Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "[Snyk] Fix for 2 vulnerabilities" #388

Merged

Conversation

elnyry-sam-k
Copy link
Member

Reverts #386

@lewisdaly
Copy link
Contributor

Vuln check fails (of course), but we can fix that later.

@elnyry-sam-k elnyry-sam-k merged commit f9fe56e into master Jan 21, 2021
@elnyry-sam-k elnyry-sam-k deleted the revert-386-snyk-fix-fc0f47a92f1c7b18d208f29f962a71f6 branch January 21, 2021 13:30
gibaros added a commit that referenced this pull request Jan 22, 2021
* master:
  Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388)
  chore: fix broken links in readme (#387)
  fix: package.json & package-lock.json to reduce vulnerabilities (#386)
kleyow added a commit that referenced this pull request Feb 22, 2021
* Updated versions for error-handler, etc... (#342)

* Bugfix/send request span finishing before function completed (#352)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* Fix for bug: mojaloop/project#1412
Updated dependencies

* revert port change

* fixes for incorrect span used and fspiop error not set.
Fixes removed await for participants requests

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* Updated api_swagger.json as per version 1.1 of the FSPIOP spec and re… (#348)

* Updated api_swagger.json as per version 1.1 of the FSPIOP spec and removed unused type definitions

* Updated audit decisions

* Updated audit decisions

* Update src/interface/api_swagger.json

Co-authored-by: Sam <elnyry@users.noreply.github.com>

* Fixed references to type definitions in api_swagger

* Bumped version number to 10.4.0

Co-authored-by: Neal Donnan <neal.donnan@modusbox.com>
Co-authored-by: Sam <elnyry@users.noreply.github.com>

* Feature/validation for name place accents (#353)

* updated ALS to use new openapi-backend framework
updated dependencies
fix tests

* refactored to cater as per @lewisdaly suggestions

* Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly

* fix audit issues from central-services-health

* Updated python in Circle CI (#357)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* updated ALS to use new openapi-backend framework
updated dependencies
fix tests

* refactored to cater as per @lewisdaly suggestions

* Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly

* fix audit issues from central-services-health

* Changes:
	Updated python in circle CI

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* Updated dependencies for issue: mojaloop/project#1378 (#359)

* #1484: Update FSPIOP API version (#367)

* Update FSPIOP API version

* Resolve audit issues

* Update src/interface/admin_swagger.json

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* Feature/updated shared library to cater for delete (#368)

* updated dependencies, added the delete payyload fix

* Feature/updated openapi backend version (#369)

updated version of central-services-shared to cater for the fix in openapi-backend library

* updated shared lib version to allow configurable resource versions (#370)

* updated shared lib version to allow configurable resource versions

* added example .env for resource versions

Co-authored-by: Valentin <valentin.genev@modusbox.com>

* updated shared lib version (#371)

Co-authored-by: Valentin <valentin.genev@modusbox.com>

* Updating dependencies for new helm release (#373)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* updated dependencies and version for new helm release

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* feat(security): November security review (#374)

* chore(deps): update dependencies to latest versions

* chore(package): bump package to `11.1.3

* Fix /documentation and /swagger.json endpoints (#375)

* Replace wildcard routes with explicit routes and fix API documentation endpoints (#376)

* #1885: Update API documenation (#379)

* Update API documenattion

* Restore default configs

* Fix integration test.

* Fix audit

* Fix integration test config

* [Security] Bump node-notifier from 8.0.0 to 8.0.1 (#381)

Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.**
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

* chore: update license file (#377)

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* fix: package.json & package-lock.json to reduce vulnerabilities (#386)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-LODASH-590103

* chore: fix broken links in readme (#387)

* Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388)

This reverts commit 9eccdf5.

* Add codeowners for the core repo (#390)

* feat(ci/cd): add pr title check (#395)

* feat: allow multiple fsps per msisdn, instead of sending request for first party  (#385)

* MultipleDfspPerMsisdn: Instead of sending request for first party only, iterate partyList and send request for each party on the list. Also update dep and devDep versions minus central-service-health which breaks the unit tests

* feature/multipledfspspermsisdn: Bump versions to latest except central-services-health that if bumped to next version 11.0.0 breaks unit tests per mojaloop issue 1987

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* fix: proper status code for health check (#396)

* fix: Core handler services that have a dependency on central-services-database are not loading all tables on startup #816

fix for mojaloop/project#1888. Fix issue by changing all `Db.<table>.*` syntax function operations to `Db.from('<table>').*`. The issue was caused by the central-services-database Database class on Db.connect() loading all tables via an SQL request, and creating a Class property (`Db.<table>`) to reference the Table object. The issue here being that the query to fetch all the tables from the database does not return all tables (to be investigated in future).  `Db.from('<table>').*` ensures that the table object is created properly.

