From d28d5e8f3ed5dff1aa049c8f1bccce79aa21e948 Mon Sep 17 00:00:00 2001 From: aldousalvarez Date: Wed, 29 Mar 2023 11:25:05 +0800 Subject: [PATCH] fix(cactus-example-supply-chain-app): mitigate CVE-2022-24434 and CVE-2022-24999 Fixes #2041 These changes will fixx the following vulnerabilities with their CVE IDs: - CVE-2022-24434 - CVE-2022-24999 (express) - CVE-2022-24999 (qs) Signed-off-by: aldousalvarez Signed-off-by: Peter Somogyvari --- examples/cactus-example-supply-chain-backend/package.json | 2 +- .../package.json | 2 +- examples/cactus-example-supply-chain-frontend/package.json | 2 +- packages/cactus-cmd-api-server/package.json | 6 +++--- packages/cactus-plugin-consortium-manual/package.json | 2 +- packages/cactus-plugin-keychain-memory/package.json | 2 +- packages/cactus-plugin-ledger-connector-fabric/package.json | 4 ++-- packages/cactus-plugin-ledger-connector-quorum/package.json | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/cactus-example-supply-chain-backend/package.json b/examples/cactus-example-supply-chain-backend/package.json index 63bec1a943..48b149d50c 100644 --- a/examples/cactus-example-supply-chain-backend/package.json +++ b/examples/cactus-example-supply-chain-backend/package.json @@ -66,7 +66,7 @@ "async-exit-hook": "2.0.1", "axios": "0.21.4", "dotenv": "16.0.0", - "express": "4.17.1", + "express": "4.17.3", "fabric-network": "2.2.10", "jose": "4.9.2", "openapi-types": "9.1.0", diff --git a/examples/cactus-example-supply-chain-business-logic-plugin/package.json b/examples/cactus-example-supply-chain-business-logic-plugin/package.json index a6adb9b745..8124884693 100644 --- a/examples/cactus-example-supply-chain-business-logic-plugin/package.json +++ b/examples/cactus-example-supply-chain-business-logic-plugin/package.json @@ -64,7 +64,7 @@ "@hyperledger/cactus-plugin-ledger-connector-quorum": "1.2.0", "async-exit-hook": "2.0.1", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "openapi-types": "9.1.0", "typescript-optional": "2.0.1", "uuid": "8.3.2" diff --git a/examples/cactus-example-supply-chain-frontend/package.json b/examples/cactus-example-supply-chain-frontend/package.json index 992dfc03e1..6f71e05f40 100644 --- a/examples/cactus-example-supply-chain-frontend/package.json +++ b/examples/cactus-example-supply-chain-frontend/package.json @@ -72,7 +72,7 @@ }, "devDependencies": { "@angular-builders/custom-webpack": "13.1.0", - "@angular-devkit/build-angular": "13.3.5", + "@angular-devkit/build-angular": "14.0.0", "@angular/cli": "13.3.5", "@angular/compiler": "13.3.7", "@angular/compiler-cli": "13.3.7", diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json index 0746394003..48212aee42 100644 --- a/packages/cactus-cmd-api-server/package.json +++ b/packages/cactus-cmd-api-server/package.json @@ -65,16 +65,16 @@ "async-exit-hook": "2.0.1", "axios": "0.21.4", "bluebird": "3.7.2", - "body-parser": "1.19.0", + "body-parser": "1.20.1", "compression": "1.7.4", "convict": "6.2.4", "convict-format-with-validator": "6.2.0", "cors": "2.8.5", - "express": "4.17.1", + "express": "4.17.3", "express-http-proxy": "1.6.2", "express-jwt": "6.0.0", "express-openapi-validator": "4.12.12", - "express-rate-limit": "6.3.0", + "express-rate-limit": "6.7.0", "fs-extra": "10.0.0", "google-protobuf": "3.18.0-rc.2", "jose": "4.9.2", diff --git a/packages/cactus-plugin-consortium-manual/package.json b/packages/cactus-plugin-consortium-manual/package.json index 92e042942d..a53fe81bc6 100644 --- a/packages/cactus-plugin-consortium-manual/package.json +++ b/packages/cactus-plugin-consortium-manual/package.json @@ -58,7 +58,7 @@ "@hyperledger/cactus-core-api": "1.2.0", "axios": "0.21.4", "body-parser": "1.19.0", - "express": "4.17.1", + "express": "4.17.3", "jose": "4.9.2", "json-stable-stringify": "1.0.1", "prom-client": "13.2.0", diff --git a/packages/cactus-plugin-keychain-memory/package.json b/packages/cactus-plugin-keychain-memory/package.json index 3bba12db3f..0e9f7fa809 100644 --- a/packages/cactus-plugin-keychain-memory/package.json +++ b/packages/cactus-plugin-keychain-memory/package.json @@ -57,7 +57,7 @@ "@hyperledger/cactus-core": "1.2.0", "@hyperledger/cactus-core-api": "1.2.0", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "prom-client": "13.2.0", "uuid": "8.3.2" }, diff --git a/packages/cactus-plugin-ledger-connector-fabric/package.json b/packages/cactus-plugin-ledger-connector-fabric/package.json index a81a0d4906..315549f38e 100644 --- a/packages/cactus-plugin-ledger-connector-fabric/package.json +++ b/packages/cactus-plugin-ledger-connector-fabric/package.json @@ -60,7 +60,7 @@ "axios": "0.21.4", "bl": "5.0.0", "bn.js": "4.12.0", - "express": "4.17.1", + "express": "4.17.3", "fabric-ca-client": "2.5.0-snapshot.8", "fabric-common": "2.5.0-snapshot.8", "fabric-network": "2.5.0-snapshot.8", @@ -69,7 +69,7 @@ "form-data": "4.0.0", "http-status-codes": "2.1.4", "jsrsasign": "10.5.25", - "multer": "1.4.3", + "multer": "1.4.5-lts.1", "ngo": "2.7.0", "node-ssh": "12.0.0", "node-vault": "0.9.22", diff --git a/packages/cactus-plugin-ledger-connector-quorum/package.json b/packages/cactus-plugin-ledger-connector-quorum/package.json index 252c32b00d..a386d2dade 100644 --- a/packages/cactus-plugin-ledger-connector-quorum/package.json +++ b/packages/cactus-plugin-ledger-connector-quorum/package.json @@ -57,7 +57,7 @@ "@hyperledger/cactus-core": "1.2.0", "@hyperledger/cactus-core-api": "1.2.0", "axios": "0.21.4", - "express": "4.17.1", + "express": "4.17.3", "prom-client": "13.2.0", "run-time-error": "1.4.0", "rxjs": "7.3.0",