From 025e7883aea561fc96613af426ee319b189335c7 Mon Sep 17 00:00:00 2001 From: aldousalvarez Date: Fri, 23 Dec 2022 18:40:17 +0800 Subject: [PATCH] fix(security): vulnerabilities found in cactus-example-supply-chain-app Fixes #2041 Signed-off-by: aldousalvarez --- .github/containerscan/allowedlist.yaml | 4 ++-- examples/cactus-example-supply-chain-backend/package.json | 2 +- .../package.json | 2 +- examples/cactus-example-supply-chain-frontend/package.json | 2 +- packages/cactus-cmd-api-server/package.json | 6 +++--- packages/cactus-plugin-consortium-manual/package.json | 2 +- packages/cactus-plugin-keychain-memory/package.json | 2 +- packages/cactus-plugin-ledger-connector-fabric/package.json | 4 ++-- packages/cactus-plugin-ledger-connector-quorum/package.json | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml index ecb29320e93..27f390b11de 100644 --- a/.github/containerscan/allowedlist.yaml +++ b/.github/containerscan/allowedlist.yaml @@ -1,6 +1,6 @@ general: vulnerabilities: #besu-all-in-one + - CVE-2022-37734 + - CVE-2022-25857 - -CVE-2022-37734 - -CVE-2022-25857 diff --git a/examples/cactus-example-supply-chain-backend/package.json b/examples/cactus-example-supply-chain-backend/package.json index a625436edfb..db22a3187ab 100644 --- a/examples/cactus-example-supply-chain-backend/package.json +++ b/examples/cactus-example-supply-chain-backend/package.json @@ -66,7 +66,7 @@ "async-exit-hook": "2.0.1", "axios": "0.21.4", "dotenv": "16.0.0", - "express": "4.17.1", + "express": "4.17.3", "fabric-network": "2.2.10", "jose": "4.9.2", "openapi-types": "9.1.0", diff --git a/examples/cactus-example-supply-chain-business-logic-plugin/package.json b/examples/cactus-example-supply-chain-business-logic-plugin/package.json index ceff346739c..bbee77f3cf2 100644 --- a/examples/cactus-example-supply-chain-business-logic-plugin/package.json +++ b/examples/cactus-example-supply-chain-business-logic-plugin/package.json @@ -64,7 +64,7 @@ "@hyperledger/cactus-plugin-ledger-connector-quorum": "1.1.3", "async-exit-hook": "2.0.1", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "openapi-types": "9.1.0", "typescript-optional": "2.0.1", "uuid": "8.3.2" diff --git a/examples/cactus-example-supply-chain-frontend/package.json b/examples/cactus-example-supply-chain-frontend/package.json index 3e9d0bbb400..bdec29ba571 100644 --- a/examples/cactus-example-supply-chain-frontend/package.json +++ b/examples/cactus-example-supply-chain-frontend/package.json @@ -72,7 +72,7 @@ }, "devDependencies": { "@angular-builders/custom-webpack": "13.1.0", - "@angular-devkit/build-angular": "13.3.5", + "@angular-devkit/build-angular": "14.0.0", "@angular/cli": "13.3.5", "@angular/compiler": "13.3.7", "@angular/compiler-cli": "13.3.7", diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json index 3b274bfc571..76b218468d9 100644 --- a/packages/cactus-cmd-api-server/package.json +++ b/packages/cactus-cmd-api-server/package.json @@ -65,16 +65,16 @@ "async-exit-hook": "2.0.1", "axios": "0.21.4", "bluebird": "3.7.2", - "body-parser": "1.19.0", + "body-parser": "1.20.1", "compression": "1.7.4", "convict": "6.2.3", "convict-format-with-validator": "6.2.0", "cors": "2.8.5", - "express": "4.17.1", + "express": "4.17.3", "express-http-proxy": "1.6.2", "express-jwt": "6.0.0", "express-openapi-validator": "4.12.12", - "express-rate-limit": "6.3.0", + "express-rate-limit": "6.7.0", "fs-extra": "10.0.0", "google-protobuf": "3.18.0-rc.2", "jose": "4.9.2", diff --git a/packages/cactus-plugin-consortium-manual/package.json b/packages/cactus-plugin-consortium-manual/package.json index d68f9c091b0..f96cbdbe2f7 100644 --- a/packages/cactus-plugin-consortium-manual/package.json +++ b/packages/cactus-plugin-consortium-manual/package.json @@ -58,7 +58,7 @@ "@hyperledger/cactus-core-api": "1.1.3", "axios": "0.21.4", "body-parser": "1.19.0", - "express": "4.17.1", + "express": "4.17.3", "jose": "4.9.2", "json-stable-stringify": "1.0.1", "prom-client": "13.2.0", diff --git a/packages/cactus-plugin-keychain-memory/package.json b/packages/cactus-plugin-keychain-memory/package.json index 3f25d8c341d..1bc8c72c8cc 100644 --- a/packages/cactus-plugin-keychain-memory/package.json +++ b/packages/cactus-plugin-keychain-memory/package.json @@ -57,7 +57,7 @@ "@hyperledger/cactus-core": "1.1.3", "@hyperledger/cactus-core-api": "1.1.3", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "prom-client": "13.2.0", "uuid": "8.3.2" }, diff --git a/packages/cactus-plugin-ledger-connector-fabric/package.json b/packages/cactus-plugin-ledger-connector-fabric/package.json index 78e899b2164..c9a6199f446 100644 --- a/packages/cactus-plugin-ledger-connector-fabric/package.json +++ b/packages/cactus-plugin-ledger-connector-fabric/package.json @@ -60,7 +60,7 @@ "axios": "0.21.4", "bl": "5.0.0", "bn.js": "4.12.0", - "express": "4.17.1", + "express": "4.17.3", "fabric-ca-client": "2.5.0-snapshot.8", "fabric-common": "2.5.0-snapshot.8", "fabric-network": "2.5.0-snapshot.8", @@ -69,7 +69,7 @@ "form-data": "4.0.0", "http-status-codes": "2.1.4", "jsrsasign": "10.5.25", - "multer": "1.4.3", + "multer": "1.4.5-lts.1", "ngo": "2.7.0", "node-ssh": "12.0.0", "node-vault": "0.9.22", diff --git a/packages/cactus-plugin-ledger-connector-quorum/package.json b/packages/cactus-plugin-ledger-connector-quorum/package.json index 1fea60b146e..d3996c3d777 100644 --- a/packages/cactus-plugin-ledger-connector-quorum/package.json +++ b/packages/cactus-plugin-ledger-connector-quorum/package.json @@ -57,7 +57,7 @@ "@hyperledger/cactus-core": "1.1.3", "@hyperledger/cactus-core-api": "1.1.3", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "prom-client": "13.2.0", "run-time-error": "1.4.0", "rxjs": "7.3.0",