Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(security): upgrade fabric 2.x deps to 2.2.18 #2610

Closed
petermetz opened this issue Aug 12, 2023 · 0 comments · Fixed by #2611
Closed

fix(security): upgrade fabric 2.x deps to 2.2.18 #2610

petermetz opened this issue Aug 12, 2023 · 0 comments · Fixed by #2611
Assignees
Labels
bug Something isn't working dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities

Comments

@petermetz
Copy link
Contributor

In order to partially fix this problem with older versions of nconf we need to perform
a minor upgrade for fabric 2.2.x npm dependencies.

The complete solution will be to also completely eliminate Fabric 1.4.x usage
but another issue already covers that.

https://github.com/hyperledger/cacti/security/dependabot/131

@petermetz petermetz added bug Something isn't working dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Aug 12, 2023
@petermetz petermetz self-assigned this Aug 12, 2023
@petermetz petermetz added this to the v2.0.0-alpha.2 milestone Aug 12, 2023
petermetz added a commit to petermetz/cacti that referenced this issue Aug 12, 2023
Also performed a snapshot upgrade where needed.

Fixes hyperledger-cacti#2610

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Aug 17, 2023
Also performed a snapshot upgrade where needed.

Fixes hyperledger-cacti#2610

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Aug 17, 2023
Also performed a snapshot upgrade where needed.

Fixes hyperledger-cacti#2610

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Aug 18, 2023
Also performed a snapshot upgrade where needed.

Fixes #2610

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
Also performed a snapshot upgrade where needed.

Fixes hyperledger-cacti#2610

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant