fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1

To completely get rid of all instances of the vulnerable versions, we also have to upgrade the example application's Angular versions: - Upgraded Artillery from v1.7.1 to v1.7.9 Depends on hyperledger-cacti#2229 Fixes hyperledger-cacti#2228 Signed-off-by: Peter Somogyvari <[email protected]>
petermetz · Dec 9, 2022 · 2ae862f · 2ae862f
1 parent 795ee6b
commit 2ae862f
Show file tree

Hide file tree

Showing 19 changed files with 308 additions and 196 deletions.
diff --git a/examples/cactus-check-connection-ethereum-validator/package.json b/examples/cactus-check-connection-ethereum-validator/package.json
@@ -15,7 +15,7 @@
   },
   "dependencies": {
     "escape-html": "1.0.3",
-    "socket.io": "4.4.1"
+    "socket.io": "4.5.4"
   },
   "devDependencies": {
     "@types/escape-html": "1.0.1",

diff --git a/examples/cactus-example-discounted-asset-trade/package.json b/examples/cactus-example-discounted-asset-trade/package.json
@@ -32,7 +32,7 @@
     "log4js": "6.4.0",
     "morgan": "1.9.1",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "ts-node": "8.9.1",
     "web3": "1.8.1",
     "xmlhttprequest": "1.8.0"

diff --git a/examples/cactus-example-electricity-trade/package.json b/examples/cactus-example-electricity-trade/package.json
@@ -30,7 +30,7 @@
     "log4js": "6.4.0",
     "morgan": "1.9.1",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "ts-node": "8.9.1",
     "web3": "1.8.1",
     "xmlhttprequest": "1.8.0"

diff --git a/examples/cactus-example-electricity-trade/tools/transferNumericAsset/package.json b/examples/cactus-example-electricity-trade/tools/transferNumericAsset/package.json
@@ -15,7 +15,7 @@
     "ethereumjs-tx": "2.1.2",
     "ts-node": "9.1.1",
     "web3": "1.8.1",
-    "socket.io": "4.4.1"
+    "socket.io": "4.5.4"
   },
   "devDependencies": {
     "typescript": "3.9.10"

diff --git a/examples/test-run-transaction/package.json b/examples/test-run-transaction/package.json
@@ -28,7 +28,7 @@
     "log4js": "6.4.0",
     "morgan": "1.9.1",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "ts-node": "8.9.1",
     "web3": "1.7.0",
     "xmlhttprequest": "1.8.0"

diff --git a/extensions/cactus-plugin-htlc-coordinator-besu/package.json b/extensions/cactus-plugin-htlc-coordinator-besu/package.json
@@ -68,14 +68,14 @@
     "joi": "14.3.1",
     "openapi-types": "7.0.1",
     "prom-client": "13.1.0",
-    "socket.io-client": "4.1.3",
+    "socket.io-client": "4.5.4",
     "typescript-optional": "2.0.1"
   },
   "devDependencies": {
     "@hyperledger/cactus-plugin-keychain-memory": "1.1.3",
     "@hyperledger/cactus-test-tooling": "1.1.3",
     "@types/express": "4.17.8",
-    "socket.io": "4.4.1"
+    "socket.io": "4.5.4"
   },
   "engines": {
     "node": ">=10",

diff --git a/packages-python/cactus_validator_socketio_indy/testcli/package.json b/packages-python/cactus_validator_socketio_indy/testcli/package.json
@@ -4,6 +4,6 @@
   "private": true,
   "dependencies": {
     "jsonwebtoken": "8.5.1",
-    "socket.io-client": "4.1.3"
+    "socket.io-client": "4.5.4"
   }
 }
diff --git a/packages-python/cactus_validator_socketio_iroha/testcli/package.json b/packages-python/cactus_validator_socketio_iroha/testcli/package.json
@@ -5,6 +5,6 @@
   "dependencies": {
     "json-bigint": "1.0.0",
     "jsonwebtoken": "8.5.1",
-    "socket.io-client": "4.1.3"
+    "socket.io-client": "4.5.4"
   }
 }
diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json
@@ -84,8 +84,8 @@
     "run-time-error": "1.4.0",
     "rxjs": "7.3.0",
     "semver": "7.3.5",
-    "socket.io": "4.4.1",
-    "socket.io-client": "4.4.1",
+    "socket.io": "4.5.4",
+    "socket.io-client": "4.5.4",
     "typescript-optional": "2.0.1",
     "uuid": "8.3.2"
   },
@@ -109,7 +109,7 @@
     "@types/semver": "7.3.8",
     "@types/uuid": "8.3.1",
     "@types/xml2js": "0.4.9",
-    "artillery": "1.7.2",
+    "artillery": "1.7.9",
     "http-status-codes": "2.1.4"
   },
   "engines": {

