feat(mojaloop/#3984): update ci, deps and audit

.circleci/config.yml

@@ -142,7 +142,7 @@ executors:
       BASH_ENV: /etc/profile ## Ref: https://circleci.com/docs/env-vars/#alpine-linux
       NVM_ARCH_UNOFFICIAL_OVERRIDE: x64-musl ## Ref: https://github.com/nvm-sh/nvm/issues/1102#issuecomment-550572252
     docker:
-      - image: node:lts-alpine # Ref: https://hub.docker.com/_/node?tab=tags&page=1&name=alpine
+      - image: node:18.20.3-alpine3.19 # Ref: https://hub.docker.com/_/node/tags?name=18.20.3-alpine3.19
 
   default-machine:
     working_directory: *WORKING_DIR
@@ -421,8 +421,8 @@ jobs:
           name: Build Docker local image
           command: |
             source ~/.profile
-            export DOCKER_NODE_VERSION="$NVMRC_VERSION-alpine"
-            echo "export DOCKER_NODE_VERSION=$NVMRC_VERSION-alpine" >> $BASH_ENV
+            export DOCKER_NODE_VERSION="$NVMRC_VERSION-alpine3.19"
+            echo "export DOCKER_NODE_VERSION=$NVMRC_VERSION-alpine3.19" >> $BASH_ENV
             echo "Building Docker image: ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION"
             docker build -t ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION .
       - run:
@@ -432,7 +432,7 @@ jobs:
           root: /tmp
           paths:
             - ./docker-image.tar
-  
+
   license-scan:
     executor: default-machine
     environment:
@@ -501,14 +501,14 @@ jobs:
       - run:
           name: Pull base image locally
           command: |
-            echo "Pulling docker image: node:$NVMRC_VERSION-alpine"
-            docker pull node:$NVMRC_VERSION-alpine
+            echo "Pulling docker image: node:$NVMRC_VERSION-alpine3.19"
+            docker pull node:$NVMRC_VERSION-alpine3.19
       ## Analyze the base and derived image
       ## Note: It seems images are scanned in parallel, so preloading the base image result doesn't give us any real performance gain
       - anchore/analyze_local_image:
           # Force the older version, version 0.7.0 was just published, and is broken
           anchore_version: v0.6.1
-          image_name: "docker.io/node:${NVMRC_VERSION}-alpine ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local"
+          image_name: "docker.io/node:${NVMRC_VERSION}-alpine3.19 ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local"
           policy_failure: false
           timeout: '500'
           # Note: if the generated policy is invalid, this will fallback to the default policy, which we don't want!
@@ -521,7 +521,7 @@ jobs:
             aws s3 cp anchore-reports ${AWS_S3_DIR_ANCHORE_REPORTS}/latest/ --recursive
       - run:
           name: Evaluate failures
-          command: /tmp/ci-config/container-scanning/anchore-result-diff.js anchore-reports/node_${NVMRC_VERSION}-alpine-policy.json anchore-reports/${CIRCLE_PROJECT_REPONAME}*-policy.json
+          command: /tmp/ci-config/container-scanning/anchore-result-diff.js anchore-reports/node_${NVMRC_VERSION}-alpine3.19-policy.json anchore-reports/${CIRCLE_PROJECT_REPONAME}*-policy.json
       - store_artifacts:
           path: anchore-reports
       - slack/notify:
@@ -606,7 +606,7 @@ jobs:
       - slack/notify:
           event: fail
           template: SLACK_TEMP_RELEASE_FAILURE
-  
+
   publish-docker:
     executor: default-machine
     shell: "/bin/bash -eo pipefail"
@@ -635,7 +635,7 @@ jobs:
           at: /tmp
       - run:
           name: Load the pre-built docker image from workspace
-          command: | 
+          command: |
             docker load -i /tmp/docker-image.tar
       - run:
           name: Login to Docker Hub
@@ -939,4 +939,4 @@ workflows:
               only: /v[0-9]+(\.[0-9]+)*\-snapshot+((\.[0-9]+)?)/
             branches:
               ignore:
-                - /.*/
+                - /.*/

.ncurc.js

@@ -10,6 +10,11 @@ module.exports = {
     'sqlite3',
     // Upgrading fido2-lib past @2.8.3 seems to break tests with error message
     // `error parsing ASN.1`. Investigation needed.
-    'fido2-lib'
+    'fido2-lib',
+    // upgrading eslint beyond v8.56.0 causes peer dependency conflict with @typescript-eslint/parser and @typescript-eslint/eslint-plugin
+    // can be upgrade when the dependent packages are updated
+    "eslint",
+    // @hapi/hapi past v21.3.2 introduces some type export errors
+    "@hapi/hapi"
   ]
 }

.nvmrc

@@ -1,2 +1 @@
-18.17.1
-
+18.20.3

audit-ci.jsonc

@@ -23,6 +23,11 @@
     "GHSA-qq89-hq3f-393p", // https://github.com/advisories/GHSA-qq89-hq3f-393p
     "GHSA-72xf-g2v4-qvf3", // https://github.com/advisories/GHSA-72xf-g2v4-qvf3
     "GHSA-p9pc-299p-vxgp", // https://github.com/advisories/GHSA-p9pc-299p-vxgp
-    "GHSA-7fh5-64p2-3v2j"  // https://github.com/advisories/GHSA-7fh5-64p2-3v2j
+    "GHSA-7fh5-64p2-3v2j", // https://github.com/advisories/GHSA-7fh5-64p2-3v2j
+    "GHSA-2p57-rm9w-gvfp", // https://github.com/advisories/GHSA-2p57-rm9w-gvfp
+    "GHSA-cgfm-xwp7-2cvr", // https://github.com/advisories/GHSA-cgfm-xwp7-2cvr
+    "GHSA-f5x3-32g6-xq36", // https://github.com/advisories/GHSA-f5x3-32g6-xq36
+    "GHSA-ghr5-ch3p-vcr6", // https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
+    "GHSA-rm97-x556-q36h"  // https://github.com/advisories/GHSA-rm97-x556-q36h
   ]
-}
+}