chore: fix TS build, security updates, and CI config#30
Merged
Conversation
- Fix TypeScript compilation errors in HttpServer.ts: cast Hapi Request.headers to Headers type (Record<string, string>) to resolve incompatibility with @hapi/hapi's Record<string, string | string[] | undefined> - Update dependencies via ncu (sdk-standard-components 19.18.8, axios 1.13.5, typescript-eslint 8.56.1, npm-check-updates 19.5.0, and others) - Add npm overrides: axios 1.13.5, fast-xml-parser 5.3.6, cross-spawn 7.0.6, undici 6.23.0, lodash 4.17.23, qs 6.14.2 - Update Dockerfile ARG NODE_VERSION to 22.22.0-alpine3.23 - Update .nvmrc to 22.22.0 - Update CircleCI orb mojaloop/build 1.1.10 → 1.1.16 - Add scan-type: source to .grype.yaml (prevents CI grype image scan failure) - Clean .grype.yaml: remove stale entries, add current base image ignores - Clean audit-ci.jsonc: 14 entries → 3 (ajv, minimatch, lodash-es) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gibaros
requested review from
bushjames,
elnyry-sam-k,
geka-evk,
shashi165 and
vijayg10
as code owners
glob@10.4.5 is bundled in the Node.js base image npm and cannot be fixed via application dependencies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Orb version 1.1.16 has a bug where the Grype scan job requires only Setup instead of Build, causing it to fail because the Docker image hasn't been built yet. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Author
|
Regarding the code changes, they are required due to: A breaking change on the patch update to @hapi/hapi PR #4562 by damusix, titled "fix: auth typings and reduced type The PR description says: "Remove ambiguous types" — which is exactly The exact diff in lib/types/request.d.ts The key change (v21.4.4...v21.4.5 comparison):
export interface RequestQuery {
Why it's breaking
This is a narrowing of a public type contract in a patch release, Links
|
…rrides Add version-specific npm overrides for vulnerable minimatch versions: - minimatch@3.0.5 → 3.1.5 - minimatch@5.1.6 → 5.1.9 Remove GHSA-3ppc-4f35-3m26 from audit-ci.jsonc allowlist (now patched). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
HttpServer.ts— cast HapiRequest.headers(Record<string, string | string[] | undefined>) toHeaders(Record<string, string>) at lines 112 and 129ARG NODE_VERSIONto22.22.0-alpine3.23.nvmrcto22.22.0mojaloop/buildfrom1.1.10to1.1.16scan-type: sourceto.grype.yaml(prevents grype image scan CI failure when Docker tar not available).grype.yaml: remove stale entries (glob, old zlib), add current base image ignores (tar, minimatch, diff, busybox, zlib)audit-ci.jsonc: 14 entries → 3 (only unfixable: ajv, minimatch, lodash-es)Test plan
npm run build) succeeds — no more TS2345 errorsnpx audit-ci --config ./audit-ci.jsoncpassesnpm run dep:checkshows all dependencies up to datescan-type: source22.22.0-alpine3.23🤖 Generated with Claude Code