Repo Upgrade #1
Open
Repo Upgrade #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add file logging support in docker, update dependencies * Add back missing package after merge conflicts
* Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency.
* Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js
* Add anchore image scanning, update circleci config * Fix config.yml validity issues * Bump package version, ensure latest deps are installed
* Add unit tests to bring coverage up to 90%+ remove redundant nyc config Set up dir structure for tests Set up dir structure for tests Add inspect util for ease of testing working on quotes error test Add istanbul ignore comments for mockgen only files working on health check mocks Working on config mocks Add bulk quotes not implemented tests Working on health check tests Working on health check tests remove unused comments working on quotes test working on config default tests working on utils tests working on utils tests find and replace all stack inspection find and replace all stack inspection Working on quote tests Move http into its own library for ease of mocking Move http into its own library for ease of mocking fix existing tests once mocking out http add tests for handleException add tests for handleException add tests for handleException finish getting model testing up to scratch fix missing conditions on rule engine tests Add tests for http refactor start script to improve tests work on server testing working on database mocking working on knex mocks working on knex mocks working on knex mocks working on knex mocks working on knex mocks replace err.stack || util.inspect(err) with getStackOrInspect work on quite tests work on quite tests finish work on cachedDatabase update dependencies, bump package version to 8.7.0 * remove unneeded test files * run standard --fix * bump package version to 8.7.1-snapshot * bump package version to 8.7.2-snapshot
* Update sinon * Bump version to 8.8.0
…nstead of 3xxx (#125) * Add quote ID validation in swagger.json * Update dependencies and fix unit test * Fix version
* Added minLength of 1 for quoteId and transactionId for post quotes * Added a comment to remove the minLength property from quoteId and transactionId once the enjoi library has been fixed.
* Upgrading version to v8.8.0-snapshot and now we have test coverage >90%
* Add anchore summary report upload * fix missing aws credentials
…Dependencies (#113) * Issue934-FixSetEnvVarRCAsBooleanInsteadOfString * WIP * mockConfig done * 893-AddSwaggerValidationForIncomingErrorCodePlusUnitTestChangeAndUpdateDependencies * Fix unit test, update dependencies plus Merge remote-tracking branch 'origin/893-ValidateIncomingErrorCodeAtErroCallbackEndpoint' into 893-ValidateIncomingErrorCodeAtErroCallbackEndpoint Co-authored-by: Georgi Georgiev <[email protected]> Co-authored-by: Sam <[email protected]>
…01 instead of 3205 (#139) * Bump version to 9.0.0-snapshot * Fix response codes for PUT /quotes/{id} and PUT /quotes/{id}/error from 202 to 200 * Update dependencies. Freeze json-rules-engine due to breaking changes * Bump version to 9.1.0 * Remove hard-coded response codes in test * Return error 3000 - Generic client error and not 1001 on 404 errors * Update dependencies * Fix span bug * Update cs-shared
- Updated CircleCI and Docker scripts to use Node 12.16.0 LTS version. - Updated dependencies
* Lock hapi version * Resolve audit issue, temporarily
* remove sensitive notes * resolve npm audit issues * temp disable some cicd steps for speed up tests * fix missing aws config * Add parameters into orb config * Updating deploy config * helm deploy fixes * temporarily disable the coverage checks * replace inline deployment orb with orb reference * update deploy orb to v0.1.1 * removing duplicate configs * working on helm config * bump orb version to 0.1.4 * Working on executor config * Working on executor config * fix helm set values * more work on helm set values * more work on helm set values * Reenable skipped ci steps * bump package version to 9.2.2-snapshot, add hapi to the audit fix
* updated to newly released version of event-sdk * updated dependencies and version
* updated to newly released version of event-sdk * updated dependencies and version * updated dependencies
* Validate that FSP Ids in headers and payload match for both payerfsp and payeefsp
* Revert #1178 changes. Update depenedencies. Bump version * Undo version bump
* Modified `forwardQuoteUpdate` so it handles special cases where it doesn't need to modify/set the headers. * Bumped to 9.3.4-snapshot; Added myself to the hall of fame. * Updated unit tests. * Changed bumped version to 9.4.0 to cope with the current versioning status. * Changed the places where the sendErrorCallback is called with `true` flag. * run `npm run audit:resolve` and skipped for a week.
