npm audit reveals several high and one critical vulnerabilities in the dependencies:
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/ansi-regex
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install mocha@10.0.0, which is a breaking change
node_modules/minimist
node_modules/ts-node/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of mkdirp
node_modules/mocha
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
5 vulnerabilities (2 moderate, 2 high, 1 critical)
This change (from running npm audit fix --force) removes all of them:
npm audit
found 0 vulnerabilities
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Podman isn't as lenient as docker when it comes to the syntax of the
Dockerfile and insists on getting the ARG command properly scoped.
This fixes this error:
...
[2/2] STEP 12/15: EXPOSE $CC_SERVER_PORT
Error: error building at STEP "EXPOSE $CC_SERVER_PORT": EXPOSE requires at least one argument
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
- Updated the test-network with examples of runnig CCAAS
- Updating the asset transfer basic with how to run chaincode as a service.
Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
The latest version (2.1.2) of sort-keys-recursive adds TypeScript
typing, which includes export default function.
This change has caused the TS2349 type error.
This patch modifies the import form in assetTransfer.ts to fix the error.
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
* updated chaincodes for asset-trnsfer-basic in order to show good example on how achieving determinism in json
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* final fixes for chaincode-java of asset-tranfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* removed extra unused excheptions
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* corrected indentation of contract in the chancode-javasript of asset-trnsfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* last fixes for chaincode-javascript of asset-transfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* last last fixes for chaincode-javascript of asset-transfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
The Golang and Java sample chaincode returned an error when trying to create an asset which already exists
JavaScript and TypeScript samples should now do the same
Signed-off-by: James Taylor <jamest@uk.ibm.com>
GetAllAssets uses getStateByRange which returns an iterator.
Refactored code to make use of the iterator as this code did
not function in its previous state
Signed-off-by: Brett Logan <brett.t.logan@ibm.com>
Short of creating a second application that calls
the lowerCase version of functions, since Go requires
the functions be exported, capitalizing them in the
Node and Typescript chaincode seems the simplest solution
Signed-off-by: Brett Logan <brett.t.logan@ibm.com>
Add the contract-api specific annotations and
enable the experimental features.
Also properly format code according to the linter
Signed-off-by: Brett Logan <brett.t.logan@ibm.com>
As the Typescript examples are essentially just reiterations
of the same Javascript code, there is no benefit to having
providing examples in both languages. The functional code
was exactly the same in both languages. On the contrary it
meant we widened the surface of maitainence and thus we are
removing due to the limited benefit provided by the example
chaincode and applications.
Signed-off-by: Brett Logan <brett.t.logan@ibm.com>