diff --git a/packages/cactus-cmd-socketio-server/package.json b/packages/cactus-cmd-socketio-server/package.json
@@ -31,8 +31,8 @@
     "log4js": "6.4.1",
     "morgan": "1.10.0",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
-    "socket.io-client": "4.1.3",
+    "socket.io": "4.5.4",
+    "socket.io-client": "4.5.4",
     "web3": "1.6.0",
     "xmlhttprequest": "1.8.0"
   },

diff --git a/packages/cactus-core-api/package.json b/packages/cactus-core-api/package.json
@@ -81,7 +81,7 @@
     "@types/express": "4.17.13",
     "make-dir-cli": "3.0.0",
     "rxjs": "7.3.0",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "typescript-optional": "2.0.1"
   }
 }
diff --git a/packages/cactus-plugin-ledger-connector-besu/package.json b/packages/cactus-plugin-ledger-connector-besu/package.json
@@ -63,7 +63,7 @@
     "prom-client": "13.2.0",
     "run-time-error": "1.4.0",
     "rxjs": "7.3.0",
-    "socket.io-client": "4.1.3",
+    "socket.io-client": "4.5.4",
     "typescript-optional": "2.0.1",
     "web3": "1.5.2",
     "web3-core": "1.5.2",
@@ -75,7 +75,7 @@
     "@hyperledger/cactus-plugin-keychain-memory": "1.1.3",
     "@hyperledger/cactus-test-tooling": "1.1.3",
     "@types/express": "4.17.13",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "web3-core": "1.5.2",
     "web3-eth": "1.5.2"
   },

diff --git a/packages/cactus-plugin-ledger-connector-fabric-socketio/package.json b/packages/cactus-plugin-ledger-connector-fabric-socketio/package.json
@@ -34,7 +34,7 @@
     "protobufjs": "5.0.3",
     "serve-favicon": "2.4.5",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1"
+    "socket.io": "4.5.4"
   },
   "devDependencies": {
     "@hyperledger/cactus-api-client": "1.1.3",

diff --git a/...cactus-plugin-ledger-connector-fabric-socketio/src/test/typescript/unit-test/package.json b/...cactus-plugin-ledger-connector-fabric-socketio/src/test/typescript/unit-test/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@types/node": "14.18.12",
     "config": "1.31.0",
-    "socket.io-client": "4.1.3",
+    "socket.io-client": "4.5.4",
     "ts-node": "9.1.1",
     "fabric-ca-client": "2.2.10",
     "fabric-network": "2.2.10",

diff --git a/packages/cactus-plugin-ledger-connector-go-ethereum-socketio/package.json b/packages/cactus-plugin-ledger-connector-go-ethereum-socketio/package.json
@@ -28,7 +28,7 @@
     "morgan": "1.10.0",
     "serve-favicon": "2.4.5",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "web3": "1.8.1"
   },
   "devDependencies": {

diff --git a/...s-plugin-ledger-connector-go-ethereum-socketio/src/test/typescript/unit-test/package.json b/...s-plugin-ledger-connector-go-ethereum-socketio/src/test/typescript/unit-test/package.json
@@ -15,7 +15,7 @@
     "ethereumjs-tx": "2.1.2",
     "ts-node": "9.1.1",
     "web3": "1.7.0",
-    "socket.io-client": "4.1.3"
+    "socket.io-client": "4.5.4"
   },
   "devDependencies": {
     "typescript": "3.9.10"

diff --git a/packages/cactus-plugin-ledger-connector-sawtooth-socketio/package.json b/packages/cactus-plugin-ledger-connector-sawtooth-socketio/package.json
@@ -27,7 +27,7 @@
     "morgan": "1.10.0",
     "serve-favicon": "2.4.5",
     "shelljs": "0.8.5",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "xmlhttprequest": "1.8.0"
   },
   "devDependencies": {

diff --git a/packages/cactus-plugin-odap-hermes/package.json b/packages/cactus-plugin-odap-hermes/package.json
@@ -59,7 +59,7 @@
     "crypto-js": "4.0.0",
     "knex": "2.0.0",
     "secp256k1": "4.0.2",
-    "socket.io": "4.4.1",
+    "socket.io": "4.5.4",
     "sqlite3": "5.0.3",
     "typescript-optional": "2.0.1",
     "web3": "1.5.2",