fix(mojaloop/#2478): sdk-scheme-adapter does not publish ws notifications when cache is restarted #285

mdebarros · 2021-09-15T18:07:44Z

Re-factored lib/cache to configure notify-keyspace-events on Redis when a subscriber is created - SDK-Scheme-Adapter does not publish WS notifications when Cache is restarted project#2478
Updates several logs for consistency
Added internal event listeners for 'connect', 'reconnecting' and 'subscribe' emitted events from Redis client
updated all dependencies
- Updated ws dependency to latest 7.x version. 8.x introduces some breaking changes, will create a story to address this in future.
fixes for audit-resolve:

--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.16 || >=5.0.0 <5.0.8 || >=6.0.0 <6.1.7 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fixed

--------------------------------------------------
 yargs-parser needs your attention.

[ low ] Prototype Pollution
 vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
 - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser

Outcome: Ignored for a week
Impact: Minimal as the dependencies are used for the Developer Documentation end-point

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

Outcome: Ignored for a week
Impact: Minimal as the dependencies are used for the Developer Documentation end-point

…ions when cache is restarted - Re-factored lib/cache to configure notify-keyspace-events on Redis when a subscriber is created - Updates several logs for consistency - Added internal event listeners for 'connect', 'reconnecting' and 'subscribe' emitted events from Redis client

- updated all dependencies - Updated ws dependency to latest 7.x version. 8.x introduces some breaking changes, will create a story to address this in future. - fixes for audit-resolve: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.16 || >=5.0.0 <5.0.8 || >=6.0.0 <6.1.7 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point

mdebarros added 2 commits September 15, 2021 20:06

minor log typo fixes

6326f1b

mdebarros marked this pull request as ready for review September 16, 2021 09:25

mdebarros requested a review from kirgene as a code owner September 16, 2021 09:25

mdebarros marked this pull request as draft September 16, 2021 09:25

mdebarros marked this pull request as ready for review September 16, 2021 09:44

mdebarros self-assigned this Sep 16, 2021

mdebarros requested review from vijayg10 and elnyry-sam-k September 16, 2021 09:49

elnyry-sam-k approved these changes Sep 16, 2021

View reviewed changes

mdebarros merged commit eae1daa into master Sep 16, 2021

mdebarros deleted the fix/#2478-SDK-Scheme-Adapter-does-not-publish-WS-notifications-when-Cache-is-restarted branch September 16, 2021 10:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(mojaloop/#2478): sdk-scheme-adapter does not publish ws notifications when cache is restarted #285

fix(mojaloop/#2478): sdk-scheme-adapter does not publish ws notifications when cache is restarted #285

mdebarros commented Sep 15, 2021 •

edited

Loading

fix(mojaloop/#2478): sdk-scheme-adapter does not publish ws notifications when cache is restarted #285

fix(mojaloop/#2478): sdk-scheme-adapter does not publish ws notifications when cache is restarted #285

Conversation

mdebarros commented Sep 15, 2021 • edited Loading

mdebarros commented Sep 15, 2021 •

edited

Loading