "^2.0.22",
"nodemon": "^3.0.1",
"npm-check-updates": "^16.7.10",
"replace": "^1.2.2",
"standard-version": "^9.5.0",
Expand Down
6 changes: 3 additions & 3 deletions modules/outbound-domain-event-handler/package.json
View file
Expand Up @@ -49,14 +49,14 @@
"express": "^4.18.2",
"openapi-backend": "^5.9.2",
"redis": "^4.6.7",
"swagger-ui-express": "^4.6.3",
"swagger-ui-express": "^5.0.0",
"yamljs": "^0.3.0"
},
"devDependencies": {
"@types/convict": "^6.1.3",
"@types/express": "^4.17.17",
"@types/jest": "^29.5.2",
"@types/node": "^20.4.0",
"@types/node": "^20.4.1",
"@types/node-cache": "^4.2.5",
"@types/supertest": "^2.0.12",
"@types/swagger-ui-express": "^4.1.3",
Expand All @@ -66,7 +66,7 @@
"copyfiles": "^2.4.1",
"eslint": "^8.44.0",
"jest": "^29.6.1",
"nodemon": "^2.0.22",
"nodemon": "^3.0.1",
"npm-check-updates": "^16.7.10",
"replace": "^1.2.2",
"standard-version": "^9.5.0",
Expand Down
2 changes: 1 addition & 1 deletion modules/private-shared-lib/package.json
View file
Expand Up @@ -37,7 +37,7 @@
"uuid": "^9.0.0"
},
"devDependencies": {
"@types/node": "^20.4.0",
"@types/node": "^20.4.1",
"eslint": "^8.44.0",
"jest": "^29.6.1",
"npm-check-updates": "^16.7.10",
Expand Down
4 changes: 2 additions & 2 deletions package.json
View file
Expand Up @@ -72,7 +72,7 @@
},
"devDependencies": {
"@types/jest": "^29.5.2",
"@types/node": "^20.4.0",
"@types/node": "^20.4.1",
"@types/node-cache": "^4.2.5",
"@typescript-eslint/eslint-plugin": "^5.61.0",
"@typescript-eslint/parser": "^5.61.0",
Expand All @@ -82,7 +82,7 @@
"eslint-plugin-import": "latest",
"husky": "^8.0.3",
"jest": "^29.6.1",
"nodemon": "^2.0.22",
"nodemon": "^3.0.1",
"npm-check-updates": "^16.7.10",
"replace": "^1.2.2",
"standard-version": "^9.5.0",
Expand Down
77 changes: 34 additions & 43 deletions yarn.lock
View file
Expand Up @@ -2705,7 +2705,7 @@ __metadata:
"@types/convict": ^6.1.3
"@types/express": ^4.17.17
"@types/jest": ^29.5.2
"@types/node": ^20.4.0
"@types/node": ^20.4.1
"@types/node-cache": ^4.2.5
"@types/supertest": ^2.0.12
"@types/swagger-ui-express": ^4.1.3
Expand All @@ -2718,13 +2718,13 @@ __metadata:
eslint: ^8.44.0
express: ^4.18.2
jest: ^29.6.1
nodemon: ^2.0.22
nodemon: ^3.0.1
npm-check-updates: ^16.7.10
openapi-backend: ^5.9.2
redis: ^4.6.7
replace: ^1.2.2
standard-version: ^9.5.0
swagger-ui-express: ^4.6.3
swagger-ui-express: ^5.0.0
ts-jest: ^29.1.1
ts-node: ^10.9.1
typescript: ^5.1.6
Expand All @@ -2743,7 +2743,7 @@ __metadata:
"@types/convict": ^6.1.3
"@types/express": ^4.17.17
"@types/jest": ^29.5.2
"@types/node": ^20.4.0
"@types/node": ^20.4.1
"@types/node-cache": ^4.2.5
"@types/supertest": ^2.0.12
"@types/swagger-ui-express": ^4.1.3
Expand All @@ -2755,13 +2755,13 @@ __metadata:
eslint: ^8.44.0
express: ^4.18.2
jest: ^29.6.1
nodemon: ^2.0.22
nodemon: ^3.0.1
npm-check-updates: ^16.7.10
openapi-backend: ^5.9.2
redis: ^4.6.7
replace: ^1.2.2
standard-version: ^9.5.0
swagger-ui-express: ^4.6.3
swagger-ui-express: ^5.0.0
ts-jest: ^29.1.1
ts-node: ^10.9.1
typescript: ^5.1.6
Expand All @@ -2778,7 +2778,7 @@ __metadata:
"@mojaloop/logging-bc-public-types-lib": ^0.1.19
"@mojaloop/platform-shared-lib-messaging-types-lib": ^0.2.100
"@mojaloop/platform-shared-lib-nodejs-kafka-client-lib": 0.2.15
"@types/node": ^20.4.0
"@types/node": ^20.4.1
ajv: ^8.12.0
eslint: ^8.44.0
jest: ^29.6.1
Expand All @@ -2797,7 +2797,7 @@ __metadata:
resolution: "@mojaloop/sdk-scheme-adapter@workspace:."
dependencies:
"@types/jest": ^29.5.2
"@types/node": ^20.4.0
"@types/node": ^20.4.1
"@types/node-cache": ^4.2.5
"@typescript-eslint/eslint-plugin": ^5.61.0
"@typescript-eslint/parser": ^5.61.0
Expand All @@ -2807,7 +2807,7 @@ __metadata:
eslint-plugin-import: latest
husky: ^8.0.3
jest: ^29.6.1
nodemon: ^2.0.22
nodemon: ^3.0.1
npm-check-updates: ^16.7.10
nx: 16.5.0
replace: ^1.2.2
Expand Down Expand Up @@ -3739,10 +3739,10 @@ __metadata:
languageName: node
linkType: hard

"@types/node@npm:^20.4.0":
version: 20.4.0
resolution: "@types/node@npm:20.4.0"
checksum: 8ad632ee131611651fc5f4ac3a47427640e2492ab314fe1c4d0c3b97af71784ef48c53221d5f9922aab4724375dcb4f33137b3107ba2c356d9366216a31678aa
"@types/node@npm:^20.4.1":
version: 20.4.1
resolution: "@types/node@npm:20.4.1"
checksum: 22cbcc792f2eb636fe4188778ed0f32658ab872aa7fcb9847b3fa289a42b14b9f5e30c6faec50ef3c7adbc6c2a246926e5858136bb8b10c035a3fcaa6afbeed2
languageName: node
linkType: hard

Expand Down Expand Up @@ -11171,23 +11171,23 @@ __metadata:
languageName: node
linkType: hard

"nodemon@npm:^2.0.22":
version: 2.0.22
resolution: "nodemon@npm:2.0.22"
"nodemon@npm:^3.0.1":
version: 3.0.1
resolution: "nodemon@npm:3.0.1"
dependencies:
chokidar: ^3.5.2
debug: ^3.2.7
ignore-by-default: ^1.0.1
minimatch: ^3.1.2
pstree.remy: ^1.1.8
semver: ^5.7.1
simple-update-notifier: ^1.0.7
semver: ^7.5.3
simple-update-notifier: ^2.0.0
supports-color: ^5.5.0
touch: ^3.1.0
undefsafe: ^2.0.5
bin:
nodemon: bin/nodemon.js
checksum: 9c987e139748f5b5c480c6c9080bdc97304ee7d29172b7b3da1a7db590b1323ad57b96346304e9b522b0e445c336dc393ccd3f9f45c73b20d476d2347890dcd0
checksum: 6a5d81855760d6617049eccce10ccf02bddb482dab13ceea5280ae595ec7004eee13e7b934368e3f46c37fe4d970342a8c38c99cae7e93e4d7a3ed1c1ecb6acf
languageName: node
linkType: hard

