build(deps): bulk fix CVEs via dependency resolution overrides 2023-1…

…0-23 1. Couldn't get rid of vulnerable versions in a couple of dependencies because the underlying dependencies have gone ESM only which is a blocker for us at the moment unfortunately. 2. Swapped out the ubiquity TS client to a version of it that I self published onto npm after a full renovation of all of its dependencies. Depends on hyperledger#2807 (because that one also has a couple of dependency bumps that are needed to eliminate the vulnerabilities) Fixes hyperledger#2828 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES · Dec 21, 2023 · 4279503 · 4279503
1 parent 065c651
commit 4279503
Show file tree

Hide file tree

Showing 4 changed files with 380 additions and 846 deletions.
diff --git a/package.json b/package.json
@@ -78,16 +78,27 @@
     "init-registries": "npm config set @iroha2:registry=https://nexus.iroha.tech/repository/npm-group/"
   },
   "resolutions": {
-    "ansi-html": ">0.0.8",
+    "@babel/traverse": ">=7.23.2",
+    "ansi-html": ">=0.0.8",
     "axios": ">=0.27.2",
-    "glob-parent": "5.1.2",
+    "engine.io": ">=6.4.2",
+    "get-func-name": ">=2.0.1",
+    "glob-parent": ">=5.1.2",
     "http-cache-semantics": ">=4.1.1",
+    "jsonwebtoken": ">=9.0.0",
     "lodash": ">=4.17.21",
     "minimist": ">=1.2.6",
     "nano": ">=10.0.0",
     "node-forge": ">=1.3.0",
+    "postcss": ">=8.4.31",
     "protobufjs": ">=7.2.5",
-    "underscore": "1.13.2"
+    "semver": ">=7.5.2",
+    "socket.io-parser": ">=4.2.3",
+    "tough-cookie": ">=4.1.3",
+    "xml2js": ">=0.5.0",
+    "yargs-parser": ">=18.1.1",
+    "underscore": ">=1.13.2",
+    "zod": ">=3.22.3"
   },
   "devDependencies": {
     "@commitlint/cli": "17.7.1",

diff --git a/packages/cactus-plugin-ledger-connector-ubiquity/package.json b/packages/cactus-plugin-ledger-connector-ubiquity/package.json
@@ -57,12 +57,12 @@
   "dependencies": {
     "@hyperledger/cactus-core": "2.0.0-alpha.2",
     "@hyperledger/cactus-core-api": "2.0.0-alpha.2",
-    "@ubiquity/ubiquity-ts-client-modified": "https://github.com/RafaelAPB/ubiquity-ts-client-mirror.git",
     "axios": "1.6.0",
     "dotenv": "16.0.1",
     "node-fetch": "3.3.2",
     "prom-client": "13.2.0",
     "typescript-optional": "2.0.1",
+    "ubiquity-ts-client-renovated": "1.0.0",
     "uuid": "9.0.1"
   },
   "devDependencies": {

diff --git a/...-plugin-ledger-connector-ubiquity/src/main/typescript/plugin-ledger-connector-ubiquity.ts b/...-plugin-ledger-connector-ubiquity/src/main/typescript/plugin-ledger-connector-ubiquity.ts
@@ -27,9 +27,9 @@ import { GetTransactionsByAddressEndpoint } from "./endpoints/transaction/get-tr
 import {
   UbiquityClient,
   TxPage,
-  Balance,
+  BalanceV1,
   Tx,
-} from "@ubiquity/ubiquity-ts-client-modified";
+} from "ubiquity-ts-client-renovated";
 
 export interface IPluginLedgerConnectorUbiquity {
   logLevel?: LogLevelDesc;
@@ -135,7 +135,7 @@ export class PluginLedgerConnectorUbiquity
     protocol: PROTOCOL_TYPE,
     network: NETWORK_TYPE,
     address: string,
-  ): Promise<AxiosResponse<Balance[]>> {
+  ): Promise<AxiosResponse<BalanceV1[]>> {
     const fnTag = `${this.className}:GetBalancesByAddresses`;
     this.log.debug("enter ", fnTag);
     const accounts = this.client.accountsApi.getListOfBalancesByAddress(