v12.0.7 Release
- fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings
- Updated regex to match \w (used by the Mojaloop Specification) based on mappings to the ECMAScript regex specification.
- Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName
- Bump to patch version
- Updated dependencies to the latest version
- Fixed audit-resolve issues:
--------------------------------------------------
tar needs your attention.
[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
- dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
- dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
Outcome: Fixed
--------------------------------------------------
yargs-parser needs your attention.
[ low ] Prototype Pollution
vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
- dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser
Outcome: Ignored for a week
--------------------------------------------------
sanitize-html needs your attention.
[ moderate ] Improper Input Validation
vulnerable versions <2.3.1 found in:
- dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
vulnerable versions <2.3.2 found in:
- dependencies: @mojaloop/central-services-shared>shins>sanitize-html
Outcome: Ignored for a week