v15.0.1 Release

15.0.1 (2022-06-09)

Bug Fixes

• dockerfile typo fix (938bf65)

v15.0.0 Release

15.0.0 (2022-06-09)

⚠ BREAKING CHANGES

• Major version bump for node v16 LTS support, re-structuring of project directories to align to core Mojaloop repositories and docker image now uses /opt/app instead of /opt/quoting-service which will impact config mounts.

Features

• upgrade to node LTS v16 (#302) (bc11b7c), closes mojaloop/#2767
• mojaloop/#2704: core-services support for non-breaking backward api compatibility (#295) (812b75d), closes mojaloop/#2704
• mojaloop/#2535: fspiop api version negotiation not handled by quoting service (#289) (#290) (d4d48c1), closes mojaloop/#2535
• mojaloop/#2535: fspiop api version negotiation not handled by quoting service (#289) (737c7b4), closes mojaloop/#2535
• mojaloop/#2439: quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (#280) (b0c2cdc), closes mojaloop/#2439

v14.0.0 Release

14.0.0 (2022-03-04)

⚠ BREAKING CHANGES

• mojaloop/#2704: - Config PROTOCOL_VERSIONS.CONTENT has now been modified to support backward compatibility for minor versions (i.e. v1.0 & 1.1) as follows:

  "PROTOCOL_VERSIONS": {
    "CONTENT": "1.1", <-- used when generating messages from the "SWITCH", and validate incoming FSPIOP API requests/callbacks CONTENT-TYPE headers
    "ACCEPT": {
      "DEFAULT": "1", <-- used when generating messages from the "SWITCH"
      "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks ACCEPT headers
        "1",
        "1.0",
        "1.1"
      ]
    }
  },

to be consistent with the ACCEPT structure as follows:

  "PROTOCOL_VERSIONS": {
    "CONTENT": {
      "DEFAULT": "1.1", <-- used when generating messages from the "SWITCH"
      "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks CONTENT-TYPE headers
        "1.1",
        "1.0"
      ]
    },
    "ACCEPT": {
      "DEFAULT": "1", <-- used when generating messages from the "SWITCH"
      "VALIDATELIST": [ <-- used to validate incoming FSPIOP API requests/callbacks ACCEPT headers
        "1",
        "1.0",
        "1.1"
      ]
    }
  },

Features

• merge mowali branch (#286) (f92299b), closes #100 #101 #102 #127
• mojaloop/#2704: core-services support for non-breaking backward api compatibility (#295) (812b75d), closes mojaloop/#2704 mojaloop/#2704

Bug Fixes

• #2704 core services support for non breaking backward api compatibility (#297) (acf48a5)

v11.0.3-snapshot Release

This release is a fix for knex timeout issue on top of release v11.0.2-snapshot
https://modusbox.atlassian.net/browse/MES-896

v13.0.1 Release

13.0.1 (2021-11-16)

Bug Fixes

• mojaloop/#2535: fspiop api version negotiation not handled by quoting service (#289) (#290) (d4d48c1), closes mojaloop/#2535 mojaloop/#2535

v13.0.0 Release

13.0.0 (2021-11-05)

⚠ BREAKING CHANGES

• mojaloop/#2535: Forcing a major version change for awareness of the config changes. The LIB_RESOURCE_VERSIONS env var is now deprecated, and this is now also controlled by the PROTOCOL_VERSIONS config in the default.json. This has been done for consistency between all API services going forward and unifies the config for both inbound and outbound Protocol API validation/transformation features.

Bug Fixes

• mojaloop/#2535: fspiop api version negotiation not handled by quoting service (#289) (737c7b4), closes mojaloop/#2535 mojaloop/#2535

v12.0.10 Release

12.0.10 (2021-09-01)

v12.0.9 Release

12.0.9 (2021-09-01)

Bug Fixes

• circleci slack webhook typo fix (#282) (3e6ac84)

v12.0.8 Release

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

12.0.8 (2021-09-01)

Bug Fixes

• mojaloop/#2439: quoting-service-model.validatequoterequest-doesnt-perform-correct-validation (#280) (b0c2cdc), closes mojaloop/#2439 mojaloop/#2439
• updated circleci config to use the SHA1 hash of the last commit of the current build (#281) (9ee10d7)

v12.0.7 Release

• fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings
  • Updated regex to match \w (used by the Mojaloop Specification) based on mappings to the ECMAScript regex specification.
  • Added unit test for post quotes endpoint with additional asian (Myanmar) unicode characters added to middleName
  • Bump to patch version
  • Updated dependencies to the latest version
  • Fixed audit-resolve issues:

--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
 vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
 vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fixed

--------------------------------------------------
 yargs-parser needs your attention.

[ low ] Prototype Pollution
 vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
 - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser

Outcome: Ignored for a week

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

Outcome: Ignored for a week