npm audit reveals several high and one critical vulnerabilities in the dependencies:
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/ansi-regex
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install mocha@10.0.0, which is a breaking change
node_modules/minimist
node_modules/ts-node/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of mkdirp
node_modules/mocha
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
5 vulnerabilities (2 moderate, 2 high, 1 critical)
This change (from running npm audit fix --force) removes all of them:
npm audit
found 0 vulnerabilities
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
- Updated the test-network with examples of runnig CCAAS
- Updating the asset transfer basic with how to run chaincode as a service.
Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
The latest version (2.1.2) of sort-keys-recursive adds TypeScript
typing, which includes export default function.
This change has caused the TS2349 type error.
This patch modifies the import form in assetTransfer.ts to fix the error.
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
* updated chaincodes for asset-trnsfer-basic in order to show good example on how achieving determinism in json
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* final fixes for chaincode-java of asset-tranfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* removed extra unused excheptions
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* corrected indentation of contract in the chancode-javasript of asset-trnsfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* last fixes for chaincode-javascript of asset-transfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
* last last fixes for chaincode-javascript of asset-transfer-basic
Signed-off-by: fraVlaca <ocsenarf@outlook.com>
As the Typescript examples are essentially just reiterations
of the same Javascript code, there is no benefit to having
providing examples in both languages. The functional code
was exactly the same in both languages. On the contrary it
meant we widened the surface of maitainence and thus we are
removing due to the limited benefit provided by the example
chaincode and applications.
Signed-off-by: Brett Logan <brett.t.logan@ibm.com>
