Fix vulnerabilities in typescript chaincode deps

npm audit reveals several high and one critical vulnerabilities in the dependencies: ansi-regex 4.0.0 - 4.1.0 Severity: high Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/nyc/node_modules/ansi-regex minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install mocha@10.0.0, which is a breaking change node_modules/minimist node_modules/ts-node/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/mkdirp mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0 Depends on vulnerable versions of mkdirp node_modules/mocha protobufjs 6.11.0 - 6.11.2 Severity: high Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24 fix available via `npm audit fix` node_modules/protobufjs 5 vulnerabilities (2 moderate, 2 high, 1 critical) This change (from running npm audit fix --force) removes all of them: npm audit found 0 vulnerabilities Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2026-06-17 15:35:09 +00:00 · 2022-07-28 16:12:31 +02:00 · 2022-07-28 16:12:31 +02:00 · 8403da7386
commit 8403da7386
parent 51397fe78a
2 changed files with 1125 additions and 309 deletions
--- a/asset-transfer-basic/chaincode-typescript/npm-shrinkwrap.json
+++ b/asset-transfer-basic/chaincode-typescript/npm-shrinkwrap.json
--- a/asset-transfer-basic/chaincode-typescript/package.json
+++ b/asset-transfer-basic/chaincode-typescript/package.json
@ -38,7 +38,7 @@
        "@types/sinon": "^5.0.7",
        "@types/sinon-chai": "^3.2.1",
        "chai": "^4.2.0",
-        "mocha": "^5.2.0",
+        "mocha": "^10.0.0",
        "nyc": "^14.1.1",
        "sinon": "^7.1.1",
        "sinon-chai": "^3.3.0",