[Snyk] Fix for 1 vulnerabilities

[rasputtintin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mojaloop/central-ledger

The new version differs by 107 commits.

• 31d2189 fix: dep update (#812)
• ebeb3d8 fix(settlements)!: SettlementModel currency is mandatory (#811)
• 47d173c chore: adding codeowners list (#810)
• 0ac56b1 feat(settlements)!: Continuous Gross Settlement (#808)
• 68882fd fix: package.json & package-lock.json to reduce vulnerabilities (#809)
• 3308ec2 [Security] Bump urijs from 1.19.3 to 1.19.5 (#806)
• 97f0566 chore: update dependencies, maintenance
• 8abd0c3 fix: package.json & package-lock.json to reduce vulnerabilities (#800)
• ab96ea1 [Security] Bump ini from 1.3.5 to 1.3.8 (#801)
• 6286b5e #1885: Update API documentation endpoints (#798)
• eb5fdbb chore: update license file (#797)
• 7419b25 Fix for https://github.com/Inconsistent Transfer Timeout error messages being sent by Central-Ledger mojaloop/project#1877 (#795)
• 2b168b1 Update standard version & fix linting issues (#794)
• ce4f7c9 Update central-services-database and other deps (#793)
• 2762305 BugFix 1444 - Ignore Dups on Seed insert (#792)
• 867fb1d updated dependencies for helm release (#789)
• 16f582c Bugfix/1710 1709 headers invalid case (#787)
• f8f574f Add unit tests for timeout callback fix (#786)
• b577761 Fix error callback for expired transfers (#785)
• 3f8cfd0 Feature/#1615 content headers (#782)
• caf392c Fix bug in volumes of temp_curl service (#778)
• 4223655 fix: package.json & package-lock.json to reduce vulnerabilities (#775)
• b1cc709 #1547: Update dependencies (central-object-store etc.) (#774)
• 647b966 #1547: Fail transfer fulfill with "RESERVED" state and v1.0 content-type (#773)

See the full diff

Package name: @mojaloop/central-services-shared

The new version differs by 77 commits.

• f6009d7 chore: 1975 update deps (Bump sinon from 9.0.0 to 9.0.1 mojaloop/central-settlement#273)
• f678b43 [Security] Bump axios from 0.21.0 to 0.21.1 (Bump npm-check-updates from 4.0.2 to 4.0.4 mojaloop/central-settlement#269)
• a8bfb9c Bump urijs from 1.19.2 to 1.19.5 (Settlement v2 mojaloop/central-settlement#270)
• 7b00ed8 [Security] Bump urijs from 1.19.2 to 1.19.5 (Feature/1241 get settlements by params to include currency mojaloop/central-settlement#268)
• 46d88e6 #1885: Fix for "multiple servers per repo" use case (Bump @hapi/hapi and hapi-swagger mojaloop/central-settlement#267)
• cbd0434 Hotfix: Fix dependencies for API documentation (Settlement v2 mojaloop/central-settlement#264)
• 327a51c chore: update license file (Bump tape from 4.13.0 to 4.13.2 mojaloop/central-settlement#265)
• df81389 #1885: Add API documentation utility, plugin, and endpoints (Enhance central-settlement : Return settlement window content for every settlement window when getting settlements by id. mojaloop/central-settlement#263)
• 9c88000 Add FSPIOP headers validation for bulk transfers (Bump npm-check-updates from 4.0.2 to 4.0.3 mojaloop/central-settlement#262)
• a037e4b chore: add get transaction request endpoint (Fix/1107 circleci deploy mojaloop/central-settlement#261)
• 262fa39 chore: update index.d.ts (Bump npm-check-updates from 4.0.1 to 4.0.2 mojaloop/central-settlement#260)
• 1e2937e chore: add generate challenge endpoints (Settlement-v2 merge into master mojaloop/central-settlement#259)
• af208b7 feat: add getEndpointAndRender function and update packages (Bump @mojaloop/central-services-database from 9.1.0 to 9.2.0 mojaloop/central-settlement#258)
• 26bfcc4 Bugfix/1709 1710 headers invalid case (Bump @mojaloop/central-services-shared from 9.1.4 to 9.2.0 mojaloop/central-settlement#257)
• 4ccb7e6 Fix/resource versions pass through headers (Bump @mojaloop/central-services-stream from 9.1.0 to 9.2.0 mojaloop/central-settlement#256)
• 0d37bd8 chore: add thirdparty req patch endpoint (Re-do code changes to the updated settlements v2 mojaloop/central-settlement#255)
• 1648239 Fix/#1615 dep fix (Feature/926 enhanced get settlement windows by params mojaloop/central-settlement#254)
• c5187a6 Fix/#1615 regex group (Bump @hapi/hapi from 18.4.0 to 18.4.1 mojaloop/central-settlement#253)
• 3252a69 Fix/#1615 (Bump @hapi/joi from 16.1.8 to 17.1.0 mojaloop/central-settlement#252)
• 605851c Feature/#1615 content headers (Bump @hapi/inert from 5.2.2 to 6.0.1 mojaloop/central-settlement#251)
• 4d6f2f9 refactor: change thirdparty endpoint names (Bump @hapi/vision from 5.5.4 to 6.0.0 mojaloop/central-settlement#250)
• 4cfee66 Fix/#1652 (feature/1209 Restrict Create Settlement mojaloop/central-settlement#249)
• 11143b2 update openapi backend version (Bump sinon from 7.5.0 to 9.0.0 mojaloop/central-settlement#248)
• 295ce35 Bugfix/fix for delete method being validated with body ([moja-tools-bot] Update LICENSE.md mojaloop/central-settlement#247)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.