From 2813b75bf5eebb7505ec05817c584324b3b6b149 Mon Sep 17 00:00:00 2001 From: Sandeep Nishad Date: Wed, 16 Aug 2023 11:40:39 +0530 Subject: [PATCH] fix: ejs critical vulnerability CVE-2022-29078 https://nvd.nist.gov/vuln/detail/CVE-2022-29078 Co-authored-by: Peter Somogyvari Signed-off-by: Sandeep Nishad Signed-off-by: Peter Somogyvari --- .../samples/besu/besu-cli/package-local.json | 2 +- weaver/samples/besu/besu-cli/package.json | 2 +- .../fabric/fabric-cli/package-local.json | 2 +- weaver/samples/fabric/fabric-cli/package.json | 2 +- yarn.lock | 43 ++++--------------- 5 files changed, 13 insertions(+), 38 deletions(-) diff --git a/weaver/samples/besu/besu-cli/package-local.json b/weaver/samples/besu/besu-cli/package-local.json index b2fc690729..e63d5c07e2 100644 --- a/weaver/samples/besu/besu-cli/package-local.json +++ b/weaver/samples/besu/besu-cli/package-local.json @@ -34,7 +34,7 @@ "@hyperledger/cacti-weaver-sdk-besu": "file:../../../sdks/besu/node", "@hyperledger/cacti-weaver-protos-js": "file:../../../common/protos-js", "@truffle/contract": "4.2.14", - "gluegun": "latest", + "gluegun": "5.1.3", "winston": "3.3.3" }, "devDependencies": { diff --git a/weaver/samples/besu/besu-cli/package.json b/weaver/samples/besu/besu-cli/package.json index 729d5c7a90..16fbe770ff 100644 --- a/weaver/samples/besu/besu-cli/package.json +++ b/weaver/samples/besu/besu-cli/package.json @@ -33,7 +33,7 @@ "@hyperledger/cacti-weaver-protos-js": "2.0.0-alpha.1", "@hyperledger/cacti-weaver-sdk-besu": "2.0.0-alpha.1", "@truffle/contract": "4.6.28", - "gluegun": "5.1.2", + "gluegun": "5.1.3", "winston": "3.10.0" }, "devDependencies": { diff --git a/weaver/samples/fabric/fabric-cli/package-local.json b/weaver/samples/fabric/fabric-cli/package-local.json index 42be9d2646..6db0edb206 100644 --- a/weaver/samples/fabric/fabric-cli/package-local.json +++ b/weaver/samples/fabric/fabric-cli/package-local.json @@ -42,7 +42,7 @@ "express": "4.18.2", "fabric-ca-client": "2.2.18", "fabric-network": "2.2.18", - "gluegun": "5.1.2", + "gluegun": "5.1.3", "grpc-tools": "1.12.4", "ini": "1.3.8", "node-notifier": "8.0.2", diff --git a/weaver/samples/fabric/fabric-cli/package.json b/weaver/samples/fabric/fabric-cli/package.json index b6f85d2e76..28a43e1a0e 100644 --- a/weaver/samples/fabric/fabric-cli/package.json +++ b/weaver/samples/fabric/fabric-cli/package.json @@ -42,7 +42,7 @@ "express": "4.18.2", "fabric-ca-client": "2.2.18", "fabric-network": "2.2.18", - "gluegun": "5.1.2", + "gluegun": "5.1.3", "grpc-tools": "1.12.4", "ini": "1.3.8", "node-notifier": "8.0.2", diff --git a/yarn.lock b/yarn.lock index 99d46c46ca..8330088f08 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6089,7 +6089,7 @@ __metadata: "@truffle/contract": 4.6.28 "@types/jest": 24.9.1 "@types/node": 16.18.40 - gluegun: 5.1.2 + gluegun: 5.1.3 jest: 29.6.2 prettier: 1.19.1 ts-jest: 29.1.1 @@ -6183,7 +6183,7 @@ __metadata: express: 4.18.2 fabric-ca-client: 2.2.18 fabric-network: 2.2.18 - gluegun: 5.1.2 + gluegun: 5.1.3 google-protobuf: 3.21.2 grpc-tools: 1.12.4 ini: 1.3.8 @@ -21181,18 +21181,7 @@ __metadata: languageName: node linkType: hard -"ejs@npm:3.1.6": - version: 3.1.6 - resolution: "ejs@npm:3.1.6" - dependencies: - jake: ^10.6.1 - bin: - ejs: ./bin/cli.js - checksum: 81a9cdea0b4ded3b5a4b212b7c17e20bb07468f08394e2d519708d367957a70aef3d282a6d5d38bf6ad313ba25802b9193d4227f29b084d2ee0f28d115141d48 - languageName: node - linkType: hard - -"ejs@npm:^3.1.8": +"ejs@npm:^3.1.7, ejs@npm:^3.1.8": version: 3.1.9 resolution: "ejs@npm:3.1.9" dependencies: @@ -24515,7 +24504,7 @@ __metadata: languageName: node linkType: hard -"filelist@npm:^1.0.1, filelist@npm:^1.0.4": +"filelist@npm:^1.0.4": version: 1.0.4 resolution: "filelist@npm:1.0.4" dependencies: @@ -26153,9 +26142,9 @@ __metadata: languageName: node linkType: hard -"gluegun@npm:5.1.2": - version: 5.1.2 - resolution: "gluegun@npm:5.1.2" +"gluegun@npm:5.1.3": + version: 5.1.3 + resolution: "gluegun@npm:5.1.3" dependencies: apisauce: ^2.1.5 app-module-path: ^2.2.0 @@ -26163,7 +26152,7 @@ __metadata: colors: 1.4.0 cosmiconfig: 7.0.1 cross-spawn: 7.0.3 - ejs: 3.1.6 + ejs: ^3.1.7 enquirer: 2.3.6 execa: 5.1.1 fs-jetpack: 4.3.1 @@ -26189,7 +26178,7 @@ __metadata: yargs-parser: ^21.0.0 bin: gluegun: bin/gluegun - checksum: 2c91934b98022018a524a3be32efb3e4567905a618ccb4aca4f19207ff4b37262bc18264b306f1c82757eaab634bac6c06aacff16059b11a38deefd07b6293b6 + checksum: 152cff411d1c592bd982703a468814e1eea390bb7964e30b371594f15d10c748d666d1ac3f01c09c27f288c3b8c5b4c825929b0d6c6c057d29263120368a737f languageName: node linkType: hard @@ -29604,20 +29593,6 @@ __metadata: languageName: node linkType: hard -"jake@npm:^10.6.1": - version: 10.8.5 - resolution: "jake@npm:10.8.5" - dependencies: - async: ^3.2.3 - chalk: ^4.0.2 - filelist: ^1.0.1 - minimatch: ^3.0.4 - bin: - jake: ./bin/cli.js - checksum: 56c913ecf5a8d74325d0af9bc17a233bad50977438d44864d925bb6c45c946e0fee8c4c1f5fe2225471ef40df5222e943047982717ebff0d624770564d3c46ba - languageName: node - linkType: hard - "jake@npm:^10.8.5": version: 10.8.7 resolution: "jake@npm:10.8.7"