[Snyk] Fix for 26 vulnerabilities

[rasputtintin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIACCEPT-548917	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIAMMO-548918	Yes	No Known Exploit
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HAPISUBTEXT-548912	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPISUBTEXT-548916	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mojaloop/central-services-error-handling

The new version differs by 7 commits.

• 3e636fd Feature/openapi backend changes (Bump @mojaloop/central-services-shared from 8.8.3 to 9.1.1 mojaloop/central-event-processor#140)
• 7242737 Added error handlers to factory for bug 1314 (Bump mongoose from 5.8.0 to 5.8.11 mojaloop/central-event-processor#139)
• b1270b6 #1339: Fixes for 'cause' and '_cause' extension exclusion in error responses (Bump npm-audit-resolver from 2.1.0 to 2.2.0 mojaloop/central-event-processor#137)
• 143c7a2 [Security] Bump acorn from 7.1.0 to 7.1.1 (Bump mongoose from 5.8.0 to 5.8.7 mojaloop/central-event-processor#124)
• 68dfbe7 Added updated Mojaloop license (Bump mongoose from 5.8.0 to 5.8.3 mojaloop/central-event-processor#118)
• 3321654 updated to latest node lts version 12.16.0 (Bump tape from 4.11.0 to 4.12.0 mojaloop/central-event-processor#112)
• 01324f6 Issue893-ValidateIncomingErrorCodesForErrorEnd-pointCallbackRequestsPerMojaloopSpec (Bump mongoose from 5.7.8 to 5.7.12 mojaloop/central-event-processor#96)

See the full diff

Package name: @mojaloop/central-services-shared

The new version differs by 92 commits.

• 14f0b3e feat(2151)!: helm-release-v12.1.0 (#297)
• a5d9141 chore: fix service type typescript enum (#296)
• 5aaf087 fix(#2182)!: regex validations against swagger interface spec no longer working (#295)
• 0e538d8 chore: bump package version (#294)
• fc4fe7e chore: add 'example' as whitelisted keyword (#293)
• 6f9496d chore: address vulnerabilities (#291)
• 6275eb0 chore: add services endpoints (#290)
• 5860510 feat(#2119): fixes for updated for AJV error objects change (#289)
• b83a8bd fixed typo (#288)
• aee59ed Feature/#2057 refactoring for cs ([Snyk] Security upgrade @mojaloop/central-services-health from 8.3.0 to 10.6.0 #3) (#284)
• 082d373 chore: add PATCH consentRequests endpoint (#279)
• 7702879 chore: add enums to interface (#278)
• 5dcbe73 chore: add consent and consent request events and patch action (#277)
• 9f8713f chore: add accounts callback endpoints (#275)
• 5e49222 chore: add enums and bump package (#274)
• f6009d7 chore: 1975 update deps (#273)
• f678b43 [Security] Bump axios from 0.21.0 to 0.21.1 (#269)
• a8bfb9c Bump urijs from 1.19.2 to 1.19.5 (#270)
• 7b00ed8 [Security] Bump urijs from 1.19.2 to 1.19.5 (#268)
• 46d88e6 #1885: Fix for "multiple servers per repo" use case (#267)
• cbd0434 Hotfix: Fix dependencies for API documentation (#264)
• 327a51c chore: update license file (#265)
• df81389 #1885: Add API documentation utility, plugin, and endpoints (#263)
• 9c88000 Add FSPIOP headers validation for bulk transfers (#262)

See the full diff

Package name: @mojaloop/central-services-stream

The new version differs by 11 commits.

• 65913b6 Updated dependencies (Bump mongoose from 5.7.8 to 5.7.14 mojaloop/central-event-processor#106)
• d64d4b2 make audit resolver run on production only by default, bump package to 10.2.0 (Bump @mojaloop/central-services-error-handling from 8.3.0 to 8.6.2 mojaloop/central-event-processor#100)
• b1c5d75 #1289 Log optimisation (Bump mongoose from 5.7.8 to 5.7.9 mojaloop/central-event-processor#91)
• 398c429 Update version to v9.2.0 (Bump mongodb-memory-server from 5.2.6 to 6.0.1 mojaloop/central-event-processor#81)
• be4acac Added updated Mojaloop license (Bump nodemon from 1.19.3 to 1.19.4 mojaloop/central-event-processor#78)
• 1c70e43 Added updated Mojaloop license ([Security] Bump mongoose from 5.7.3 to 5.7.5 mojaloop/central-event-processor#77)
• 0f2dfc1 updated dependencies and node version to latest LTS version (Bump @mojaloop/central-services-shared from 8.1.5 to 8.2.0 mojaloop/central-event-processor#75)
• 7b2f9f1 reduced log verbosity (Bump mongodb-memory-server from 5.2.0 to 5.2.3 mojaloop/central-event-processor#59)
• bcd2456 removed unnecessary logger (Bump mongoose from 5.6.9 to 5.6.13 mojaloop/central-event-processor#58)
• 623d5c1 Bug/1114 kafka queue full (Bump @mojaloop/central-services-error-handling from 7.3.0 to 7.4.5 mojaloop/central-event-processor#57)
• 90bd4b8 Remove unused code and dependencies (Bump @mojaloop/central-services-shared from 7.2.0 to 7.5.0 mojaloop/central-event-processor#56)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn