build(deps): fix CVE-2022-25887 by upgrading sanitize-html to v2.11.0

Also upgraded the typings to the latest available one. Signed-off-by: Peter Somogyvari <[email protected]> (cherry picked from commit ad4e91b)
hyperledger-cacti · Feb 14, 2024 · 9fd3898 · 9fd3898 · github-actions · Feb 14, 2024
1 parent d590883
commit 9fd3898
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 36 deletions.
diff --git a/packages/cactus-common/package.json b/packages/cactus-common/package.json
@@ -61,13 +61,13 @@
     "loglevel": "1.7.1",
     "loglevel-plugin-prefix": "0.8.4",
     "run-time-error-cjs": "1.4.0",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "secp256k1": "4.0.3",
     "sha3": "2.1.4"
   },
   "devDependencies": {
     "@types/json-stable-stringify": "1.0.33",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "@types/secp256k1": "4.0.3",
     "@types/uuid": "8.3.4",
     "uuid": "8.3.2"

diff --git a/packages/cactus-plugin-ledger-connector-ethereum/package.json b/packages/cactus-plugin-ledger-connector-ethereum/package.json
@@ -77,7 +77,7 @@
     "prom-client": "13.2.0",
     "run-time-error-cjs": "1.4.0",
     "rxjs": "7.8.1",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "socket.io-client-fixed-types": "4.5.4",
     "typescript-optional": "2.0.1",
     "web3": "4.4.0",
@@ -92,7 +92,7 @@
     "@types/express": "4.17.19",
     "@types/js-yaml": "4.0.5",
     "@types/minimist": "1.2.2",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "@types/uuid": "9.0.6",
     "body-parser": "1.20.2",
     "chalk": "4.1.2",

diff --git a/packages/cactus-plugin-ledger-connector-fabric/package.json b/packages/cactus-plugin-ledger-connector-fabric/package.json
@@ -81,7 +81,7 @@
     "run-time-error-cjs": "1.4.0",
     "rxjs": "7.8.1",
     "sanitize-filename": "1.6.3",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "secp256k1": "4.0.3",
     "socket.io-client-fixed-types": "4.5.4",
     "temp": "0.9.4",
@@ -100,7 +100,7 @@
     "@types/jsrsasign": "8.0.13",
     "@types/multer": "1.4.7",
     "@types/node-vault": "0.9.13",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "@types/temp": "0.9.1",
     "@types/uuid": "8.3.4",
     "body-parser": "1.20.2",

diff --git a/packages/cactus-plugin-ledger-connector-iroha/package.json b/packages/cactus-plugin-ledger-connector-iroha/package.json
@@ -69,7 +69,7 @@
     "prom-client": "13.1.0",
     "run-time-error-cjs": "1.4.0",
     "rxjs": "7.8.1",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "socket.io-client-fixed-types": "4.5.4",
     "typescript-optional": "2.0.1"
   },
@@ -78,7 +78,7 @@
     "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2",
     "@types/body-parser": "1.19.4",
     "@types/express": "4.17.19",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "@types/uuid": "9.0.6",
     "body-parser": "1.20.2",
     "internal-ip": "6.2.0",

diff --git a/packages/cactus-plugin-ledger-connector-iroha2/package.json b/packages/cactus-plugin-ledger-connector-iroha2/package.json
@@ -58,7 +58,7 @@
     "fast-safe-stringify": "2.1.1",
     "hada": "0.0.8",
     "rxjs": "7.8.1",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "socket.io": "4.4.1",
     "socket.io-client-fixed-types": "4.5.4",
     "undici": "5.26.2"
@@ -67,7 +67,7 @@
     "@hyperledger/cactus-plugin-keychain-memory": "2.0.0-alpha.2",
     "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2",
     "@types/express": "4.17.19",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "body-parser": "1.20.2",
     "express": "4.18.2",
     "jest": "29.6.2",

