chore: dependency and vulnerability updates pi26 (#513)

* chore: updated dependencies and vulnerabilities * chore: rm fixed vulnerability from allowlist * chore: rm vulnerability as ip is not used in repo
mojaloop · Dec 20, 2024 · 46d245a · 46d245a
1 parent 6287198
commit 46d245a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 42 deletions.
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -4,19 +4,6 @@
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
   "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
-    // Currently no fixes available for the following
-    "GHSA-2p57-rm9w-gvfp", // socks>ip
-    "GHSA-v88g-cgmw-v5xw",
-    "GHSA-phwq-j96m-2c2q",
-    "GHSA-282f-qqgm-c34q",
-    "GHSA-6vfc-qv3f-vr6c",
-    "GHSA-wc69-rhjr-hc9g",
-    "GHSA-g954-5hwp-pp24",
-    "GHSA-rjqq-98f6-6j3r",
-    "GHSA-mjxr-4v3x-q3m4",
-    "GHSA-qgmg-gppg-76g5",
-    "GHSA-p9pc-299p-vxgp",
-    "GHSA-8cf7-32gw-wr33",
     // The following issues are related to central-services-shared upgrade skip
     // Issue to resolve this: https://github.com/mojaloop/project/issues/3260
     "GHSA-hjrf-2m68-5959",
@@ -28,6 +15,12 @@
     "GHSA-rm97-x556-q36h", // https://github.com/advisories/GHSA-rm97-x556-q36h
     "GHSA-rv95-896h-c2vc", // https://github.com/advisories/GHSA-rv95-896h-c2vc
     "GHSA-3xgq-45jj-v275", // https://github.com/advisories/GHSA-3xgq-45jj-v275
-    "GHSA-rhx6-c78j-4q9w" // https://github.com/advisories/GHSA-rhx6-c78j-4q9w
+    "GHSA-rhx6-c78j-4q9w", // https://github.com/advisories/GHSA-rhx6-c78j-4q9w
+    "GHSA-mjxr-4v3x-q3m4", // https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
+    "GHSA-phwq-j96m-2c2q", // https://github.com/advisories/GHSA-phwq-j96m-2c2q
+    "GHSA-rjqq-98f6-6j3r", // https://github.com/advisories/GHSA-rjqq-98f6-6j3r
+    "GHSA-mwcw-c2x4-8c55", // https://github.com/advisories/GHSA-mwcw-c2x4-8c55
+    // The following issues are related to @mojaloop/event-sdk upgrade skip
+    "GHSA-g954-5hwp-pp24" // https://github.com/advisories/GHSA-g954-5hwp-pp24
   ]
 }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -93,9 +93,9 @@
     "@mojaloop/central-services-error-handling": "13.0.2",
     "@mojaloop/central-services-health": "15.0.0",
     "@mojaloop/central-services-logger": "11.5.1",
-    "@mojaloop/central-services-metrics": "12.4.1",
+    "@mojaloop/central-services-metrics": "12.4.2",
     "@mojaloop/central-services-shared": "18.7.1",
-    "@mojaloop/central-services-stream": "11.3.1",
+    "@mojaloop/central-services-stream": "11.4.1",
     "@mojaloop/database-lib": "11.0.6",
     "@mojaloop/event-sdk": "14.1.1",
     "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.1",
@@ -105,7 +105,7 @@
     "ajv-keywords": "5.1.0",
     "blipp": "4.0.2",
     "commander": "12.1.0",
-    "cron": "3.3.0",
+    "cron": "3.3.1",
     "fast-safe-stringify": "^2.1.1",
     "hapi-auth-bearer-token": "8.0.0",
     "joi": "17.13.3",
@@ -145,7 +145,8 @@
       "yargs-parser": "^21.1.1"
     },
     "jsonwebtoken": "9.0.0",
-    "jsonpointer": "5.0.0"
+    "jsonpointer": "5.0.0",
+    "validator": "13.7.0"
   },
   "devDependencies": {
     "@types/jest": "29.5.14",
@@ -159,7 +160,7 @@
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
     "jsdoc": "4.0.4",
-    "nodemon": "3.1.7",
+    "nodemon": "3.1.9",
     "npm-check-updates": "17.1.11",
     "nyc": "17.1.0",
     "pre-commit": "1.2.2",