npm audit reveals several high and one critical vulnerabilities in the dependencies:
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/ansi-regex
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install mocha@10.0.0, which is a breaking change
node_modules/minimist
node_modules/ts-node/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of mkdirp
node_modules/mocha
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
5 vulnerabilities (2 moderate, 2 high, 1 critical)
This change (from running npm audit fix --force) removes all of them:
npm audit
found 0 vulnerabilities
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
* bump CA to v1.5.5; Fabric to v2.4.4
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
* Reorganizes the kube test network environment default parameters to align on column boundaries.
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
* Run k8s sample network tests against latest MAJOR.MINOR release of fabric, CA docker hub images.
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
A recent commit added the potential buyer to an asset's state based endorsement policy.
That change was problematic because if the transfer fell through, the buyer lost control of the asset,
in that they could no longer update the asset or change the sell price or sell to somebody else.
The asset state based endorsement policy is now based on the seller only, and we document
that additional parties could be added such as a trusted third party (although no
such party exists in test network at this time).
This commit also re-adds some necessary verifications, and make other minor edits and
comments to help users understand the sample.
Signed-off-by: David Enyeart <enyeart@us.ibm.com>
Issues:
1. When the name of NETWORK_NAME or NS in file "network" (i.e., the namespace in k8s) is changed from "test-network", the resources in the k8s cluster cannot be created successfully when the command "./network up" is executed.
Error message: error: the namespace from the provided object "test-network" does not match the namespace "xxxxxx". You must pass '--namespace=test-network' to perform this operation.
2. org2-cc.yaml is not completed.
Fix:
1. Replace "test-network" in yaml files in folder "kube" with "${NS}".
2. Complete "org2-cc-template.yaml" by referring to "org1-cc-template.yaml".
Signed-off-by: destinysky <kangrui10@126.com>
- chaincode-java Gradle project name did not match the instructions or the chaincode name used by the sample application code.
- Added test of Java chaincode to CI pipeline.
Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
- Updated build to use Go 1.18 since Go 1.16 is no longer supported.
- Use Java 11 in updated samples, and take advantage of new language features.
Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
This patch fixes errors in the document.
Fix errors as follows:
- Change shell script arguments
- Correct display results
Signed-off-by: Satoshi Ito <satoshi.ito.tf@hitachi.com>
* Support the fabric-builder-k8s for the chaincode "easy button."
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
* Run the CI/CD test suite using the correct matrix env for k8s builder
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
* Incorporate review feedback : remove zz_unused and pkgk8scc routines
Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
Also minor implementation changes to TypeScript sample for better consistency between implementations.
Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
In chaincode debugging guidance, using the Docker host alias
`host.docker.internal` is assumed.
But, the alias is not yet supported for Linux.
So, this patch adds its alternate procedure for Linux.
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