diff --git a/packages/cactus-plugin-ledger-connector-quorum/package.json b/packages/cactus-plugin-ledger-connector-quorum/package.json
@@ -67,7 +67,7 @@
     "prom-client": "13.2.0",
     "run-time-error-cjs": "1.4.0",
     "rxjs": "7.8.1",
-    "sanitize-html": "2.7.0",
+    "sanitize-html": "2.11.0",
     "socket.io-client-fixed-types": "4.5.4",
     "typescript-optional": "2.0.1",
     "web3": "1.6.1",
@@ -83,7 +83,7 @@
     "@types/express": "4.17.19",
     "@types/http-errors": "2.0.4",
     "@types/minimist": "1.2.2",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.9.5",
     "@types/uuid": "9.0.6",
     "body-parser": "1.20.2",
     "chalk": "4.1.2",

diff --git a/yarn.lock b/yarn.lock
@@ -7481,7 +7481,7 @@ __metadata:
   resolution: "@hyperledger/cactus-common@workspace:packages/cactus-common"
   dependencies:
     "@types/json-stable-stringify": 1.0.33
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     "@types/secp256k1": 4.0.3
     "@types/uuid": 8.3.4
     fast-safe-stringify: 2.1.1
@@ -7490,7 +7490,7 @@ __metadata:
     loglevel: 1.7.1
     loglevel-plugin-prefix: 0.8.4
     run-time-error-cjs: 1.4.0
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     secp256k1: 4.0.3
     sha3: 2.1.4
     uuid: 8.3.2
@@ -8326,7 +8326,7 @@ __metadata:
     "@types/express": 4.17.19
     "@types/js-yaml": 4.0.5
     "@types/minimist": 1.2.2
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     "@types/uuid": 9.0.6
     axios: 1.6.0
     body-parser: 1.20.2
@@ -8339,7 +8339,7 @@ __metadata:
     prom-client: 13.2.0
     run-time-error-cjs: 1.4.0
     rxjs: 7.8.1
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     socket.io: 4.5.4
     socket.io-client-fixed-types: 4.5.4
     typescript-optional: 2.0.1
@@ -8371,7 +8371,7 @@ __metadata:
     "@types/jsrsasign": 8.0.13
     "@types/multer": 1.4.7
     "@types/node-vault": 0.9.13
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     "@types/temp": 0.9.1
     "@types/uuid": 8.3.4
     axios: 1.6.0
@@ -8399,7 +8399,7 @@ __metadata:
     run-time-error-cjs: 1.4.0
     rxjs: 7.8.1
     sanitize-filename: 1.6.3
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     secp256k1: 4.0.3
     socket.io: 4.5.4
     socket.io-client-fixed-types: 4.5.4
@@ -8461,7 +8461,7 @@ __metadata:
     "@iroha2/crypto-target-node": 0.4.0
     "@iroha2/data-model": 4.0.0
     "@types/express": 4.17.19
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     axios: 1.6.0
     body-parser: 1.20.2
     express: 4.18.2
@@ -8470,7 +8470,7 @@ __metadata:
     jest: 29.6.2
     jest-extended: 4.0.1
     rxjs: 7.8.1
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     socket.io: 4.5.4
     socket.io-client-fixed-types: 4.5.4
     undici: 5.26.2
@@ -8491,7 +8491,7 @@ __metadata:
     "@types/body-parser": 1.19.4
     "@types/express": 4.17.19
     "@types/google-protobuf": 3.15.5
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     "@types/uuid": 9.0.6
     axios: 1.6.0
     body-parser: 1.20.2
@@ -8504,7 +8504,7 @@ __metadata:
     prom-client: 13.1.0
     run-time-error-cjs: 1.4.0
     rxjs: 7.8.1
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     socket.io: 4.5.4
     socket.io-client-fixed-types: 4.5.4
     typescript-optional: 2.0.1
@@ -8525,7 +8525,7 @@ __metadata:
     "@types/express": 4.17.19
     "@types/http-errors": 2.0.4
     "@types/minimist": 1.2.2
-    "@types/sanitize-html": 2.6.2
+    "@types/sanitize-html": 2.9.5
     "@types/uuid": 9.0.6
     axios: 1.6.0
     body-parser: 1.20.2
@@ -8537,7 +8537,7 @@ __metadata:
     prom-client: 13.2.0
     run-time-error-cjs: 1.4.0
     rxjs: 7.8.1
-    sanitize-html: 2.7.0
+    sanitize-html: 2.11.0
     socket.io: 4.5.4
     socket.io-client-fixed-types: 4.5.4
     typescript-optional: 2.0.1
@@ -14660,6 +14660,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/sanitize-html@npm:2.9.5":
+  version: 2.9.5
+  resolution: "@types/sanitize-html@npm:2.9.5"
+  dependencies:
+    htmlparser2: ^8.0.0
+  checksum: fd0afee5dac91aa2c42391f0c8c9254204f4ee1f10b902aa04e8f7809043d785e28af2732f75277ef09e46838013ad60abedb02ba1424b6218264f3333437fb5
+  languageName: node
+  linkType: hard
+
 "@types/scheduler@npm:*":
   version: 0.16.2
   resolution: "@types/scheduler@npm:0.16.2"
@@ -29292,27 +29301,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"htmlparser2@npm:^8.0.1":
-  version: 8.0.1
-  resolution: "htmlparser2@npm:8.0.1"
+"htmlparser2@npm:^8.0.0, htmlparser2@npm:^8.0.2":
+  version: 8.0.2
+  resolution: "htmlparser2@npm:8.0.2"
   dependencies:
     domelementtype: ^2.3.0
-    domhandler: ^5.0.2
+    domhandler: ^5.0.3
     domutils: ^3.0.1
-    entities: ^4.3.0
-  checksum: 06d5c71e8313597722bc429ae2a7a8333d77bd3ab07ccb916628384b37332027b047f8619448d8f4a3312b6609c6ea3302a4e77435d859e9e686999e6699ca39
+    entities: ^4.4.0
+  checksum: 29167a0f9282f181da8a6d0311b76820c8a59bc9e3c87009e21968264c2987d2723d6fde5a964d4b7b6cba663fca96ffb373c06d8223a85f52a6089ced942700
   languageName: node
   linkType: hard
 
