Rely on the dependencies of @hyperledger/fabric-gateway making these packages transitively available. Having explicit dependency versions in the application can cause type conflicts due to private member changes in the gRPC Client class across versions.
Also fix some missing or incorrect Node types and engines version contraints.
Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
npm audit reveals several high and one critical vulnerabilities in the dependencies:
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/ansi-regex
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install mocha@10.0.0, which is a breaking change
node_modules/minimist
node_modules/ts-node/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of mkdirp
node_modules/mocha
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
5 vulnerabilities (2 moderate, 2 high, 1 critical)
This change (from running npm audit fix --force) removes all of them:
npm audit
found 0 vulnerabilities
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
- Updated the test-network with examples of runnig CCAAS
- Updating the asset transfer basic with how to run chaincode as a service.
Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
