fix(security): vulnerabilities found in cactus-example-supply-chain-app

Fixes hyperledger-cacti#2041 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez · Dec 23, 2022 · c5cd121 · c5cd121
1 parent 6c62de4
commit c5cd121
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 13 deletions.
diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml
@@ -1,6 +1,11 @@
 general:
  vulnerabilities:
  #besu-all-in-one
+ - CVE-2022-37734
+ - CVE-2022-25857
 
- -CVE-2022-37734
- -CVE-2022-25857
+ #cactus-example-supply-chain-app
+ - CVE-2022-24434
+ - CVE-2022-24999 #express
+ - CVE-2022-24999 #qs
+ - CVE-2022-2421
diff --git a/examples/cactus-example-supply-chain-backend/package.json b/examples/cactus-example-supply-chain-backend/package.json
@@ -66,7 +66,7 @@
  "async-exit-hook": "2.0.1",
  "axios": "0.21.4",
  "dotenv": "16.0.0",
- "express": "4.17.1",
+ "express": "4.17.3",
  "fabric-network": "2.2.10",
  "jose": "4.9.2",
  "openapi-types": "9.1.0",

diff --git a/examples/cactus-example-supply-chain-business-logic-plugin/package.json b/examples/cactus-example-supply-chain-business-logic-plugin/package.json
@@ -64,7 +64,7 @@
  "@hyperledger/cactus-plugin-ledger-connector-quorum": "1.1.3",
  "async-exit-hook": "2.0.1",
  "axios": "0.21.4",
- "express": "4.17.1",
+ "express": "4.17.3",
  "openapi-types": "9.1.0",
  "typescript-optional": "2.0.1",
  "uuid": "8.3.2"

diff --git a/examples/cactus-example-supply-chain-frontend/package.json b/examples/cactus-example-supply-chain-frontend/package.json
@@ -72,7 +72,7 @@
  },
  "devDependencies": {
  "@angular-builders/custom-webpack": "13.1.0",
- "@angular-devkit/build-angular": "13.3.5",
+ "@angular-devkit/build-angular": "14.0.0",
  "@angular/cli": "13.3.5",
  "@angular/compiler": "13.3.7",
  "@angular/compiler-cli": "13.3.7",

diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json
@@ -65,16 +65,16 @@
  "async-exit-hook": "2.0.1",
  "axios": "0.21.4",
  "bluebird": "3.7.2",
- "body-parser": "1.19.0",
+ "body-parser": "1.20.1",
  "compression": "1.7.4",
  "convict": "6.2.3",
  "convict-format-with-validator": "6.2.0",
  "cors": "2.8.5",
- "express": "4.17.1",
+ "express": "4.17.3",
  "express-http-proxy": "1.6.2",
  "express-jwt": "6.0.0",
  "express-openapi-validator": "4.12.12",
- "express-rate-limit": "6.3.0",
+ "express-rate-limit": "6.7.0",
  "fs-extra": "10.0.0",
  "google-protobuf": "3.18.0-rc.2",
  "jose": "4.9.2",

diff --git a/packages/cactus-plugin-consortium-manual/package.json b/packages/cactus-plugin-consortium-manual/package.json
@@ -58,7 +58,7 @@
  "@hyperledger/cactus-core-api": "1.1.3",
  "axios": "0.21.4",
  "body-parser": "1.19.0",
- "express": "4.17.1",
+ "express": "4.17.3",
  "jose": "4.9.2",
  "json-stable-stringify": "1.0.1",
  "prom-client": "13.2.0",

diff --git a/packages/cactus-plugin-keychain-memory/package.json b/packages/cactus-plugin-keychain-memory/package.json
@@ -57,7 +57,7 @@
  "@hyperledger/cactus-core": "1.1.3",
  "@hyperledger/cactus-core-api": "1.1.3",
  "axios": "0.21.4",
- "express": "4.17.1",
+ "express": "4.17.3",
  "prom-client": "13.2.0",
  "uuid": "8.3.2"
  },

diff --git a/packages/cactus-plugin-ledger-connector-fabric/package.json b/packages/cactus-plugin-ledger-connector-fabric/package.json
@@ -60,7 +60,7 @@
  "axios": "0.21.4",
  "bl": "5.0.0",
  "bn.js": "4.12.0",
- "express": "4.17.1",
+ "express": "4.17.3",
  "fabric-ca-client": "2.5.0-snapshot.8",
  "fabric-common": "2.5.0-snapshot.8",
  "fabric-network": "2.5.0-snapshot.8",
@@ -69,7 +69,7 @@
  "form-data": "4.0.0",
  "http-status-codes": "2.1.4",
  "jsrsasign": "10.5.25",
- "multer": "1.4.3",
+ "multer": "1.4.5-lts.1",
  "ngo": "2.7.0",
  "node-ssh": "12.0.0",
  "node-vault": "0.9.22",

diff --git a/packages/cactus-plugin-ledger-connector-quorum/package.json b/packages/cactus-plugin-ledger-connector-quorum/package.json
@@ -57,7 +57,7 @@
  "@hyperledger/cactus-core": "1.1.3",
  "@hyperledger/cactus-core-api": "1.1.3",
  "axios": "0.21.4",
- "express": "4.17.1",
+ "express": "4.17.3",
  "prom-client": "13.2.0",
  "run-time-error": "1.4.0",
  "rxjs": "7.3.0",