Expand Down Expand Up @@ -13307,7 +13307,7 @@ __metadata:
languageName: node
linkType: hard

"semver@npm:2 || 3 || 4 || 5, semver@npm:^5.0.3, semver@npm:^5.5.0, semver@npm:^5.6.0, semver@npm:^5.7.1":
"semver@npm:2 || 3 || 4 || 5, semver@npm:^5.0.3, semver@npm:^5.5.0, semver@npm:^5.6.0":
version: 5.7.1
resolution: "semver@npm:5.7.1"
bin:
Expand Down Expand Up @@ -13347,15 +13347,6 @@ __metadata:
languageName: node
linkType: hard

"semver@npm:~7.0.0":
version: 7.0.0
resolution: "semver@npm:7.0.0"
bin:
semver: bin/semver.js
checksum: 272c11bf8d083274ef79fe40a81c55c184dff84dd58e3c325299d0927ba48cece1f020793d138382b85f89bab5002a35a5ba59a3a68a7eebbb597eb733838778
languageName: node
linkType: hard

"send@npm:0.18.0":
version: 0.18.0
resolution: "send@npm:0.18.0"
Expand Down Expand Up @@ -13565,12 +13556,12 @@ __metadata:
languageName: node
linkType: hard

"simple-update-notifier@npm:^1.0.7":
version: 1.0.7
resolution: "simple-update-notifier@npm:1.0.7"
"simple-update-notifier@npm:^2.0.0":
version: 2.0.0
resolution: "simple-update-notifier@npm:2.0.0"
dependencies:
semver: ~7.0.0
checksum: aaadc1f158ad5101b363d1c7aed1f30fc1cac59a760aa31702633e0e6fe423348f07d0e78185aef0aad29130a7b7f0f188c21c7bc7353f897a0ea3682e051a70
semver: ^7.5.3
checksum: 9ba00d38ce6a29682f64a46213834e4eb01634c2f52c813a9a7b8873ca49cdbb703696f3290f3b27dc067de6d9418b0b84bef22c3eb074acf352529b2d6c27fd
languageName: node
linkType: hard

Expand Down Expand Up @@ -14183,21 +14174,21 @@ __metadata:
languageName: node
linkType: hard

"swagger-ui-dist@npm:>=4.11.0":
version: 4.15.2
resolution: "swagger-ui-dist@npm:4.15.2"
checksum: 218415ab16c43a4c55be0fad4b3c3b12bc97c6e8957b387616befcb21d9810a97f6143b5f238d3c2f870c73d6b505ff8588c04148bfe5a0762acaf6826d12c74
"swagger-ui-dist@npm:>=5.0.0":
version: 5.1.0
resolution: "swagger-ui-dist@npm:5.1.0"
checksum: 41b91708e757852423a4fddfc07d0e87ef38c4ad9fad5757fbc27b23c9e71593a1c48b53661fa2d9bb241043b6800cd9a57d980943a17c9eb388704e30156120
languageName: node
linkType: hard

"swagger-ui-express@npm:^4.6.3":
version: 4.6.3
resolution: "swagger-ui-express@npm:4.6.3"
"swagger-ui-express@npm:^5.0.0":
version: 5.0.0
resolution: "swagger-ui-express@npm:5.0.0"
dependencies:
swagger-ui-dist: ">=4.11.0"
swagger-ui-dist: ">=5.0.0"
peerDependencies:
express: ">=4.0.0 || >=5.0.0-beta"
checksum: bd0e02d2572685fcd82701b29f27ba6a27bc72de2b1553e84f884d008a0bf85a3711c9e236bb658130d702892866744d1a8a30b52b887e4f8224635c57afc63d
checksum: 565b89717315577785edc6d2f4df8ce83207baa2b714264170ffa677522d2103c184091e146b7cce7baf254e96116c5bb2cb1ab907dc1152fdead3090690983b
languageName: node
linkType: hard

Expand Down

0 comments on commit fa600ad

Please sign in to comment.