* store extension list items for quote requests and responses * Adding unit test coverage for quote request and response extensionList saving to database * postpone audit failures * attempt to resolve further audit issues * Delete package-lock.json * another attempt to resolve audit issues * Bump package version * Proposed code changes for extensionLists PR (#185) * Proposed code changes for extensionLists PR * Lint Co-authored-by: Matt Kingston <[email protected]>
) * Added the extension list under the partyidinfo obj * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info Updated dependencies Postponed audit issue * OTC-218 Changes: Enhanced Post Quotes on quoting service to handle extension lists under partyId info
* Update dependencies * Temporarily resolve audit issues
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Signed-off-by: dependabot-preview[bot] <[email protected]> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
- updated missing dependency updates due to ncurc - 'allow.auto.create.topics=true' had been added to Kafka Consumer configs. This will enable Kafka Consumers to trigger auto creation of topics, ref: https://github.com/edenhill/librdkafka/releases/tag/v1.5.0.
-Bumped Version -Fixed pre-commit task, misspelling Co-authored-by: JoNel <[email protected]>
…yanmar script unicode strings (#278) * fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings [#2358](mojaloop/project#2358) - Updated regex to match [\w](https://unicode.org/reports/tr18/#word) (used by the [Mojaloop Specification](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/fspiop-v1.1-openapi3.yaml#L2347)) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification. - Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName - Bump to patch version - Updated dependencies to the latest version - Fixed audit-resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week
chore(#864): change instanbul to nyc for coverage on all projects - removed .ncurc.yml as code-coverage is configured in the jest.config.js - fixes for audit resolve ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as this is used to render documentation end-point
…t-perform-correct-validation (#280) fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE - added typesafe checks for validate quote request logic - added devspace patterns to gitignore - minor formatting of the serverStart unit tests for clarity - updated dependencies to latest version - added circleci config for automated releases - added standard-version dependency for automated releases - fixed audit resolve issues: ```text -------------------------------------------------- tar needs your attention. [ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar [ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in: - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar ``` > Outcome: Fixed ```text -------------------------------------------------- yargs-parser needs your attention. [ low ] Prototype Pollution vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in: - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point ```text -------------------------------------------------- sanitize-html needs your attention. [ moderate ] Improper Input Validation vulnerable versions <2.3.1 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html [ moderate ] Improper Input Validation vulnerable versions <2.3.2 found in: - dependencies: @mojaloop/central-services-shared>shins>sanitize-html ``` > Outcome: Ignored for a week > Impact: Minimal as the dependencies are used for the Developer Documentation end-point
…of the current build (#281)
* fixes for CI-CD typo image-scan failure on slack webhook
… additional-notes placeholder (#283) * updated readme with Automated Releases, Potential Problems and Additional Notes placeholder * fixed markdown lint issues for readme
…oting service (#289) - chore: updated dependencies - updated dependencies - add 'json-rules-engine' and 'eslint' to ncurc.json ignore file as they have breaking changes - fixed audit-resolve issues - added fixes for api negotiation validation - re-factored outgoing messages by using the in-line config - fixed unit tests - fix(mojaloop/#2535): fspiop api version negotiation not handled by quoting service - mojaloop/project#2535 - added getOptionsForFSPIOPHeaderValidation to the plugin configuration - added new config key for PROTOCOL_VERSIONS to default and integration configs - added DEFAULT_PROTOCOL_VERSION for backward compatibility - updated config and unit tests to FSPIOP v1.1 protocol version - QUOTE_PROTOCOL_VERSIONS__ACCEPT__VALIDATELIST can be set as follows "[ \"1\", \"1.1\"]" and it will be parsed correctly into a object - Added unit tests for config changes BREAKING CHANGE: Forcing a major version change for awareness of the config changes. The `LIB_RESOURCE_VERSIONS` env var is now deprecated, and this is now also controlled by the PROTOCOL_VERSIONS config in the default.json. This has been done for consistency between all API services going forward and unifies the config for both inbound and outbound Protocol API validation/transformation features.
…oting service (#289) (#290) - fix(mojaloop/#2535): fspiop api version negotiation not handled by quoting service - mojaloop/project#2535 - general fixes for quoting-service changes - fixed unit tests to correctly load config
* Tests converted to Jest * Added rules engine jsonpath dynamic fact * Updated rules engine API. Added jsonpath package to dependencies. Added rules engine tests. Added Jest config. Added example rules.json. * Updated hapi/subtext to patch vulnerability * Updated example rules and corresponding tests to reflect real form of payer and payee * Added switch endpoint to config to obtain payer and payee information for rules engine. Stubbed validateQuoteRequest method in relevant tests. Running rules engine in validateQuoteRequest (but not doing anything with the results yet). * Tests converted to Jest * Replaced coverage-check script. Added coverage threshold to jest config. Removed Istanbul config. * Uninstalled and reinstalled jest to fix vulnerability * Added junit + config. Added test:junit npm script. Modified circle config to call junit script. Added test results directory to gitignore. * Modified example rules and corresponding tests to better reflect actual payer and payee facts * Updated redirect address to redirect fsp. Made the linter happy. Added rule execution and event handling. Removed empty quote validation, replaced with rules engine execution. Removed redundant setImmediate. New test for INVALID_QUOTE_REQUEST event. Expanded INVALID_QUOTE_REQUEST unit tests. * Manual merge from upstream * Integrated properly the new `model/rules.js` into `model/quotes.js` and updated the `quotes.tests.js` accordingly. * Simplified block of code that was unnecessarily using `map`. * Forwarding event-handler-modified quote request and headers instead of originals * Fixed tests by poorly mocking handleRuleEvents on the quotes model * Cleaned a little bit the result of `handleRuleEvents`; Updated unit tests in order to pass according to latest code changes. * Deduplicated the functionality of request sending * Removed `setImmediate` from all places that it was used. * Use `CreateInternalServerFSPIOPError` instead of `CreateFSPIOPError` * mowdev-3411 * added more rules * Feature/846 async logging (#100) * Add file logging support in docker, update dependencies * Add back missing package after merge conflicts * Feature/update json rules engine (#101) * Simplified rules unit tests * Updated json-rules-engine * Updated code to use native json-rules-engine jsonpath syntax * Made linter happy. Removed jsonpath dependency. * Feature/test fx rules (#102) * Added skeleton for fx rules unit tests * Removed commented tests from original file * Update fx.test.js * added more rules and tests * test discard * test discard * test discard * stripe off accept header for PUT requests * added package-lock.json * added more rules * fixed the package.json version * fixed version number * fixed the Object.assign * removed rules.json * update package-lock.json * Attempt cache refresh * Replace audit:check with audit * Debug with verbose audit * Skip vulnerability check because of network errors * Skip vuln check step * downgrade helm version * temp logging * renamed switchEndpoint to a better name * removed config from dockerfile * Added synchronous responses for rules engine invalid quote errors (#127) * Added synchronous responses for rules engine invalid quote errors * Corrected import * Corrected error variable name * Moved response handling out of model, into handlers * Fixed tests * added error code * added swagger changes * added error handling when there are no active accounts * added error handling when there are no active accounts * added error handling when there are no active accounts * fixed error responses sync and async * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * fixed the rounting problem with forex quotes * removed fspiop-uri header * removed fspiop-signature header * added one more error code to sync errors * added more error handling * Updated package version * Do not modify headers in case they are only being relayed to another DFSP. * Do not delete `FSPIOP-Signature` header unless if `modifyHeaders` is `true`. * Merged `master` into this branch. * fixed the bug with createQuoteExtensions * fixed issue with createQuoteExtension * Revert change of the error message as it breaks tests. * Aligned an error message with the master branch to match Postman test's assertions. * Fixed some npm vulnerabilities and skipped the rest. * Updated circle CI config according to master branch. * Removed `quoteId` from error log message as it causes error due its exceeding length. * fixed error message * added test currencies * resolve audit issues * fix audit issues * fix audit issues * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * WIP * Fixed the tests * changed the way we add headers * refactoring * refactoring * removed the hardcoded headers * removed the hardcoded headers * updated README * fixed swagger * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * revert sync changes * fixed issue with createPayerParty * fixed issue with createPayerParty * fixed issue with eslint version * Update src/model/quotes.js Co-authored-by: Sam <[email protected]> * Update src/model/quotes.js Co-authored-by: Sam <[email protected]> * Update src/model/quotes.js Co-authored-by: Sam <[email protected]> * Update src/model/quotes.js Co-authored-by: Sam <[email protected]> * fixed audit issue * fixed audit issue * bring in latest mowali version * audit resolve * revert package version * removed the implementation specific payer/payee validation * removed the implementation specific payer/payee validation * removed comments Co-authored-by: msk- <[email protected]> Co-authored-by: Vassilis Barzokas <[email protected]> Co-authored-by: shashi165 <[email protected]> Co-authored-by: Lewis Daly <[email protected]> Co-authored-by: Kamuela Franco <[email protected]> Co-authored-by: Sam <[email protected]>
… api compatibility (#295) feat(mojaloop/#2704): core-services support for non-breaking backward api compatibility - mojaloop/project#2704 - updated default.json config for PROTOCOL_VERSIONS, and updated related usage based on mojaloop/project#2660 to accept a validationList for the content-type - updated dependencies - fixed audit issues - fixed unit tests BREAKING CHANGE: - Config PROTOCOL_VERSIONS.CONTENT has now been modified to support backward compatibility for minor versions (i.e. v1.0 & 1.1) as follows: > ``` > "PROTOCOL_VERSIONS": { > "CONTENT": "1.1", <-- used when generating messages from the "SWITCH", and validate incoming FSPIOP API requests/callbacks CONTENT-TYPE headers > "ACCEPT": { > "DEFAULT": "1", <-- used when generating messages from the "SWITCH" > "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks ACCEPT headers > "1", > "1.0", > "1.1" > ] > } > }, > ``` > > to be consistent with the ACCEPT structure as follows: > > ``` > "PROTOCOL_VERSIONS": { > "CONTENT": { > "DEFAULT": "1.1", <-- used when generating messages from the "SWITCH" > "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks CONTENT-TYPE headers > "1.1", > "1.0" > ] > }, > "ACCEPT": { > "DEFAULT": "1", <-- used when generating messages from the "SWITCH" > "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks ACCEPT headers > "1", > "1.0", > "1.1" > ] > } > }, > ```
…ibility (#297) * fixed audit-resolve issues
feat(mojaloop/#2767): upgrade nodeJS version for quoting-service - mojaloop/project#2767 standardised CI scripts, however, the test-integration CI job needed minor tweaks to work with the quoting-service's implementation updated docker-compose files to work correctly added wait-4-docker npm script fixed lint issues updated .nvmrc to latest LTS version added standard CI scripts/config to package.json: release, snapshot, standard-version, etc updated gitignore to include test/results and IGNORE patterns updated README with standard auto-release information Fixed imports Cleaned up Package.json Removed unnecessary dependencies Removed unnecessary files Notes: Helm chart mountPaths need to be updated from /opt/quoting-service to /opt/app as follows: volumeMounts: - mountPath: /opt/app/config name: <deployment-name> BREAKING CHANGE: Major version bump for node v16 LTS support, re-structuring of project directories to align to core Mojaloop repositories and docker image now uses /opt/app instead of /opt/quoting-service which will impact config mounts.
- added catch to fire-and-forget promises that are not "handled", otherwise the nodejs process would just exit on the unhandled promise, causing the k8s pods to restart during GP tests - updated unit tests to correctly reject promises instead of just throwing an error (i.e. made mocked functions async), also check for rejections, and fix code-coverage issues - updated dependencies - fixed audit-resolve issues
chore(mojaloop/#3438): nodejs upgrade - mojaloop/project#3438 - Upgraded NodeJS from v16 to v18 LTS - Updated CI config to use NodeJS latest LTS version - Updated CI config to display runtime versions for each job - Upgraded NPM dependencies - Fixed CI bugs caused by the NodeJS upgrade - Updated CI pipeline use NVM to select node version from` .nvmrc` file - Upgraded circleci orbs - Migrated `master` branch to `main` - Optimized ci workflow to use cached image for some jobs - Updated unit test scripts to run "in band" to avoid failures by flaky tests. (Further investigation is needed to ascertain why `test/unit/server.tests.js` and `test/unit/serverStart.test.js` fail when run in parallel)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.