nexmo: update to 3.x

[josephjclark]

Version 2.x of the nexmo adaptor uses jsonwebtoken 7.4.3, which has as security vulnerability.

We should update to the 3.x version. This is a major version bump so we need to check that signatures are all compatible.

Recommend we make this a minor version bump to the adaptor.

This closes:

• https://github.com/OpenFn/adaptors/security/dependabot/54
• https://github.com/OpenFn/adaptors/security/dependabot/21

[mtuchi]

Nexmo is now called Vonage, and the nodejs package for nexmo is no longer maintained, See mantainance notice here . The new package that needs to replace nexmo is @vonage/server-sdk See vonage-node-sdk here.

I have started to update the adaptor to use vonage-node-sdk but two pending task remain

1. Testing using a vonage sandbox
2. A discussion on the adaptor name, Do we rename nexmo to vonage or keep the name and update our readme ?

[josephjclark]

@mtuchi Looking at this again I can't see where I got nexmo 3.x from 🤔 nexmo npm seems to stop at 2.9.1

We should be able to just update to 2.9.1 (the vulnerability is fixed in 2.6.0, see Vonage/vonage-node-sdk#179).

Don't worry about the other stuff - we'll deal with that when someone asks for a Vonage adaptor 😎