From 3a94cdf0eafc6e9b53d796357b68c6d82eaa5277 Mon Sep 17 00:00:00 2001 From: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Date: Wed, 5 Jun 2024 07:03:35 -0500 Subject: [PATCH] chore: dependency upgrades and one migration (#1045) * dependency updates to address dependabot alerts * updating dependencies: migrating from hapi-auth-basic to @hapi/basic --- audit-ci.jsonc | 5 - package-lock.json | 255 +++--------------------------------------- package.json | 11 +- src/shared/plugins.js | 2 +- 4 files changed, 21 insertions(+), 252 deletions(-) diff --git a/audit-ci.jsonc b/audit-ci.jsonc index 2e3cd1df0..8eadc502b 100644 --- a/audit-ci.jsonc +++ b/audit-ci.jsonc @@ -5,9 +5,7 @@ "moderate": true, "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList "GHSA-v88g-cgmw-v5xw", // widdershins>swagger2openapi>oas-validator>ajv - "GHSA-mg85-8mv5-ffjr", // hapi-auth-basic>hapi>ammo "GHSA-phwq-j96m-2c2q", // @mojaloop/central-services-shared>shins>ejs - "GHSA-7hx8-2rxv-66xv", // hapi-auth-basic>hapi "GHSA-c429-5p7v-vgjp", // hapi>boom>hoek "GHSA-282f-qqgm-c34q", // widdershins>swagger2openapi>better-ajv-errors>jsonpointer "GHSA-8cf7-32gw-wr33", // @now-ims/hapi-now-auth>jsonwebtoken @@ -18,9 +16,6 @@ "GHSA-mjxr-4v3x-q3m4", // @mojaloop/central-services-shared>shins>sanitize-html "GHSA-rjqq-98f6-6j3r", // @mojaloop/central-services-shared>shins>sanitize-html "GHSA-rm97-x556-q36h", // @mojaloop/central-services-shared>shins>sanitize-html - "GHSA-g64q-3vg8-8f93", // hapi-auth-basic>hapi>subtext - "GHSA-5854-jvxx-2cg9", // hapi-auth-basic>hapi>subtext - "GHSA-2mvq-xp48-4c77", // hapi-auth-basic>hapi>subtext "GHSA-w5p7-h5w8-2hfq", // tap-spec>tap-out>trim "GHSA-p9pc-299p-vxgp", // widdershins>yargs>yargs-parser "GHSA-ghr5-ch3p-vcr6", // https://github.com/advisories/GHSA-ghr5-ch3p-vcr6 diff --git a/package-lock.json b/package-lock.json index 97ebcae7a..b2ee35a27 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,6 +9,7 @@ "version": "17.7.2", "license": "Apache-2.0", "dependencies": { + "@hapi/basic": "7.0.2", "@hapi/catbox-memory": "6.0.1", "@hapi/good": "9.0.1", "@hapi/hapi": "21.3.9", @@ -26,7 +27,7 @@ "@mojaloop/ml-number": "11.2.4", "@mojaloop/object-store-lib": "12.0.3", "@now-ims/hapi-now-auth": "2.1.0", - "ajv": "8.15.0", + "ajv": "8.16.0", "ajv-keywords": "5.1.0", "base64url": "3.0.1", "blipp": "4.0.2", @@ -37,7 +38,6 @@ "event-stream": "4.0.1", "five-bells-condition": "5.0.1", "glob": "10.4.1", - "hapi-auth-basic": "5.0.0", "hapi-auth-bearer-token": "8.0.0", "hapi-swagger": "17.2.1", "ilp-packet": "2.2.0", @@ -839,6 +839,15 @@ "@hapi/hoek": "^11.0.2" } }, + "node_modules/@hapi/basic": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/@hapi/basic/-/basic-7.0.2.tgz", + "integrity": "sha512-kdpsmCEHVDlIYStRbszSyy/9+dq5KkfWLX5AjuHGPwtzuuZopZnhkVvMZV45hQ8hA8V/weCoMs0nzXJ7JCA2ow==", + "dependencies": { + "@hapi/boom": "^10.0.1", + "@hapi/hoek": "^11.0.2" + } + }, "node_modules/@hapi/boom": { "version": "10.0.1", "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-10.0.1.tgz", @@ -2587,9 +2596,9 @@ } }, "node_modules/ajv": { - "version": "8.15.