-"htmlparser2@npm:^8.0.2":
-  version: 8.0.2
-  resolution: "htmlparser2@npm:8.0.2"
+"htmlparser2@npm:^8.0.1":
+  version: 8.0.1
+  resolution: "htmlparser2@npm:8.0.1"
   dependencies:
     domelementtype: ^2.3.0
-    domhandler: ^5.0.3
+    domhandler: ^5.0.2
     domutils: ^3.0.1
-    entities: ^4.4.0
-  checksum: 29167a0f9282f181da8a6d0311b76820c8a59bc9e3c87009e21968264c2987d2723d6fde5a964d4b7b6cba663fca96ffb373c06d8223a85f52a6089ced942700
+    entities: ^4.3.0
+  checksum: 06d5c71e8313597722bc429ae2a7a8333d77bd3ab07ccb916628384b37332027b047f8619448d8f4a3312b6609c6ea3302a4e77435d859e9e686999e6699ca39
   languageName: node
   linkType: hard
 
@@ -43716,6 +43725,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"sanitize-html@npm:2.11.0":
+  version: 2.11.0
+  resolution: "sanitize-html@npm:2.11.0"
+  dependencies:
+    deepmerge: ^4.2.2
+    escape-string-regexp: ^4.0.0
+    htmlparser2: ^8.0.0
+    is-plain-object: ^5.0.0
+    parse-srcset: ^1.0.2
+    postcss: ^8.3.11
+  checksum: 44807f22b0feb5a6a883b4bc04bcd8690ec3bbd6dacb24d6e52226ffe0c0e4fad43d6a882ce60e3884a327fae2de01e67e566e3a211491add50ff0160be2e98a
+  languageName: node
+  linkType: hard
+
 "sanitize-html@npm:2.7.0":
   version: 2.7.0
   resolution: "sanitize-html@npm:2.7.0"
Benchmark suite	Current: `9fd3898`	Previous: `0804bab`	Ratio
`cmd-api-server_HTTP_GET_getOpenApiSpecV1`	`618` ops/sec (`±1.64%`)	`611` ops/sec (`±1.80%`)	`0.99`
`cmd-api-server_gRPC_GetOpenApiSpecV1`	`384` ops/sec (`±1.50%`)	`387` ops/sec (`±1.39%`)	`1.01`