fix(mojaloop/#3533): helm v15.2.0-rc fixes (#982)

fix(mojaloop/#3533): helm v15.2.0-rc fixes - mojaloop/project#3533

List of fixes:
- fix(mojaloop/#3580): missing toDestination on handling the fspiop source/destiation headers failing match validation on fulfil - regression on #2697 - v17.0.0...v17.2.0#diff-3a2d4aabbde0cd9517dd372f6ae6001ad607d005b5316785c8698fe25160aa92L393 - mojaloop/project#3580
    Fixes currently resolve regression failures on these tests:
        - p2p_money_transfer_put_notifications - payee receives no Notification with ABORTED status after sending invalid FSPIOP-Destination header with transferStatus=COMMITTED, file path: golden_path/bug fixes /Test for Bugfix #2697 - Central-Ledger Fulfil Handler does not correctly invalidate requests with an incorrect-non-existent FSP-ID in the FSPIOP-Destination header.json
        - p2p_money_transfer_patch_notifications - payee receives PATCH Notification with ABORTED status after sending invalid FSPIOP-Destination header with transferStatus=RESERVED, file path: golden_path/bug fixes/Test for Bugfix #2697 - Central-Ledger Fulfil Handler does not correctly invalidate requests with an incorrect-non-existent FSP-ID in the FSPIOP-Destination header.json

audit-ci.jsonc

@@ -4,26 +4,23 @@
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
   "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
-    // Currently no fixes available for the following
-    "GHSA-v88g-cgmw-v5xw",
-    "GHSA-mg85-8mv5-ffjr",
-    "GHSA-phwq-j96m-2c2q",
-    "GHSA-7hx8-2rxv-66xv",
-    "GHSA-282f-qqgm-c34q",
-    "GHSA-8cf7-32gw-wr33",
-    "GHSA-hjrf-2m68-5959",
-    // TODO: Upgrade jsonwebtoken in the central-services-shared lib --> https://github.com/mojaloop/project/issues/3097
-    "GHSA-qwph-4952-7xr6", // https://github.com/advisories/GHSA-qwph-4952-7xr6
-    // Knex dependency has been upgraded to v2.4x as advised by this advisory. Not sure why its still reporting it as an issue?
-    // TODO: Investigate as to why this is still being reported even though Knex was upgraded! :(
-    "GHSA-4jv9-3563-23j3", // https://github.com/advisories/GHSA-4jv9-3563-23j3
-    "GHSA-6vfc-qv3f-vr6c",
-    "GHSA-mjxr-4v3x-q3m4",
-    "GHSA-rjqq-98f6-6j3r",
-    "GHSA-g64q-3vg8-8f93",
-    "GHSA-5854-jvxx-2cg9",
-    "GHSA-2mvq-xp48-4c77",
-    "GHSA-w5p7-h5w8-2hfq",
-    "GHSA-p9pc-299p-vxgp"
+  "GHSA-67hx-6x53-jw92", // @babel/traverse
+  "GHSA-v88g-cgmw-v5xw", // widdershins>swagger2openapi>oas-validator>ajv
+  "GHSA-mg85-8mv5-ffjr", // hapi-auth-basic>hapi>ammo
+  "GHSA-phwq-j96m-2c2q", // @mojaloop/central-services-shared>shins>ejs
+  "GHSA-7hx8-2rxv-66xv", // hapi-auth-basic>hapi
+  "GHSA-282f-qqgm-c34q", // widdershins>swagger2openapi>better-ajv-errors>jsonpointer
+  "GHSA-8cf7-32gw-wr33", // @now-ims/hapi-now-auth>jsonwebtoken
+  "GHSA-hjrf-2m68-5959", // @now-ims/hapi-now-auth>jsonwebtoken
+  "GHSA-qwph-4952-7xr6", // @now-ims/hapi-now-auth>jsonwebtoken
+  "GHSA-6vfc-qv3f-vr6c", // widdershins>markdown-it
+  "GHSA-7fh5-64p2-3v2j", // @mojaloop/central-services-shared>shins>sanitize-html>postcss
+  "GHSA-mjxr-4v3x-q3m4", // @mojaloop/central-services-shared>shins>sanitize-html
+  "GHSA-rjqq-98f6-6j3r", // @mojaloop/central-services-shared>shins>sanitize-html
+  "GHSA-g64q-3vg8-8f93", // hapi-auth-basic>hapi>subtext
+  "GHSA-5854-jvxx-2cg9", // hapi-auth-basic>hapi>subtext
+  "GHSA-2mvq-xp48-4c77", // hapi-auth-basic>hapi>subtext
+  "GHSA-w5p7-h5w8-2hfq", // tap-spec>tap-out>trim
+  "GHSA-p9pc-299p-vxgp"  // widdershins>yargs>yargs-parser
   ]
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/central-ledger",
-  "version": "17.2.1",
+  "version": "17.3.0-snapshot.7",
   "description": "Central ledger hosted by a scheme to record and settle transfers",
   "license": "Apache-2.0",
   "author": "ModusBox",
@@ -100,8 +100,8 @@
     "ajv-keywords": "5.1.0",
     "base64url": "3.0.1",
     "blipp": "4.0.2",
-    "commander": "11.0.0",
-    "cron": "2.4.4",
+    "commander": "11.1.0",
+    "cron": "3.1.1",
     "decimal.js": "10.4.3",
     "docdash": "2.0.2",
     "event-stream": "4.0.1",
@@ -111,7 +111,7 @@
     "hapi-auth-bearer-token": "8.0.0",
     "hapi-swagger": "17.1.0",
     "ilp-packet": "2.2.0",
-    "knex": "2.5.1",
+    "knex": "3.0.1",
     "lodash": "4.17.21",
     "moment": "2.29.4",
     "mongo-uri-builder": "^4.0.0",
@@ -129,12 +129,12 @@
     "jsdoc": "4.0.2",
     "jsonpath": "1.1.1",
     "nodemon": "3.0.1",
-    "npm-check-updates": "16.14.4",
+    "npm-check-updates": "16.14.6",
     "nyc": "15.1.0",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",
     "replace": "^1.2.2",
-    "sinon": "16.0.0",
+    "sinon": "16.1.0",
     "standard": "17.1.0",
     "standard-version": "^9.5.0",
     "tap-spec": "^5.0.0",

src/handlers/timeouts/handler.js

@@ -176,7 +176,7 @@ const registerTimeoutHandler = async () => {
       await stop()
     }
 
-    timeoutJob = new CronJob({
+    timeoutJob = CronJob.from({
       cronTime: Config.HANDLERS_TIMEOUT_TIMEXP,
       onTick: timeout,
       start: false,

src/handlers/transfers/handler.js

@@ -390,7 +390,7 @@ const fulfil = async (error, messages) => {
       // Publish message to Position Handler
       // Key position abort with payer account id
       const payerAccount = await Participant.getAccountByNameAndCurrency(transfer.payerFsp, transfer.currency, Enum.Accounts.LedgerAccountType.POSITION)
-      await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, fspiopError: apiFSPIOPError, eventDetail, fromSwitch, messageKey: payerAccount.participantCurrencyId.toString() })
+      await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, fspiopError: apiFSPIOPError, eventDetail, fromSwitch, toDestination: transfer.payerFsp, messageKey: payerAccount.participantCurrencyId.toString() })
 
       /**
        * Send patch notification callback to original payee fsp if they asked for a a patch response.
@@ -420,7 +420,7 @@ const fulfil = async (error, messages) => {
           }
         }
         message.value.content.payload = reservedAbortedPayload
-        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail: reserveAbortedEventDetail, fromSwitch: true })
+        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail: reserveAbortedEventDetail, fromSwitch: true, toDestination: transfer.payeeFsp })
       }
 
       throw apiFSPIOPError
@@ -587,7 +587,7 @@ const fulfil = async (error, messages) => {
           }
         }
         message.value.content.payload = reservedAbortedPayload
-        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true })
+        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true, toDestination: transfer.payeeFsp })
       }
       throw fspiopError
     }
@@ -615,7 +615,7 @@ const fulfil = async (error, messages) => {
           transferState: TransferState.ABORTED
         }
         message.value.content.payload = reservedAbortedPayload
-        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true })
+        await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true, toDestination: transfer.payeeFsp })
       }
       throw fspiopError
     }