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.15.0.tgz", - "integrity": "sha512-15BTtQUOsSrmHCy+B4VnAiJAJxJ8IFgu6fcjFQF3jQYZ78nLSQthlFg4ehp+NLIyfvFgOlxNsjKIEhydtFPVHQ==", + "version": "8.16.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "integrity": "sha512-F0twR8U1ZU67JIEtekUcLkXkoO5mMMmgGD8sK/xUFzJ805jxHQl92hImFAqqXMyMYjSPOyUPAwHYhB72g5sTXw==", "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^2.3.0", @@ -3163,21 +3172,6 @@ "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==" }, - "node_modules/boom": { - "version": "7.3.0", - "resolved": "https://registry.npmjs.org/boom/-/boom-7.3.0.tgz", - "integrity": "sha512-Swpoyi2t5+GhOEGw8rEsKvTxFLIDiiKoUc2gsoV6Lyr43LHBIzch3k2MvYUs8RTROrIkVJ3Al0TkaOGjnb+B6A==", - "deprecated": "This module has moved and is now available at @hapi/boom. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.", - "dependencies": { - "hoek": "6.x.x" - } - }, - "node_modules/boom/node_modules/hoek": { - "version": "6.1.3", - "resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.3.tgz", - "integrity": "sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ==", - "deprecated": "This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues." - }, "node_modules/boxen": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/boxen/-/boxen-7.1.1.tgz", @@ -7386,50 +7380,6 @@ "uglify-js": "^3.1.4" } }, - "node_modules/hapi": { - "version": "18.1.0", - "resolved": "https://registry.npmjs.org/hapi/-/hapi-18.1.0.tgz", - "integrity": "sha512-nSU1VLyTAgp7P5gy47QzJIP2JAb+wOFvJIV3gnL0lFj/mD+HuTXhyUsDYXjF/dhADMVXVEz31z6SUHBJhtsvGA==", - "deprecated": "This version contains severe security issues and defects and should not be used! Please upgrade to the latest version of @hapi/hapi or consider a commercial license (https://github.com/hapijs/hapi/issues/4114)", - "hasShrinkwrap": true, - "peer": true, - "dependencies": { - "accept": "3.x.x", - "ammo": "3.x.x", - "boom": "7.x.x", - "bounce": "1.x.x", - "call": "5.x.x", - "catbox": "10.x.x", - "catbox-memory": "4.x.x", - "heavy": "6.x.x", - "hoek": "6.x.x", - "joi": "14.x.x", - "mimos": "4.x.x", - "podium": "3.x.x", - "shot": "4.x.x", - "somever": "2.x.x", - "statehood": "6.x.x", - "subtext": "6.x.x", - "teamwork": "3.x.x", - "topo": "3.x.x" - } - }, - "node_modules/hapi-auth-basic": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/hapi-auth-basic/-/hapi-auth-basic-5.0.0.tgz", - "integrity": "sha512-4ceLge/CYBtEAvfnbwBPPck2wb9O7wksaeSOF0C1lp8GX2IuIm8BqtZtvDGLhqNH5j3ztP4im/TfCj3oYQ9bgA==", - "deprecated": "This module has moved and is now available at @hapi/basic. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.", - "dependencies": { - "boom": "7.x.x", - "hoek": "5.x.x" - }, - "engines": { - "node": ">=8.9.0" - }, - "peerDependencies": { - "hapi": ">=17.x.x" - } - }, "node_modules/hapi-auth-bearer-token": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/hapi-auth-bearer-token/-/hapi-auth-bearer-token-8.0.0.tgz", @@ -7472,174 +7422,6 @@ "joi": "17.x" } }, - "node_modules/hapi/node_modules/accept": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/accept/-/accept-3.1.3.tgz", - "integrity": "sha512-OgOEAidVEOKPup+Gv2+2wdH2AgVKI9LxsJ4hicdJ6cY0faUuZdZoi56kkXWlHp9qicN1nWQLmW5ZRGk+SBS5xg==", - "peer": true - }, - "node_modules/hapi/node_modules/ammo": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/ammo/-/ammo-3.0.3.tgz", - "integrity": "sha512-vo76VJ44MkUBZL/BzpGXaKzMfroF4ZR6+haRuw9p+eSWfoNaH2AxVc8xmiEPC08jhzJSeM6w7/iMUGet8b4oBQ==", - "peer": true - }, - "node_modules/hapi/node_modules/b64": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/b64/-/b64-4.1.2.tgz", - "integrity": "sha512-+GUspBxlH3CJaxMUGUE1EBoWM6RKgWiYwUDal0qdf8m3ArnXNN1KzKVo5HOnE/FSq4HHyWf3TlHLsZI8PKQgrQ==", - "extraneous": true - }, - "node_modules/hapi/node_modules/boom": { - "version": "7.3.0", - "resolved": "https://registry.npmjs.org/boom/-/boom-7.3.0.tgz", - "integrity": "sha512-Swpoyi2t5+GhOEGw8rEsKvTxFLIDiiKoUc2gsoV6Lyr43LHBIzch3k2MvYUs8RTROrIkVJ3Al0TkaOGjnb+B6A==", - "peer": true - }, - "node_modules/hapi/node_modules/bounce": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/bounce/-/bounce-1.2.3.tgz", - "integrity": "sha512-3G7B8CyBnip5EahCZJjnvQ1HLyArC6P5e+xcolo13BVI9ogFaDOsNMAE7FIWliHtIkYI8/nTRCvCY9tZa3Mu4g==", - "peer": true - }, - "node_modules/hapi/node_modules/bourne": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/bourne/-/bourne-1.1.1.tgz", - "integrity": "sha512-Ou0l3W8+n1FuTOoIfIrCk9oF9WVWc+9fKoAl67XQr9Ws0z7LgILRZ7qtc9xdT4BveSKtnYXfKPgn8pFAqeQRew==", - "extraneous": true - }, - "node_modules/hapi/node_modules/call": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/call/-/call-5.0.3.tgz", - "integrity": "sha512-eX16KHiAYXugbFu6VifstSdwH6aMuWWb4s0qvpq1nR1b+Sf+u68jjttg8ixDBEldPqBi30bDU35OJQWKeTLKxg==", - "peer": true - }, - "node_modules/hapi/node_modules/catbox": { - "version": "10.0.6", - "resolved": "https://registry.npmjs.org/catbox/-/catbox-10.0.6.tgz", - "integrity": "sha512-gQWCnF/jbHcfwGbQ4FQxyRiAwLRipqWTTXjpq7rTqqdcsnZosFa0L3LsCZcPTF33QIeMMkS7QmFBHt6QdzGPvg==", - "peer": true - }, - "node_modules/hapi/node_modules/catbox-memory": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/catbox-memory/-/catbox-memory-4.0.1.tgz", - "integrity": "sha512-ZmqNiLsYCIu9qvBJ/MQbznDV2bFH5gFiH67TgIJgSSffJFtTXArT+MM3AvJQlby9NSkLHOX4eH/uuUqnch/Ldw==", - "peer": true - }, - "node_modules/hapi/node_modules/content": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/content/-/content-4.0.6.tgz", - "integrity": "sha512-lR9ND3dXiMdmsE84K6l02rMdgiBVmtYWu1Vr/gfSGHcIcznBj2QxmSdUgDuNFOA+G9yrb1IIWkZ7aKtB6hDGyA==", - "extraneous": true - }, - "node_modules/hapi/node_modules/cryptiles": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-4.1.3.tgz", - "integrity": "sha512-gT9nyTMSUC1JnziQpPbxKGBbUg8VL7Zn2NB4E1cJYvuXdElHrwxrV9bmltZGDzet45zSDGyYceueke1TjynGzw==", - "extraneous": true - }, - "node_modules/hapi/node_modules/heavy": { - "version": "6.1.2", - "resolved": "https://registry.npmjs.org/heavy/-/heavy-6.1.2.tgz", - "integrity": "sha512-cJp884bqhiebNcEHydW0g6V1MUGYOXRPw9c7MFiHQnuGxtbWuSZpsbojwb2kxb3AA1/Rfs8CNiV9MMOF8pFRDg==", - "peer": true - }, - "node_modules/hapi/node_modules/hoek": { - "version": "6.1.2", - "resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.2.tgz", - "integrity": "sha512-6qhh/wahGYZHFSFw12tBbJw5fsAhhwrrG/y3Cs0YMTv2WzMnL0oLPnQJjv1QJvEfylRSOFuP+xCu+tdx0tD16Q==", - "peer": true - }, - "node_modules/hapi/node_modules/iron": { - "version": "5.0.6", - "resolved": "https://registry.npmjs.org/iron/-/iron-5.0.6.tgz", - "integrity": "sha512-zYUMOSkEXGBdwlV/AXF9zJC0aLuTJUKHkGeYS5I2g225M5i6SrxQyGJGhPgOR8BK1omL6N5i6TcwfsXbP8/Exw==", - "extraneous": true - }, - "node_modules/hapi/node_modules/joi": { - "version": "14.3.1", - "resolved": "https://registry.npmjs.org/joi/-/joi-14.3.1.tgz", - "integrity": "sha512-LQDdM+pkOrpAn4Lp+neNIFV3axv1Vna3j38bisbQhETPMANYRbFJFUyOZcOClYvM/hppMhGWuKSFEK9vjrB+bQ==", - "peer": true - }, - "node_modules/hapi/node_modules/mime-db": { - "version": "1.37.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.37.0.tgz", - "integrity": "sha512-R3C4db6bgQhlIhPU48fUtdVmKnflq+hRdad7IyKhtFj06VPNVdk2RhiYL3UjQIlso8L+YxAtFkobT0VK+S/ybg==", - "extraneous": true - }, - "node_modules/hapi/node_modules/mimos": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/mimos/-/mimos-4.0.2.tgz", - "integrity": "sha512-5XBsDqBqzSN88XPPH/TFpOalWOjHJM5Z2d3AMx/30iq+qXvYKd/8MPhqBwZDOLtoaIWInR3nLzMQcxfGK9djXA==", - "peer": true - }, - "node_modules/hapi/node_modules/nigel": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/nigel/-/nigel-3.0.4.tgz", - "integrity": "sha512-3SZCCS/duVDGxFpTROHEieC+itDo4UqL9JNUyQJv3rljudQbK6aqus5B4470OxhESPJLN93Qqxg16rH7DUjbfQ==", - "extraneous": true - }, - "node_modules/hapi/node_modules/pez": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/pez/-/pez-4.0.5.tgz", - "integrity": "sha512-HvL8uiFIlkXbx/qw4B8jKDCWzo7Pnnd65Uvanf9OOCtb20MRcb9gtTVBf9NCnhETif1/nzbDHIjAWC/sUp7LIQ==", - "extraneous": true - }, - "node_modules/hapi/node_modules/podium": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/podium/-/podium-3.2.0.tgz", - "integrity": "sha512-rbwvxwVkI6gRRlxZQ1zUeafrpGxZ7QPHIheinehAvGATvGIPfWRkaTeWedc5P4YjXJXEV8ZbBxPtglNylF9hjw==", - "peer": true - }, - "node_modules/hapi/node_modules/shot": { - "version": "4.0.7", - "resolved": "https://registry.npmjs.org/shot/-/shot-4.0.7.tgz", - "integrity": "sha512-RKaKAGKxJ11EjJl0cf2fYVSsd4KB5Cncb9J0v7w+0iIaXpxNqFWTYNDNhBX7f0XSyDrjOH9a4OWZ9Gp/ZML+ew==", - "peer": true - }, - "node_modules/hapi/node_modules/somever": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/somever/-/somever-2.0.0.tgz", - "integrity": "sha512-9JaIPP+HxwYGqCDqqK3tRaTqdtQHoK6Qy3IrXhIt2q5x8fs8RcfU7BMWlFTCOgFazK8p88zIv1tHQXvAwtXMyw==", - "peer": true - }, - "node_modules/hapi/node_modules/statehood": { - "version": "6.0.9", - "resolved": "https://registry.npmjs.org/statehood/-/statehood-6.0.9.tgz", - "integrity": "sha512-jbFg1+MYEqfC7ABAoWZoeF4cQUtp3LUvMDUGExL76cMmleBHG7I6xlZFsE8hRi7nEySIvutHmVlLmBe9+2R5LQ==", - "peer": true - }, - "node_modules/hapi/node_modules/subtext": { - "version": "6.0.12", - "resolved": "https://registry.npmjs.org/subtext/-/subtext-6.0.12.tgz", - "integrity": "sha512-yT1wCDWVgqvL9BIkWzWqgj5spUSYo/Enu09iUV8t2ZvHcr2tKGTGg2kc9tUpVEsdhp1ihsZeTAiDqh0TQciTPQ==", - "peer": true - }, - "node_modules/hapi/node_modules/teamwork": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/teamwork/-/teamwork-3.0.3.tgz", - "integrity": "sha512-OCB56z+G70iA1A1OFoT+51TPzfcgN0ks75uN3yhxA+EU66WTz2BevNDK4YzMqfaL5tuAvxy4iFUn35/u8pxMaQ==", - "peer": true - }, - "node_modules/hapi/node_modules/topo": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/topo/-/topo-3.0.3.tgz", - "integrity": "sha512-IgpPtvD4kjrJ7CRA3ov2FhWQADwv+Tdqbsf1ZnPUSAtCJ9e1Z44MmoSGDXGk4IppoZA7jd/QRkNddlLJWlUZsQ==", - "peer": true - }, - "node_modules/hapi/node_modules/vise": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/vise/-/vise-3.0.2.tgz", - "integrity": "sha512-X52VtdRQbSBXdjcazRiY3eRgV3vTQ0B+7Wh8uC9cVv7lKfML5m9+9NHlbcgCY0R9EAqD1v/v7o9mhGh2A3ANFg==", - "extraneous": true - }, - "node_modules/hapi/node_modules/wreck": { - "version": "14.1.3", - "resolved": "https://registry.npmjs.org/wreck/-/wreck-14.1.3.tgz", - "integrity": "sha512-hb/BUtjX3ObbwO3slCOLCenQ4EP8e+n8j6FmTne3VhEFp5XV1faSJojiyxVSvw34vgdeTG5baLTl4NmjwokLlw==", - "extraneous": true - }, "node_modules/har-schema": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz", @@ -7842,15 +7624,6 @@ "integrity": "sha512-FK1vmMj8BbEipEy8DLIvp71t5UsC7n2D6En/UfM/91PCwmOpj6f2iu0Y0coRC62KSRHHC+dquM2xMULV/X7NFg==", "deprecated": "Use the 'highlight.js' package instead https://npm.im/highlight.js" }, - "node_modules/hoek": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/hoek/-/hoek-5.0.4.tgz", - "integrity": "sha512-Alr4ZQgoMlnere5FZJsIyfIjORBqZll5POhDsF4q64dPuJR6rNxXdDxtHSQq8OXRurhmx+PWYEE8bXRROY8h0w==", - "deprecated": "This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).", - "engines": { - "node": ">=8.9.0" - } - }, "node_modules/hosted-git-info": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-5.2.1.tgz", diff --git a/package.json b/package.json index 88ebedcec..12b14c770 100644 --- a/package.json +++ b/package.json @@ -81,6 +81,7 @@ "dependencies": { "@hapi/good": "9.0.1", "@hapi/hapi": "21.3.9", + "@hapi/basic": "7.0.2", "@hapi/inert": "7.1.0", "@hapi/joi": "17.1.1", "@hapi/vision": "7.0.3", @@ -96,7 +97,7 @@ "@mojaloop/ml-number": "11.2.4", "@mojaloop/object-store-lib": "12.0.3", "@now-ims/hapi-now-auth": "2.1.0", - "ajv": "8.15.0", + "ajv": "8.16.0", "ajv-keywords": "5.1.0", "base64url": "3.0.1", "blipp": "4.0.2", @@ -107,7 +108,6 @@ "event-stream": "4.0.1", "five-bells-condition": "5.0.1", "glob": "10.4.1", - "hapi-auth-basic": "5.0.0", "hapi-auth-bearer-token": "8.0.0", "hapi-swagger": "17.2.1", "ilp-packet": "2.2.0", @@ -143,9 +143,10 @@ }, "overrides": { "shins": { - "ejs": "3.1.10", - "sanitize-html": "2.12.1", - "@hapi/hoek": "9.3.0" + "ejs": "^3.1.10", + "sanitize-html": "^2.12.1", + "jsonpointer": "^5.0.0", + "jsonwebtoken": "^9.0.0" } }, "config": { diff --git a/src/shared/plugins.js b/src/shared/plugins.js index 2a7570479..9717dec5e 100644 --- a/src/shared/plugins.js +++ b/src/shared/plugins.js @@ -28,7 +28,7 @@ const registerPlugins = async (server) => { }) await server.register({ - plugin: require('hapi-auth-basic') + plugin: require('@hapi/basic') }) await server.register({