This demonstrates good practice in restricting the chaincode package
versions to those applicable for the specific Fabric (major/minor)
version targeted for deployment.
Also some corrections to the repository README. Particularly referring
to other branches for samples targeted at earlier Fabric versions, since
samples in the main branch may exploit features not available in older
Fabric releases, which can cause confusion for end users.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
* Fix npm problems on asset-transfer-basic/chaincode-typescript
This patch fixes npm problems on
asset-transfer-basic/chaincode-typescript.
- Sync npm-shrinkwrap.json with package.json to fix the npm ci error
- Update the version of TypeScript to avoid the type error on logform
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
* Update npm-shrinkwrap.json
Fix dependencies
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
---------
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Arnaud J Le Hors <lehors@us.ibm.com>
Rely on the dependencies of @hyperledger/fabric-gateway making these packages transitively available. Having explicit dependency versions in the application can cause type conflicts due to private member changes in the gRPC Client class across versions.
Also fix some missing or incorrect Node types and engines version contraints.
Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
npm audit reveals several high and one critical vulnerabilities in the dependencies:
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/ansi-regex
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install mocha@10.0.0, which is a breaking change
node_modules/minimist
node_modules/ts-node/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of mkdirp
node_modules/mocha
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
5 vulnerabilities (2 moderate, 2 high, 1 critical)
This change (from running npm audit fix --force) removes all of them:
npm audit
found 0 vulnerabilities
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
- Updated the test-network with examples of runnig CCAAS
- Updating the asset transfer basic with how to run chaincode as a service.
Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