* chore: fix circleci

Co-authored-by: Adrian Enns <ennsak@gmail.com>
Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com>
Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>
Co-authored-by: ndonnan <neal.donnan@gmail.com>
Co-authored-by: Neal Donnan <neal.donnan@modusbox.com>
Co-authored-by: Sam <elnyry@users.noreply.github.com>
Co-authored-by: Steven Oderayi <oderayi@gmail.com>
Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>
Co-authored-by: Valentin Genev <vgenev@gmail.com>
Co-authored-by: Valentin <valentin.genev@modusbox.com>
Co-authored-by: Lewis Daly <lewis@vesselstech.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Snyk bot <github+bot@snyk.io>
Co-authored-by: Juan Correa <gibaros@users.noreply.github.com>
Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com>
Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com>
kleyow added a commit that referenced this pull request Feb 22, 2021
* Updated versions for error-handler, etc... (#342)

* Bugfix/send request span finishing before function completed (#352)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* Fix for bug: mojaloop/project#1412
Updated dependencies

* revert port change

* fixes for incorrect span used and fspiop error not set.
Fixes removed await for participants requests

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* Updated api_swagger.json as per version 1.1 of the FSPIOP spec and re… (#348)

* Updated api_swagger.json as per version 1.1 of the FSPIOP spec and removed unused type definitions

* Updated audit decisions

* Updated audit decisions

* Update src/interface/api_swagger.json

Co-authored-by: Sam <elnyry@users.noreply.github.com>

* Fixed references to type definitions in api_swagger

* Bumped version number to 10.4.0

Co-authored-by: Neal Donnan <neal.donnan@modusbox.com>
Co-authored-by: Sam <elnyry@users.noreply.github.com>

* Feature/validation for name place accents (#353)

* updated ALS to use new openapi-backend framework
updated dependencies
fix tests

* refactored to cater as per @lewisdaly suggestions

* Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly

* fix audit issues from central-services-health

* Updated python in Circle CI (#357)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* updated ALS to use new openapi-backend framework
updated dependencies
fix tests

* refactored to cater as per @lewisdaly suggestions

* Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly

* fix audit issues from central-services-health

* Changes:
	Updated python in circle CI

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* Updated dependencies for issue: mojaloop/project#1378 (#359)

* #1484: Update FSPIOP API version (#367)

* Update FSPIOP API version

* Resolve audit issues

* Update src/interface/admin_swagger.json

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* Feature/updated shared library to cater for delete (#368)

* updated dependencies, added the delete payyload fix

* Feature/updated openapi backend version (#369)

updated version of central-services-shared to cater for the fix in openapi-backend library

* updated shared lib version to allow configurable resource versions (#370)

* updated shared lib version to allow configurable resource versions

* added example .env for resource versions

Co-authored-by: Valentin <valentin.genev@modusbox.com>

* updated shared lib version (#371)

Co-authored-by: Valentin <valentin.genev@modusbox.com>

* Updating dependencies for new helm release (#373)

* Initial Commit.

* Upload domain/participant test.

* Upload domain/participant test.

* fixes for getParticipantsByTypeId test failing. now functioning properly
removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats

* Checking in testing code.

* removal of vscode config

* updated gitignore

* fixes for stubbing issues

* fix for bug mojaloop/project#797
Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file
Changed unique constraint on oracleEndpoint which is now working correctly

* fix for only retrieving default entries
return undefined for currency when it is not available

* fix for returning null for valid oracle lookup

* correct database port

* removal of isOracle for header validation

* fix for incorrect endpoint being requested for callback response

* updated with pre-commit to manage dependencies

* Updated versions of ALS dependencies and updated standard changes

* incorrect port for database being set

* updated dependencies and version for new helm release

Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>

* feat(security): November security review (#374)

* chore(deps): update dependencies to latest versions

* chore(package): bump package to `11.1.3

* Fix /documentation and /swagger.json endpoints (#375)

* Replace wildcard routes with explicit routes and fix API documentation endpoints (#376)

* #1885: Update API documenation (#379)

* Update API documenattion

* Restore default configs

* Fix integration test.

* Fix audit

* Fix integration test config

* [Security] Bump node-notifier from 8.0.0 to 8.0.1 (#381)

Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.**
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

* chore: update license file (#377)

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* fix: package.json & package-lock.json to reduce vulnerabilities (#386)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-LODASH-590103

* chore: fix broken links in readme (#387)

* Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388)

This reverts commit 9eccdf5.

* Add codeowners for the core repo (#390)

* feat(ci/cd): add pr title check (#395)

* feat: allow multiple fsps per msisdn, instead of sending request for first party  (#385)

* MultipleDfspPerMsisdn: Instead of sending request for first party only, iterate partyList and send request for each party on the list. Also update dep and devDep versions minus central-service-health which breaks the unit tests

* feature/multipledfspspermsisdn: Bump versions to latest except central-services-health that if bumped to next version 11.0.0 breaks unit tests per mojaloop issue 1987

Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>

* fix: proper status code for health check (#396)

* fix: Core handler services that have a dependency on central-services-database are not loading all tables on startup #816

fix for mojaloop/project#1888. Fix issue by changing all `Db.<table>.*` syntax function operations to `Db.from('<table>').*`. The issue was caused by the central-services-database Database class on Db.connect() loading all tables via an SQL request, and creating a Class property (`Db.<table>`) to reference the Table object. The issue here being that the query to fetch all the tables from the database does not return all tables (to be investigated in future).  `Db.from('<table>').*` ensures that the table object is created properly.

Co-authored-by: Adrian Enns <ennsak@gmail.com>
Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com>
Co-authored-by: Henk Kodde <henk.kodde@modusbox.com>
Co-authored-by: ndonnan <neal.donnan@gmail.com>
Co-authored-by: Neal Donnan <neal.donnan@modusbox.com>
Co-authored-by: Sam <elnyry@users.noreply.github.com>
Co-authored-by: Steven Oderayi <oderayi@gmail.com>
Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com>
Co-authored-by: Valentin Genev <vgenev@gmail.com>
Co-authored-by: Valentin <valentin.genev@modusbox.com>
Co-authored-by: Lewis Daly <lewis@vesselstech.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Snyk bot <github+bot@snyk.io>
Co-authored-by: Juan Correa <gibaros@users.noreply.github.com>
Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com>
Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants