ExtensionList missing when unsupported version requested for services #1378
Assignees
Labels
oss-core
This is an issue - story or epic related to a feature on a Mojaloop core service or related to it
Milestone
Comments
|
@amarmodus @elnyry-sam-k |
|
@aenns - these have to set in a central place somewhere, sort of like sdk-standard-components. The valid values right now are "1.0" (key-1, value-0) and "1.1"(key-1, value-1); These represent the versions of the FSPIOP Spec that are supported by an implementation.. (Currently we have v1.1 and v1.0 supported, though v1.1 is still in progress, one issue is left) |
|
@elnyry-sam-k if (!supportedProtocolVersions.includes(contentType.version)) { The supported versions are hard-coded in a variable (in the central-services-shared project) and currently only support "1" and "1.0". So, if we tried a request with a different version (such as "1.1"), it will throw this error (unless I'm looking in the wrong place, but I tested this as well with "1.1" and it caused the error to occur). My question here is whether I add "1.1" to the supported versions, or I leave it as is, and DO NOT include "1.1" in the extension list? |
|
@aenns - since we're now making changes for v1.1 I think we can go ahead and make that change.. With our next helm release we'll have the changes for v1.1; Also are you seeing the error message something like this, right now? |
aenns
added a commit
to aenns/central-services-shared
that referenced
this issue
Jun 16, 2020
aenns
added a commit
to mojaloop/central-services-shared
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/central-event-processor
that referenced
this issue
Jun 17, 2020
* Updates for issue: mojaloop/project#1378 * Updated scripts in package.json
aenns
added a commit
to aenns/account-lookup-service
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/account-lookup-service
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to aenns/central-ledger
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/central-ledger
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to aenns/ml-api-adapter
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/ml-api-adapter
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to aenns/quoting-service
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to aenns/simulator
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/quoting-service
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/simulator
that referenced
this issue
Jun 17, 2020
aenns
added a commit
to mojaloop/central-settlement
that referenced
this issue
Jun 17, 2020
This was referenced Jun 22, 2020
eoln
added a commit
to mojaloop/ml-api-adapter
that referenced
this issue
Jul 1, 2020
* Hotfix/get transfer jws (#434) * fixed JWS issue with GET transfers * fix python circleci issue * fix python circleci issue Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Changes for bug 1408 (#435) * Bugfix/#1381 notification bug (#436) * Fix notification bug * Update unit tests * Update version * Add timeout-reserved notification handler * Update deps & version to 10.4.0 * Update packages. Remove unnecessary code * Remove payee notification for timeout-received. Update dependencies * Hotfix - jws not signed for fulfil duplicate notification (#437) * fulfil dup not signed fix * cleanup Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Fix audit vulnerabilities (#440) * fulfil dup not signed fix * cleanup * resolve audit failures Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Fix the circle ci python issue (#441) * fulfil dup not signed fix * cleanup * resolve audit failures * fix circle ci config * fix circle ci config * fix circle ci config Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Added a condition to check from and to fspids while sending notification to payee (#442) * Changes for issue: mojaloop/project#1378 (#443) * Feature/#1334 patch request notif (#444) * updated central-services-shared and event-sdk versions to support custom tags in the tracestate header * added tests fixed condition for reserve functionality that was braking the integration tests. added unit tests Co-authored-by: Valentin <valentin.genev@modusbox.com> * Feature/#1334 patch request notif 2 (#445) * updated central-services-shared and event-sdk versions to support custom tags in the tracestate header * added tests * fixed condition for reserve functionality that was braking the integration tests. added unit tests * added headerValidation plugin * fixed function tests Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com>
eoln
added a commit
to mojaloop/central-ledger
that referenced
this issue
Jul 7, 2020
* fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * chore(package): update contributors list & deps * chore: audit & deps update Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com>
kleyow
added a commit
to mojaloop/account-lookup-service
that referenced
this issue
Feb 22, 2021
* Updated versions for error-handler, etc... (#342) * Bugfix/send request span finishing before function completed (#352) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * Fix for bug: mojaloop/project#1412 Updated dependencies * revert port change * fixes for incorrect span used and fspiop error not set. Fixes removed await for participants requests Co-authored-by: Henk Kodde <henk.kodde@modusbox.com> * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and re… (#348) * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and removed unused type definitions * Updated audit decisions * Updated audit decisions * Update src/interface/api_swagger.json Co-authored-by: Sam <elnyry@users.noreply.github.com> * Fixed references to type definitions in api_swagger * Bumped version number to 10.4.0 Co-authored-by: Neal Donnan <neal.donnan@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> * Feature/validation for name place accents (#353) * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Updated python in Circle CI (#357) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Changes: Updated python in circle CI Co-authored-by: Henk Kodde <henk.kodde@modusbox.com> * Updated dependencies for issue: mojaloop/project#1378 (#359) * #1484: Update FSPIOP API version (#367) * Update FSPIOP API version * Resolve audit issues * Update src/interface/admin_swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Feature/updated shared library to cater for delete (#368) * updated dependencies, added the delete payyload fix * Feature/updated openapi backend version (#369) updated version of central-services-shared to cater for the fix in openapi-backend library * updated shared lib version to allow configurable resource versions (#370) * updated shared lib version to allow configurable resource versions * added example .env for resource versions Co-authored-by: Valentin <valentin.genev@modusbox.com> * updated shared lib version (#371) Co-authored-by: Valentin <valentin.genev@modusbox.com> * Updating dependencies for new helm release (#373) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated dependencies and version for new helm release Co-authored-by: Henk Kodde <henk.kodde@modusbox.com> * feat(security): November security review (#374) * chore(deps): update dependencies to latest versions * chore(package): bump package to `11.1.3 * Fix /documentation and /swagger.json endpoints (#375) * Replace wildcard routes with explicit routes and fix API documentation endpoints (#376) * #1885: Update API documenation (#379) * Update API documenattion * Restore default configs * Fix integration test. * Fix audit * Fix integration test config * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (#381) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: update license file (#377) Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#386) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 * chore: fix broken links in readme (#387) * Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388) This reverts commit 9eccdf5. * Add codeowners for the core repo (#390) * feat(ci/cd): add pr title check (#395) * feat: allow multiple fsps per msisdn, instead of sending request for first party (#385) * MultipleDfspPerMsisdn: Instead of sending request for first party only, iterate partyList and send request for each party on the list. Also update dep and devDep versions minus central-service-health which breaks the unit tests * feature/multipledfspspermsisdn: Bump versions to latest except central-services-health that if bumped to next version 11.0.0 breaks unit tests per mojaloop issue 1987 Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix: proper status code for health check (#396) * fix: Core handler services that have a dependency on central-services-database are not loading all tables on startup #816 fix for mojaloop/project#1888. Fix issue by changing all `Db.<table>.*` syntax function operations to `Db.from('<table>').*`. The issue was caused by the central-services-database Database class on Db.connect() loading all tables via an SQL request, and creating a Class property (`Db.<table>`) to reference the Table object. The issue here being that the query to fetch all the tables from the database does not return all tables (to be investigated in future). `Db.from('<table>').*` ensures that the table object is created properly. Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: Henk Kodde <henk.kodde@modusbox.com> Co-authored-by: ndonnan <neal.donnan@gmail.com> Co-authored-by: Neal Donnan <neal.donnan@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <github+bot@snyk.io> Co-authored-by: Juan Correa <gibaros@users.noreply.github.com> Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com>
ggrg
pushed a commit
to ggrg/central-ledger
that referenced
this issue
Mar 6, 2021
shashi165
added a commit
to shashi165/quoting-service
that referenced
this issue
Oct 13, 2021
* Issue934-FixSetEnvVarRCAsBooleanInsteadOfString (mojaloop#81) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * Issue934-JestUnitTestChangeUpdate * WIP * mockConfig done * Issue934-AddParseStringInObjectDependencyAndUpdateDeps * Issue934-UpdatePackageVersionTo8dot4dot1-snapshotAndUpdateDependencies * bugfix/1066 Remove Put Accept Header (mojaloop#86) - Added noAccept parameter - Upgraded dependencies * More unit tests and some code cleanup (mojaloop#87) * Tests converted to Jest * Added rules engine jsonpath dynamic fact * Updated rules engine API. Added jsonpath package to dependencies. Added rules engine tests. Added Jest config. Added example rules.json. * Updated hapi/subtext to patch vulnerability * Updated example rules and corresponding tests to reflect real form of payer and payee * Added switch endpoint to config to obtain payer and payee information for rules engine. Stubbed validateQuoteRequest method in relevant tests. Running rules engine in validateQuoteRequest (but not doing anything with the results yet). * Tests converted to Jest * Replaced coverage-check script. Added coverage threshold to jest config. Removed Istanbul config. * Uninstalled and reinstalled jest to fix vulnerability * Added junit + config. Added test:junit npm script. Modified circle config to call junit script. Added test results directory to gitignore. * Modified example rules and corresponding tests to better reflect actual payer and payee facts * Updated redirect address to redirect fsp. Made the linter happy. Added rule execution and event handling. Removed empty quote validation, replaced with rules engine execution. Removed redundant setImmediate. New test for INVALID_QUOTE_REQUEST event. Expanded INVALID_QUOTE_REQUEST unit tests. * Manual merge from upstream * Integrated properly the new `model/rules.js` into `model/quotes.js` and updated the `quotes.tests.js` accordingly. * Simplified block of code that was unnecessarily using `map`. * Forwarding event-handler-modified quote request and headers instead of originals * Fixed tests by poorly mocking handleRuleEvents on the quotes model * Cleaned a little bit the result of `handleRuleEvents`; Updated unit tests in order to pass according to latest code changes. * Deduplicated the functionality of request sending * Removed `setImmediate` from all places that it was used. * Use `CreateInternalServerFSPIOPError` instead of `CreateFSPIOPError` * fixed the name of rules.json * rename file rules.example.json * Refactored existing unit tests in order to make them cleaner and avoid duplication; Added more unit tests for `handleQuoteRequest` to cover all possible paths. * Refactored `handleQuoteRequest` to make it more readable and avoid duplication; Cleaned some minor parts of the whole `quotes.js` file. * Resolved issue with merge * Added unit tests for `quotesModel.handleRuleEvents` * Minor update to behaviour and corresponding test update. Minor test change. * Lint fix * Added unit tests for `quotesModel.executeRules` * Added more unit tests to `quotesModel.executeRules` to cover rejected promises of `axios.request` * Minor refactoring on the unit tests of `RulesEngine` to use `describe` blocks and `it()` instead of `test()` for consistency. * Added missing dependency that got removed after merging. * Updated quotes model unit tests to match the new implementation of config.js * Updated comments in codebase. * Removed ``^` sign from dependency in package.json * Bump npm-check-updates from 3.2.1 to 3.2.2 (mojaloop#88) Bumps [npm-check-updates](https://github.com/tjunnone/npm-check-updates) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/tjunnone/npm-check-updates/releases) - [Commits](raineorshine/npm-check-updates@v3.2.1...v3.2.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump eslint from 6.6.0 to 6.7.1 (mojaloop#89) Bumps [eslint](https://github.com/eslint/eslint) from 6.6.0 to 6.7.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v6.6.0...v6.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * bugfix/1079 Extensions Longer Than 128 Chars (mojaloop#90) - truncateExtension config - fix issues with standardJS * Dissasociated unit tests from the actual contents of file `config/rules.json`; (mojaloop#92) Added a `rules.example.json` file. * bugfix/1085 Quote to Inactive Fsp (mojaloop#91) - Proper generate request headers when from switch * mowdev-3411 * added more rules * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * added more rules and tests * test discard * test discard * test discard * updated dependencies (mojaloop#105) * stripe off accept header for PUT requests * added package-lock.json * Feature/1003 add container scans (mojaloop#103) * Add anchore image scanning, update circleci config * Fix config.yml validity issues * Bump package version, ensure latest deps are installed * Feature/1047 improve test coverage (mojaloop#108) * Add unit tests to bring coverage up to 90%+ remove redundant nyc config Set up dir structure for tests Set up dir structure for tests Add inspect util for ease of testing working on quotes error test Add istanbul ignore comments for mockgen only files working on health check mocks Working on config mocks Add bulk quotes not implemented tests Working on health check tests Working on health check tests remove unused comments working on quotes test working on config default tests working on utils tests working on utils tests find and replace all stack inspection find and replace all stack inspection Working on quote tests Move http into its own library for ease of mocking Move http into its own library for ease of mocking fix existing tests once mocking out http add tests for handleException add tests for handleException add tests for handleException finish getting model testing up to scratch fix missing conditions on rule engine tests Add tests for http refactor start script to improve tests work on server testing working on database mocking working on knex mocks working on knex mocks working on knex mocks working on knex mocks working on knex mocks replace err.stack || util.inspect(err) with getStackOrInspect work on quite tests work on quite tests finish work on cachedDatabase update dependencies, bump package version to 8.7.0 * remove unneeded test files * run standard --fix * bump package version to 8.7.1-snapshot * bump package version to 8.7.2-snapshot * added more rules * fixed the package.json version * fixed version number * fixed the Object.assign * removed rules.json * update package-lock.json * Attempt cache refresh * Replace audit:check with audit * Debug with verbose audit * Skip vulnerability check because of network errors * Skip vuln check step * downgrade helm version * #1147 - Update dependencies (mojaloop#118) * Update sinon * Bump version to 8.8.0 * temp logging * renamed switchEndpoint to a better name * removed config from dockerfile * Fix for #1169 - GET /quotes for malformed ID error response is 1001 instead of 3xxx (mojaloop#125) * Add quote ID validation in swagger.json * Update dependencies and fix unit test * Fix version * Added synchronous responses for rules engine invalid quote errors (mojaloop#127) * Added synchronous responses for rules engine invalid quote errors * Corrected import * Corrected error variable name * Moved response handling out of model, into handlers * Fixed tests * added error code * added swagger changes * Bugfix/1172empty quote values (mojaloop#128) * Added minLength of 1 for quoteId and transactionId for post quotes * Added a comment to remove the minLength property from quoteId and transactionId once the enjoi library has been fixed. * Upgrading version to v8.8.0-snapshot (mojaloop#129) * Upgrading version to v8.8.0-snapshot and now we have test coverage >90% * Feature/1157 anchore report summary (mojaloop#132) * Add anchore summary report upload * fix missing aws credentials * Update dependencies (mojaloop#133) * added error handling when there are no active accounts * added error handling when there are no active accounts * added error handling when there are no active accounts * 893-UpdateRegexToValidateIncomingErrorCodeAtEndpointCallbackAndUpdateDependencies (mojaloop#113) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * WIP * mockConfig done * 893-AddSwaggerValidationForIncomingErrorCodePlusUnitTestChangeAndUpdateDependencies * Fix unit test, update dependencies plus Merge remote-tracking branch 'origin/893-ValidateIncomingErrorCodeAtErroCallbackEndpoint' into 893-ValidateIncomingErrorCodeAtErroCallbackEndpoint Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> * fixed error responses sync and async * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * removed fspiop-uri header * removed fspiop-signature header * added one more error code to sync errors * added more error handling * Fix for #1173 - GET /quotes for unknown quote ID error response is 1001 instead of 3205 (mojaloop#139) * Bump version to 9.0.0-snapshot * Fix response codes for PUT /quotes/{id} and PUT /quotes/{id}/error from 202 to 200 * Update dependencies. Freeze json-rules-engine due to breaking changes * Bump version to 9.1.0 * Remove hard-coded response codes in test * Return error 3000 - Generic client error and not 1001 on 404 errors * Update dependencies * Fix span bug * Update cs-shared * Upgrade to Node 12.16.0 LTS version (mojaloop#150) - Updated CircleCI and Docker scripts to use Node 12.16.0 LTS version. - Updated dependencies * Added updated Mojaloop license (mojaloop#151) * Added updated Mojaloop license (mojaloop#152) * Hotfix: Fix startup failure error (mojaloop#153) * Lock hapi version * Resolve audit issue, temporarily * Fix/1107 circleci deploy (mojaloop#154) * remove sensitive notes * resolve npm audit issues * temp disable some cicd steps for speed up tests * fix missing aws config * Add parameters into orb config * Updating deploy config * helm deploy fixes * temporarily disable the coverage checks * replace inline deployment orb with orb reference * update deploy orb to v0.1.1 * removing duplicate configs * working on helm config * bump orb version to 0.1.4 * Working on executor config * Working on executor config * fix helm set values * more work on helm set values * more work on helm set values * Reenable skipped ci steps * bump package version to 9.2.2-snapshot, add hapi to the audit fix * Fixed /quote/\{id\}/error destination (mojaloop#156) * Updated package version (mojaloop#157) * Updated package version * Updated dependencies (mojaloop#158) * updated to newly released version of event-sdk * updated dependencies and version * Feature/updating dependencies (mojaloop#159) * updated to newly released version of event-sdk * updated dependencies and version * updated dependencies * #1178: Bug fixes for POST /quotes with unknown destination FSP (mojaloop#160) * Validate that FSP Ids in headers and payload match for both payerfsp and payeefsp * Hotfix: Revert #1178 changes (mojaloop#161) * Revert #1178 changes. Update depenedencies. Bump version * Undo version bump * Bugfix/restore handle quote error headers (mojaloop#168) * Modified `forwardQuoteUpdate` so it handles special cases where it doesn't need to modify/set the headers. * Bumped to 9.3.4-snapshot; Added myself to the hall of fame. * Updated unit tests. * Changed bumped version to 9.4.0 to cope with the current versioning status. * Changed the places where the sendErrorCallback is called with `true` flag. * run `npm run audit:resolve` and skipped for a week. * Do not modify headers in case they are only being relayed to another DFSP. * Do not delete `FSPIOP-Signature` header unless if `modifyHeaders` is `true`. * Store extensionLists for quote requests and responses. (mojaloop#184) * store extension list items for quote requests and responses * Adding unit test coverage for quote request and response extensionList saving to database * postpone audit failures * attempt to resolve further audit issues * Delete package-lock.json * another attempt to resolve audit issues * Bump package version * Proposed code changes for extensionLists PR (mojaloop#185) * Proposed code changes for extensionLists PR * Lint Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Feature/otc 218 enhance post quote partyIdInfo with extension list (mojaloop#190) * Added the extension list under the partyidinfo obj * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info Updated dependencies Postponed audit issue * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info * Add custom mojaloop policy for evaluating anchore-cli scans (mojaloop#192) * Update dependencies (mojaloop#200) * Update dependencies * Temporarily resolve audit issues * Hotfix for docker image to support async logging (mojaloop#202) - Added async logging support to DockerFile - Updated dependencies for Jest - Fixed vulnerability issues - Bumped version to v10.1.1 * Merged `master` into this branch. * added JWS support for switch generated msg (mojaloop#203) * added JWS support for switch generated msg * added unit tests * added coverage tests * fix audit issues * removed un-necessary header fix * added a valid default private key * added a default private key * not modify request in jwsSigner * fixed the version issue * bumped up the version * bumped up the version Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * fixed the bug with createQuoteExtensions * Fixed the arguments passed to `createQuoteExtensions`. (mojaloop#213) * Fixed the arguments passed to `createQuoteExtensions`. * Updated expected error message in unit test. * fixed issue with createQuoteExtension * Fixed issue with `createQuoteExtension` (mojaloop#214) * Revert change of the error message as it breaks tests. * Updated versions for error-handler, etc... (mojaloop#218) * Change CI/CD notifications to their own slack channel, bump package to 10.3.1 (mojaloop#219) * Fix DB transaction leaks. Update unit tests (mojaloop#220) - Fixed DB transaction/connection leaks - Updated unit tests - Bumped version * Feature/validation for name place accents (mojaloop#221) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Updated python in Circle CI (mojaloop#222) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Changes: Updated python in circle CI * Updated dependencies and version for issue: mojaloop/project#1378 (mojaloop#223) * Aligned an error message with the master branch to match Postman test's assertions. * Fixed some npm vulnerabilities and skipped the rest. * Updated circle CI config according to master branch. * Removed `quoteId` from error log message as it causes error due its exceeding length. * Removed `quoteId` from error log message as it causes error due its exceeding length. (mojaloop#224) * fixed error message * Bugfix/1385 fix post quotes header (mojaloop#225) * updated to newly released version of event-sdk * updated dependencies and version * updated to remove accept header from PUT quotes callback * fix error message (mojaloop#226) * fix error message * fix error message Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Bugfix/fix participant lookup to use currency (mojaloop#227) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * Bugfix/fix participant lookup to use currency (mojaloop#228) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * Bugfix/fix participant lookup to use currency (mojaloop#230) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * updated the order the sql is run in, seems to give and issue during testing * Bugfix/fix participant lookup to use currency (mojaloop#231) Fix for createPartyQuote not passing all values to getParticipant * Feature/1468 support for bulk quotes post passthrough (mojaloop#233) * updated to newly released version of event-sdk * updated dependencies and version * added support for bulk quotes post functionality updated dependencies to fix audit issues * added put, and get functionality for bulk quotes * Fix log text * added the put bulkQuotes error endpoint * updated according to stevens comments * removed unnecessary await * removed the await * awaits need to be there for audits * fixes for error handling according to @oderayi to handle exceptions in model instead of throwing it up to handler * #1484: Update FSPIOP API version (mojaloop#235) * Update FSPIOP API version * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Update API description * Attempt to fix 'jest not found' error in circleci * Attempt to fix 'jest not found' error in circleci * Lock version update for jest and jest-unit, restore npm scripts * Update jest and jest-junit * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version in attempt to bypass ci bug with caches Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Add ISO test currencies (XTS, XXX) (mojaloop#238) * Add ISO test currencies * Bump package version * added test currencies * resolve audit issues * fix audit issues * fix audit issues * Convert handlers to async, update deps, and bump version (mojaloop#239) * Feature/#1615 content headers (mojaloop#240) * added support for resource versions * updated dependencies Co-authored-by: Valentin <valentin.genev@modusbox.com> * fixed resource api version to be changed only if message originates from the switch (mojaloop#241) Co-authored-by: Valentin <valentin.genev@modusbox.com> * updated dependencies and removed old audit records (mojaloop#243) * Updated to cater for spans finishing early (mojaloop#244) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * fixes (mojaloop#245) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * needed to handle error in the model as the handler has already processed * #1456: Feature/docker config fixes (mojaloop#247) * Update docker configs with master, bump patch version, update dependencies, and fix linting errors with Standard * Update tests * Clean up * Clean up * validate dfsps in payload for simple routing mode (mojaloop#248) * #1875: Replace wildcard routes with explicit routes. (mojaloop#249) * Replace wildcard routes with explicit routes. Add hapi-swagger for API documentation (swagger). Update dependencies. Bump patch version * Fix dependencies * chore: update license file (mojaloop#251) * #1885: Add API documentation library (mojaloop#250) * Add API documentation endpoints * Update dependencies * Resolve audit * Force update event-stream (Widdershins dep) due to license audit issues * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (mojaloop#252) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump axios from 0.21.0 to 0.21.1 (mojaloop#255) Bumps [axios](https://github.com/axios/axios) from 0.21.0 to 0.21.1. **This update includes a security fix.** - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md) - [Commits](axios/axios@v0.21.0...v0.21.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump urijs from 1.19.2 to 1.19.5 (mojaloop#254) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.2 to 1.19.5. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.2...v1.19.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * feat(ci/cd): add pr title check (mojaloop#256) * chore: adding codeowners file (mojaloop#257) * chore: maintenance upgrades, audit check resolve update (mojaloop#258) * chore: adding codeowners file * chore: maintenance upgrades, audit check resolve update * fix(headers)!: made fspiop-destination header mandatory (mojaloop#259) * fix(headers) ! :made fspiop-destination header mandatory * added unit test * added unit test * [Security] Bump urijs from 1.19.5 to 1.19.6 (mojaloop#260) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.6. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.5...v1.19.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * fix(security): Bump y18n from 3.2.1 to 3.2.2 (mojaloop#261) Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.** - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix(security): Bump djv from 2.1.2 to 2.1.4 (mojaloop#263) Bumps [djv](https://github.com/korzio/djv) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/korzio/djv/releases) - [Changelog](https://github.com/korzio/djv/blob/master/CHANGELOG.md) - [Commits](https://github.com/korzio/djv/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: #2103 fix subid functionality in POST quotes request (mojaloop#264) * Fixed issue with subId * Bumped up the version and postponed the audits * Fixed unit test * Update src/data/database.js Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> * feat(#2119): fixes for updated for AJV error objects change (mojaloop#265) - Including new release of Central-services-error-handling: https://github.com/mojaloop/central-services-error-handling/releases/tag/v11.2.0 - Upgraded dependencies - Added AJV as it was a "peer dependency" - Bump to version - Updated audit-resolve for known security issue * fix(#2182): regex validations against swagger interface spec no longer working (mojaloop#267) - Updated central-services-shared dependency - Bump to version - Audit-resolve issues * fix: helm release v12.1.0 (mojaloop#269) - Updated dependencies - Bump to patch level - Standardised npm lint script - Fixes for audit issues * [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (mojaloop#266) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: helm release v12.1.0 (mojaloop#270) - updated missing dependency updates due to ncurc - 'allow.auto.create.topics=true' had been added to Kafka Consumer configs. This will enable Kafka Consumers to trigger auto creation of topics, ref: https://github.com/edenhill/librdkafka/releases/tag/v1.5.0. * fix(mojaloop/project#2246): updated dependency version (mojaloop#272) -Bumped Version -Fixed pre-commit task, misspelling Co-authored-by: JoNel <Johann.nel@sybrin.co.za> * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings (mojaloop#278) * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings [#2358](mojaloop/project#2358) - Updated regex to match [\w](https://unicode.org/reports/tr18/#word) (used by the [Mojaloop Specification](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/fspiop-v1.1-openapi3.yaml#L2347)) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification. - Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName - Bump to patch version - Updated dependencies to the latest version - Fixed audit-resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week * chore(#864): change instanbul to nyc for coverage on all projects (mojaloop#279) chore(#864): change instanbul to nyc for coverage on all projects - removed .ncurc.yml as code-coverage is configured in the jest.config.js - fixes for audit resolve ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point * fix(mojaloop/#2439): quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (mojaloop#280) fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE - added typesafe checks for validate quote request logic - added devspace patterns to gitignore - minor formatting of the serverStart unit tests for clarity - updated dependencies to latest version - added circleci config for automated releases - added standard-version dependency for automated releases - fixed audit resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point * fix: updated circleci config to use the SHA1 hash of the last commit of the current build (mojaloop#281) * chore(release): 12.0.8 [skip ci] * fix: circleci slack webhook typo fix (mojaloop#282) * fixes for CI-CD typo image-scan failure on slack webhook * chore(release): 12.0.9 [skip ci] * chore: updated readme with automated-releases, potential-problems and additional-notes placeholder (mojaloop#283) * updated readme with Automated Releases, Potential Problems and Additional Notes placeholder * fixed markdown lint issues for readme * chore(release): 12.0.10 [skip ci] * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * Fixed the tests * changed the way we add headers * refactoring * refactoring * removed the hardcoded headers * removed the hardcoded headers * updated README * fixed swagger * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes Co-authored-by: Juan Correa <gibaros@users.noreply.github.com> Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Vassilis Barzokas <vassilis.barzokas@modusbox.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: shashi165 <shashikant.hirugade@softwaregroup.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: ndonnan <neal.donnan@gmail.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Miguel de Barros <miguel@debarros.me> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: Johann Nel <29751181+JohannWNel@users.noreply.github.com> Co-authored-by: JoNel <Johann.nel@sybrin.co.za> Co-authored-by: mojaloopci <info@mojaloop.io>
shashi165
added a commit
to shashi165/quoting-service
that referenced
this issue
Oct 13, 2021
* Issue934-FixSetEnvVarRCAsBooleanInsteadOfString (mojaloop#81) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * Issue934-JestUnitTestChangeUpdate * WIP * mockConfig done * Issue934-AddParseStringInObjectDependencyAndUpdateDeps * Issue934-UpdatePackageVersionTo8dot4dot1-snapshotAndUpdateDependencies * bugfix/1066 Remove Put Accept Header (mojaloop#86) - Added noAccept parameter - Upgraded dependencies * More unit tests and some code cleanup (mojaloop#87) * Tests converted to Jest * Added rules engine jsonpath dynamic fact * Updated rules engine API. Added jsonpath package to dependencies. Added rules engine tests. Added Jest config. Added example rules.json. * Updated hapi/subtext to patch vulnerability * Updated example rules and corresponding tests to reflect real form of payer and payee * Added switch endpoint to config to obtain payer and payee information for rules engine. Stubbed validateQuoteRequest method in relevant tests. Running rules engine in validateQuoteRequest (but not doing anything with the results yet). * Tests converted to Jest * Replaced coverage-check script. Added coverage threshold to jest config. Removed Istanbul config. * Uninstalled and reinstalled jest to fix vulnerability * Added junit + config. Added test:junit npm script. Modified circle config to call junit script. Added test results directory to gitignore. * Modified example rules and corresponding tests to better reflect actual payer and payee facts * Updated redirect address to redirect fsp. Made the linter happy. Added rule execution and event handling. Removed empty quote validation, replaced with rules engine execution. Removed redundant setImmediate. New test for INVALID_QUOTE_REQUEST event. Expanded INVALID_QUOTE_REQUEST unit tests. * Manual merge from upstream * Integrated properly the new `model/rules.js` into `model/quotes.js` and updated the `quotes.tests.js` accordingly. * Simplified block of code that was unnecessarily using `map`. * Forwarding event-handler-modified quote request and headers instead of originals * Fixed tests by poorly mocking handleRuleEvents on the quotes model * Cleaned a little bit the result of `handleRuleEvents`; Updated unit tests in order to pass according to latest code changes. * Deduplicated the functionality of request sending * Removed `setImmediate` from all places that it was used. * Use `CreateInternalServerFSPIOPError` instead of `CreateFSPIOPError` * fixed the name of rules.json * rename file rules.example.json * Refactored existing unit tests in order to make them cleaner and avoid duplication; Added more unit tests for `handleQuoteRequest` to cover all possible paths. * Refactored `handleQuoteRequest` to make it more readable and avoid duplication; Cleaned some minor parts of the whole `quotes.js` file. * Resolved issue with merge * Added unit tests for `quotesModel.handleRuleEvents` * Minor update to behaviour and corresponding test update. Minor test change. * Lint fix * Added unit tests for `quotesModel.executeRules` * Added more unit tests to `quotesModel.executeRules` to cover rejected promises of `axios.request` * Minor refactoring on the unit tests of `RulesEngine` to use `describe` blocks and `it()` instead of `test()` for consistency. * Added missing dependency that got removed after merging. * Updated quotes model unit tests to match the new implementation of config.js * Updated comments in codebase. * Removed ``^` sign from dependency in package.json * Bump npm-check-updates from 3.2.1 to 3.2.2 (mojaloop#88) Bumps [npm-check-updates](https://github.com/tjunnone/npm-check-updates) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/tjunnone/npm-check-updates/releases) - [Commits](raineorshine/npm-check-updates@v3.2.1...v3.2.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump eslint from 6.6.0 to 6.7.1 (mojaloop#89) Bumps [eslint](https://github.com/eslint/eslint) from 6.6.0 to 6.7.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v6.6.0...v6.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * bugfix/1079 Extensions Longer Than 128 Chars (mojaloop#90) - truncateExtension config - fix issues with standardJS * Dissasociated unit tests from the actual contents of file `config/rules.json`; (mojaloop#92) Added a `rules.example.json` file. * bugfix/1085 Quote to Inactive Fsp (mojaloop#91) - Proper generate request headers when from switch * mowdev-3411 * added more rules * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * Feature/846 async logging (mojaloop#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (mojaloop#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (mojaloop#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * added more rules and tests * test discard * test discard * test discard * updated dependencies (mojaloop#105) * stripe off accept header for PUT requests * added package-lock.json * Feature/1003 add container scans (mojaloop#103) * Add anchore image scanning, update circleci config * Fix config.yml validity issues * Bump package version, ensure latest deps are installed * Feature/1047 improve test coverage (mojaloop#108) * Add unit tests to bring coverage up to 90%+ remove redundant nyc config Set up dir structure for tests Set up dir structure for tests Add inspect util for ease of testing working on quotes error test Add istanbul ignore comments for mockgen only files working on health check mocks Working on config mocks Add bulk quotes not implemented tests Working on health check tests Working on health check tests remove unused comments working on quotes test working on config default tests working on utils tests working on utils tests find and replace all stack inspection find and replace all stack inspection Working on quote tests Move http into its own library for ease of mocking Move http into its own library for ease of mocking fix existing tests once mocking out http add tests for handleException add tests for handleException add tests for handleException finish getting model testing up to scratch fix missing conditions on rule engine tests Add tests for http refactor start script to improve tests work on server testing working on database mocking working on knex mocks working on knex mocks working on knex mocks working on knex mocks working on knex mocks replace err.stack || util.inspect(err) with getStackOrInspect work on quite tests work on quite tests finish work on cachedDatabase update dependencies, bump package version to 8.7.0 * remove unneeded test files * run standard --fix * bump package version to 8.7.1-snapshot * bump package version to 8.7.2-snapshot * added more rules * fixed the package.json version * fixed version number * fixed the Object.assign * removed rules.json * update package-lock.json * Attempt cache refresh * Replace audit:check with audit * Debug with verbose audit * Skip vulnerability check because of network errors * Skip vuln check step * downgrade helm version * #1147 - Update dependencies (mojaloop#118) * Update sinon * Bump version to 8.8.0 * temp logging * renamed switchEndpoint to a better name * removed config from dockerfile * Fix for #1169 - GET /quotes for malformed ID error response is 1001 instead of 3xxx (mojaloop#125) * Add quote ID validation in swagger.json * Update dependencies and fix unit test * Fix version * Added synchronous responses for rules engine invalid quote errors (mojaloop#127) * Added synchronous responses for rules engine invalid quote errors * Corrected import * Corrected error variable name * Moved response handling out of model, into handlers * Fixed tests * added error code * added swagger changes * Bugfix/1172empty quote values (mojaloop#128) * Added minLength of 1 for quoteId and transactionId for post quotes * Added a comment to remove the minLength property from quoteId and transactionId once the enjoi library has been fixed. * Upgrading version to v8.8.0-snapshot (mojaloop#129) * Upgrading version to v8.8.0-snapshot and now we have test coverage >90% * Feature/1157 anchore report summary (mojaloop#132) * Add anchore summary report upload * fix missing aws credentials * Update dependencies (mojaloop#133) * added error handling when there are no active accounts * added error handling when there are no active accounts * added error handling when there are no active accounts * 893-UpdateRegexToValidateIncomingErrorCodeAtEndpointCallbackAndUpdateDependencies (mojaloop#113) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * WIP * mockConfig done * 893-AddSwaggerValidationForIncomingErrorCodePlusUnitTestChangeAndUpdateDependencies * Fix unit test, update dependencies plus Merge remote-tracking branch 'origin/893-ValidateIncomingErrorCodeAtErroCallbackEndpoint' into 893-ValidateIncomingErrorCodeAtErroCallbackEndpoint Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> * fixed error responses sync and async * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * removed fspiop-uri header * removed fspiop-signature header * added one more error code to sync errors * added more error handling * Fix for #1173 - GET /quotes for unknown quote ID error response is 1001 instead of 3205 (mojaloop#139) * Bump version to 9.0.0-snapshot * Fix response codes for PUT /quotes/{id} and PUT /quotes/{id}/error from 202 to 200 * Update dependencies. Freeze json-rules-engine due to breaking changes * Bump version to 9.1.0 * Remove hard-coded response codes in test * Return error 3000 - Generic client error and not 1001 on 404 errors * Update dependencies * Fix span bug * Update cs-shared * Upgrade to Node 12.16.0 LTS version (mojaloop#150) - Updated CircleCI and Docker scripts to use Node 12.16.0 LTS version. - Updated dependencies * Added updated Mojaloop license (mojaloop#151) * Added updated Mojaloop license (mojaloop#152) * Hotfix: Fix startup failure error (mojaloop#153) * Lock hapi version * Resolve audit issue, temporarily * Fix/1107 circleci deploy (mojaloop#154) * remove sensitive notes * resolve npm audit issues * temp disable some cicd steps for speed up tests * fix missing aws config * Add parameters into orb config * Updating deploy config * helm deploy fixes * temporarily disable the coverage checks * replace inline deployment orb with orb reference * update deploy orb to v0.1.1 * removing duplicate configs * working on helm config * bump orb version to 0.1.4 * Working on executor config * Working on executor config * fix helm set values * more work on helm set values * more work on helm set values * Reenable skipped ci steps * bump package version to 9.2.2-snapshot, add hapi to the audit fix * Fixed /quote/\{id\}/error destination (mojaloop#156) * Updated package version (mojaloop#157) * Updated package version * Updated dependencies (mojaloop#158) * updated to newly released version of event-sdk * updated dependencies and version * Feature/updating dependencies (mojaloop#159) * updated to newly released version of event-sdk * updated dependencies and version * updated dependencies * #1178: Bug fixes for POST /quotes with unknown destination FSP (mojaloop#160) * Validate that FSP Ids in headers and payload match for both payerfsp and payeefsp * Hotfix: Revert #1178 changes (mojaloop#161) * Revert #1178 changes. Update depenedencies. Bump version * Undo version bump * Bugfix/restore handle quote error headers (mojaloop#168) * Modified `forwardQuoteUpdate` so it handles special cases where it doesn't need to modify/set the headers. * Bumped to 9.3.4-snapshot; Added myself to the hall of fame. * Updated unit tests. * Changed bumped version to 9.4.0 to cope with the current versioning status. * Changed the places where the sendErrorCallback is called with `true` flag. * run `npm run audit:resolve` and skipped for a week. * Do not modify headers in case they are only being relayed to another DFSP. * Do not delete `FSPIOP-Signature` header unless if `modifyHeaders` is `true`. * Store extensionLists for quote requests and responses. (mojaloop#184) * store extension list items for quote requests and responses * Adding unit test coverage for quote request and response extensionList saving to database * postpone audit failures * attempt to resolve further audit issues * Delete package-lock.json * another attempt to resolve audit issues * Bump package version * Proposed code changes for extensionLists PR (mojaloop#185) * Proposed code changes for extensionLists PR * Lint Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Feature/otc 218 enhance post quote partyIdInfo with extension list (mojaloop#190) * Added the extension list under the partyidinfo obj * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info Updated dependencies Postponed audit issue * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info * Add custom mojaloop policy for evaluating anchore-cli scans (mojaloop#192) * Update dependencies (mojaloop#200) * Update dependencies * Temporarily resolve audit issues * Hotfix for docker image to support async logging (mojaloop#202) - Added async logging support to DockerFile - Updated dependencies for Jest - Fixed vulnerability issues - Bumped version to v10.1.1 * Merged `master` into this branch. * added JWS support for switch generated msg (mojaloop#203) * added JWS support for switch generated msg * added unit tests * added coverage tests * fix audit issues * removed un-necessary header fix * added a valid default private key * added a default private key * not modify request in jwsSigner * fixed the version issue * bumped up the version * bumped up the version Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * fixed the bug with createQuoteExtensions * Fixed the arguments passed to `createQuoteExtensions`. (mojaloop#213) * Fixed the arguments passed to `createQuoteExtensions`. * Updated expected error message in unit test. * fixed issue with createQuoteExtension * Fixed issue with `createQuoteExtension` (mojaloop#214) * Revert change of the error message as it breaks tests. * Updated versions for error-handler, etc... (mojaloop#218) * Change CI/CD notifications to their own slack channel, bump package to 10.3.1 (mojaloop#219) * Fix DB transaction leaks. Update unit tests (mojaloop#220) - Fixed DB transaction/connection leaks - Updated unit tests - Bumped version * Feature/validation for name place accents (mojaloop#221) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Updated python in Circle CI (mojaloop#222) * updated to newly released version of event-sdk * updated dependencies and version * updates to migrate quoting api to use openapi-backend create openapi >= 3.0 swagger updated dependencies added new routes converted server to use new libraries golden path tests pass coverage may need some attention * added production to quotes audit checks * fixed incorrect case for file path * Updated code coverage * update of dependencies * error handling dependency update * updated dependency * Changes: Updated python in circle CI * Updated dependencies and version for issue: mojaloop/project#1378 (mojaloop#223) * Aligned an error message with the master branch to match Postman test's assertions. * Fixed some npm vulnerabilities and skipped the rest. * Updated circle CI config according to master branch. * Removed `quoteId` from error log message as it causes error due its exceeding length. * Removed `quoteId` from error log message as it causes error due its exceeding length. (mojaloop#224) * fixed error message * Bugfix/1385 fix post quotes header (mojaloop#225) * updated to newly released version of event-sdk * updated dependencies and version * updated to remove accept header from PUT quotes callback * fix error message (mojaloop#226) * fix error message * fix error message Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Bugfix/fix participant lookup to use currency (mojaloop#227) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * Bugfix/fix participant lookup to use currency (mojaloop#228) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * Bugfix/fix participant lookup to use currency (mojaloop#230) * updated to newly released version of event-sdk * updated dependencies and version * fix for accept header and content-type header versions being hardcoded * updated participant lookup to validate against the participant and participant currency table to validate that the participant is active as well as their currency account * updated the order the sql is run in, seems to give and issue during testing * Bugfix/fix participant lookup to use currency (mojaloop#231) Fix for createPartyQuote not passing all values to getParticipant * Feature/1468 support for bulk quotes post passthrough (mojaloop#233) * updated to newly released version of event-sdk * updated dependencies and version * added support for bulk quotes post functionality updated dependencies to fix audit issues * added put, and get functionality for bulk quotes * Fix log text * added the put bulkQuotes error endpoint * updated according to stevens comments * removed unnecessary await * removed the await * awaits need to be there for audits * fixes for error handling according to @oderayi to handle exceptions in model instead of throwing it up to handler * #1484: Update FSPIOP API version (mojaloop#235) * Update FSPIOP API version * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Update API description * Attempt to fix 'jest not found' error in circleci * Attempt to fix 'jest not found' error in circleci * Lock version update for jest and jest-unit, restore npm scripts * Update jest and jest-junit * Update src/interface/swagger.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version in attempt to bypass ci bug with caches Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Add ISO test currencies (XTS, XXX) (mojaloop#238) * Add ISO test currencies * Bump package version * added test currencies * resolve audit issues * fix audit issues * fix audit issues * Convert handlers to async, update deps, and bump version (mojaloop#239) * Feature/#1615 content headers (mojaloop#240) * added support for resource versions * updated dependencies Co-authored-by: Valentin <valentin.genev@modusbox.com> * fixed resource api version to be changed only if message originates from the switch (mojaloop#241) Co-authored-by: Valentin <valentin.genev@modusbox.com> * updated dependencies and removed old audit records (mojaloop#243) * Updated to cater for spans finishing early (mojaloop#244) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * fixes (mojaloop#245) * updated dependencies and removed old audit records * updated to cater for parent spans finishing before the span can be closed and fixed tests * fixing tests and some code found during testing * needed to handle error in the model as the handler has already processed * #1456: Feature/docker config fixes (mojaloop#247) * Update docker configs with master, bump patch version, update dependencies, and fix linting errors with Standard * Update tests * Clean up * Clean up * validate dfsps in payload for simple routing mode (mojaloop#248) * #1875: Replace wildcard routes with explicit routes. (mojaloop#249) * Replace wildcard routes with explicit routes. Add hapi-swagger for API documentation (swagger). Update dependencies. Bump patch version * Fix dependencies * chore: update license file (mojaloop#251) * #1885: Add API documentation library (mojaloop#250) * Add API documentation endpoints * Update dependencies * Resolve audit * Force update event-stream (Widdershins dep) due to license audit issues * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (mojaloop#252) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump axios from 0.21.0 to 0.21.1 (mojaloop#255) Bumps [axios](https://github.com/axios/axios) from 0.21.0 to 0.21.1. **This update includes a security fix.** - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md) - [Commits](axios/axios@v0.21.0...v0.21.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump urijs from 1.19.2 to 1.19.5 (mojaloop#254) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.2 to 1.19.5. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.2...v1.19.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * feat(ci/cd): add pr title check (mojaloop#256) * chore: adding codeowners file (mojaloop#257) * chore: maintenance upgrades, audit check resolve update (mojaloop#258) * chore: adding codeowners file * chore: maintenance upgrades, audit check resolve update * fix(headers)!: made fspiop-destination header mandatory (mojaloop#259) * fix(headers) ! :made fspiop-destination header mandatory * added unit test * added unit test * [Security] Bump urijs from 1.19.5 to 1.19.6 (mojaloop#260) Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.6. **This update includes a security fix.** - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.5...v1.19.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * fix(security): Bump y18n from 3.2.1 to 3.2.2 (mojaloop#261) Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.** - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * fix(security): Bump djv from 2.1.2 to 2.1.4 (mojaloop#263) Bumps [djv](https://github.com/korzio/djv) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/korzio/djv/releases) - [Changelog](https://github.com/korzio/djv/blob/master/CHANGELOG.md) - [Commits](https://github.com/korzio/djv/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: #2103 fix subid functionality in POST quotes request (mojaloop#264) * Fixed issue with subId * Bumped up the version and postponed the audits * Fixed unit test * Update src/data/database.js Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> * feat(#2119): fixes for updated for AJV error objects change (mojaloop#265) - Including new release of Central-services-error-handling: https://github.com/mojaloop/central-services-error-handling/releases/tag/v11.2.0 - Upgraded dependencies - Added AJV as it was a "peer dependency" - Bump to version - Updated audit-resolve for known security issue * fix(#2182): regex validations against swagger interface spec no longer working (mojaloop#267) - Updated central-services-shared dependency - Bump to version - Audit-resolve issues * fix: helm release v12.1.0 (mojaloop#269) - Updated dependencies - Bump to patch level - Standardised npm lint script - Fixes for audit issues * [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (mojaloop#266) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: helm release v12.1.0 (mojaloop#270) - updated missing dependency updates due to ncurc - 'allow.auto.create.topics=true' had been added to Kafka Consumer configs. This will enable Kafka Consumers to trigger auto creation of topics, ref: https://github.com/edenhill/librdkafka/releases/tag/v1.5.0. * fix(mojaloop/project#2246): updated dependency version (mojaloop#272) -Bumped Version -Fixed pre-commit task, misspelling Co-authored-by: JoNel <Johann.nel@sybrin.co.za> * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings (mojaloop#278) * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings [#2358](mojaloop/project#2358) - Updated regex to match [\w](https://unicode.org/reports/tr18/#word) (used by the [Mojaloop Specification](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/fspiop-v1.1-openapi3.yaml#L2347)) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification. - Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName - Bump to patch version - Updated dependencies to the latest version - Fixed audit-resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week * chore(#864): change instanbul to nyc for coverage on all projects (mojaloop#279) chore(#864): change instanbul to nyc for coverage on all projects - removed .ncurc.yml as code-coverage is configured in the jest.config.js - fixes for audit resolve ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point * fix(mojaloop/#2439): quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (mojaloop#280) fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE - added typesafe checks for validate quote request logic - added devspace patterns to gitignore - minor formatting of the serverStart unit tests for clarity - updated dependencies to latest version - added circleci config for automated releases - added standard-version dependency for automated releases - fixed audit resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point * fix: updated circleci config to use the SHA1 hash of the last commit of the current build (mojaloop#281) * chore(release): 12.0.8 [skip ci] * fix: circleci slack webhook typo fix (mojaloop#282) * fixes for CI-CD typo image-scan failure on slack webhook * chore(release): 12.0.9 [skip ci] * chore: updated readme with automated-releases, potential-problems and additional-notes placeholder (mojaloop#283) * updated readme with Automated Releases, Potential Problems and Additional Notes placeholder * fixed markdown lint issues for readme * chore(release): 12.0.10 [skip ci] * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * Fixed the tests * changed the way we add headers * refactoring * refactoring * removed the hardcoded headers * removed the hardcoded headers * updated README * fixed swagger * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes Co-authored-by: Juan Correa <gibaros@users.noreply.github.com> Co-authored-by: Georgi Georgiev <georgi.georgiev@modusbox.com> Co-authored-by: Vassilis Barzokas <vassilis.barzokas@modusbox.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: shashi165 <shashikant.hirugade@softwaregroup.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: ndonnan <neal.donnan@gmail.com> Co-authored-by: Sam <elnyry@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Miguel de Barros <miguel@debarros.me> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: Johann Nel <29751181+JohannWNel@users.noreply.github.com> Co-authored-by: JoNel <Johann.nel@sybrin.co.za> Co-authored-by: mojaloopci <info@mojaloop.io>
This was referenced Jan 12, 2022
This was referenced Feb 9, 2022
This was referenced Apr 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary:
When wrong content header is supplied in the request header, following error information is sent and extension list is missing.
Tasks:
PRs:
Severity:
Medium
Priority:
Low
Expected Behavior
Steps to Reproduce
Specifications
Notes:
The text was updated successfully, but these errors were encountered: