From 9fd38983feb9a114e383294224121f850070093a Mon Sep 17 00:00:00 2001 From: Peter Somogyvari Date: Tue, 23 Jan 2024 19:11:37 -0800 Subject: [PATCH] build(deps): fix CVE-2022-25887 by upgrading sanitize-html to v2.11.0 Also upgraded the typings to the latest available one. Signed-off-by: Peter Somogyvari (cherry picked from commit ad4e91bbcd216eaa36a371278a65a033698754a8) --- packages/cactus-common/package.json | 4 +- .../package.json | 4 +- .../package.json | 4 +- .../package.json | 4 +- .../package.json | 4 +- .../package.json | 4 +- yarn.lock | 71 ++++++++++++------- 7 files changed, 59 insertions(+), 36 deletions(-) diff --git a/packages/cactus-common/package.json b/packages/cactus-common/package.json index 3e5a8b56e9..59d09269de 100644 --- a/packages/cactus-common/package.json +++ b/packages/cactus-common/package.json @@ -61,13 +61,13 @@ "loglevel": "1.7.1", "loglevel-plugin-prefix": "0.8.4", "run-time-error-cjs": "1.4.0", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "secp256k1": "4.0.3", "sha3": "2.1.4" }, "devDependencies": { "@types/json-stable-stringify": "1.0.33", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "@types/secp256k1": "4.0.3", "@types/uuid": "8.3.4", "uuid": "8.3.2" diff --git a/packages/cactus-plugin-ledger-connector-ethereum/package.json b/packages/cactus-plugin-ledger-connector-ethereum/package.json index d0823aa2fe..1e304f8bd8 100644 --- a/packages/cactus-plugin-ledger-connector-ethereum/package.json +++ b/packages/cactus-plugin-ledger-connector-ethereum/package.json @@ -77,7 +77,7 @@ "prom-client": "13.2.0", "run-time-error-cjs": "1.4.0", "rxjs": "7.8.1", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "socket.io-client-fixed-types": "4.5.4", "typescript-optional": "2.0.1", "web3": "4.4.0", @@ -92,7 +92,7 @@ "@types/express": "4.17.19", "@types/js-yaml": "4.0.5", "@types/minimist": "1.2.2", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "@types/uuid": "9.0.6", "body-parser": "1.20.2", "chalk": "4.1.2", diff --git a/packages/cactus-plugin-ledger-connector-fabric/package.json b/packages/cactus-plugin-ledger-connector-fabric/package.json index 55227ccc23..9b1bc21ecd 100644 --- a/packages/cactus-plugin-ledger-connector-fabric/package.json +++ b/packages/cactus-plugin-ledger-connector-fabric/package.json @@ -81,7 +81,7 @@ "run-time-error-cjs": "1.4.0", "rxjs": "7.8.1", "sanitize-filename": "1.6.3", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "secp256k1": "4.0.3", "socket.io-client-fixed-types": "4.5.4", "temp": "0.9.4", @@ -100,7 +100,7 @@ "@types/jsrsasign": "8.0.13", "@types/multer": "1.4.7", "@types/node-vault": "0.9.13", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "@types/temp": "0.9.1", "@types/uuid": "8.3.4", "body-parser": "1.20.2", diff --git a/packages/cactus-plugin-ledger-connector-iroha/package.json b/packages/cactus-plugin-ledger-connector-iroha/package.json index 565451d3e2..86fb4aea0c 100644 --- a/packages/cactus-plugin-ledger-connector-iroha/package.json +++ b/packages/cactus-plugin-ledger-connector-iroha/package.json @@ -69,7 +69,7 @@ "prom-client": "13.1.0", "run-time-error-cjs": "1.4.0", "rxjs": "7.8.1", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "socket.io-client-fixed-types": "4.5.4", "typescript-optional": "2.0.1" }, @@ -78,7 +78,7 @@ "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2", "@types/body-parser": "1.19.4", "@types/express": "4.17.19", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "@types/uuid": "9.0.6", "body-parser": "1.20.2", "internal-ip": "6.2.0", diff --git a/packages/cactus-plugin-ledger-connector-iroha2/package.json b/packages/cactus-plugin-ledger-connector-iroha2/package.json index 8e912dd731..ab53224cc6 100644 --- a/packages/cactus-plugin-ledger-connector-iroha2/package.json +++ b/packages/cactus-plugin-ledger-connector-iroha2/package.json @@ -58,7 +58,7 @@ "fast-safe-stringify": "2.1.1", "hada": "0.0.8", "rxjs": "7.8.1", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "socket.io": "4.4.1", "socket.io-client-fixed-types": "4.5.4", "undici": "5.26.2" @@ -67,7 +67,7 @@ "@hyperledger/cactus-plugin-keychain-memory": "2.0.0-alpha.2", "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2", "@types/express": "4.17.19", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "body-parser": "1.20.2", "express": "4.18.2", "jest": "29.6.2", diff --git a/packages/cactus-plugin-ledger-connector-quorum/package.json b/packages/cactus-plugin-ledger-connector-quorum/package.json index e6776a7408..484f66095e 100644 --- a/packages/cactus-plugin-ledger-connector-quorum/package.json +++ b/packages/cactus-plugin-ledger-connector-quorum/package.json @@ -67,7 +67,7 @@ "prom-client": "13.2.0", "run-time-error-cjs": "1.4.0", "rxjs": "7.8.1", - "sanitize-html": "2.7.0", + "sanitize-html": "2.11.0", "socket.io-client-fixed-types": "4.5.4", "typescript-optional": "2.0.1", "web3": "1.6.1", @@ -83,7 +83,7 @@ "@types/express": "4.17.19", "@types/http-errors": "2.0.4", "@types/minimist": "1.2.2", - "@types/sanitize-html": "2.6.2", + "@types/sanitize-html": "2.9.5", "@types/uuid": "9.0.6", "body-parser": "1.20.2", "chalk": "4.1.2", diff --git a/yarn.lock b/yarn.lock index 0e865af019..0ebef699cc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7481,7 +7481,7 @@ __metadata: resolution: "@hyperledger/cactus-common@workspace:packages/cactus-common" dependencies: "@types/json-stable-stringify": 1.0.33 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 "@types/secp256k1": 4.0.3 "@types/uuid": 8.3.4 fast-safe-stringify: 2.1.1 @@ -7490,7 +7490,7 @@ __metadata: loglevel: 1.7.1 loglevel-plugin-prefix: 0.8.4 run-time-error-cjs: 1.4.0 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 secp256k1: 4.0.3 sha3: 2.1.4 uuid: 8.3.2 @@ -8326,7 +8326,7 @@ __metadata: "@types/express": 4.17.19 "@types/js-yaml": 4.0.5 "@types/minimist": 1.2.2 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 "@types/uuid": 9.0.6 axios: 1.6.0 body-parser: 1.20.2 @@ -8339,7 +8339,7 @@ __metadata: prom-client: 13.2.0 run-time-error-cjs: 1.4.0 rxjs: 7.8.1 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 socket.io: 4.5.4 socket.io-client-fixed-types: 4.5.4 typescript-optional: 2.0.1 @@ -8371,7 +8371,7 @@ __metadata: "@types/jsrsasign": 8.0.13 "@types/multer": 1.4.7 "@types/node-vault": 0.9.13 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 "@types/temp": 0.9.1 "@types/uuid": 8.3.4 axios: 1.6.0 @@ -8399,7 +8399,7 @@ __metadata: run-time-error-cjs: 1.4.0 rxjs: 7.8.1 sanitize-filename: 1.6.3 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 secp256k1: 4.0.3 socket.io: 4.5.4 socket.io-client-fixed-types: 4.5.4 @@ -8461,7 +8461,7 @@ __metadata: "@iroha2/crypto-target-node": 0.4.0 "@iroha2/data-model": 4.0.0 "@types/express": 4.17.19 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 axios: 1.6.0 body-parser: 1.20.2 express: 4.18.2 @@ -8470,7 +8470,7 @@ __metadata: jest: 29.6.2 jest-extended: 4.0.1 rxjs: 7.8.1 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 socket.io: 4.5.4 socket.io-client-fixed-types: 4.5.4 undici: 5.26.2 @@ -8491,7 +8491,7 @@ __metadata: "@types/body-parser": 1.19.4 "@types/express": 4.17.19 "@types/google-protobuf": 3.15.5 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 "@types/uuid": 9.0.6 axios: 1.6.0 body-parser: 1.20.2 @@ -8504,7 +8504,7 @@ __metadata: prom-client: 13.1.0 run-time-error-cjs: 1.4.0 rxjs: 7.8.1 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 socket.io: 4.5.4 socket.io-client-fixed-types: 4.5.4 typescript-optional: 2.0.1 @@ -8525,7 +8525,7 @@ __metadata: "@types/express": 4.17.19 "@types/http-errors": 2.0.4 "@types/minimist": 1.2.2 - "@types/sanitize-html": 2.6.2 + "@types/sanitize-html": 2.9.5 "@types/uuid": 9.0.6 axios: 1.6.0 body-parser: 1.20.2 @@ -8537,7 +8537,7 @@ __metadata: prom-client: 13.2.0 run-time-error-cjs: 1.4.0 rxjs: 7.8.1 - sanitize-html: 2.7.0 + sanitize-html: 2.11.0 socket.io: 4.5.4 socket.io-client-fixed-types: 4.5.4 typescript-optional: 2.0.1 @@ -14660,6 +14660,15 @@ __metadata: languageName: node linkType: hard +"@types/sanitize-html@npm:2.9.5": + version: 2.9.5 + resolution: "@types/sanitize-html@npm:2.9.5" + dependencies: + htmlparser2: ^8.0.0 + checksum: fd0afee5dac91aa2c42391f0c8c9254204f4ee1f10b902aa04e8f7809043d785e28af2732f75277ef09e46838013ad60abedb02ba1424b6218264f3333437fb5 + languageName: node + linkType: hard + "@types/scheduler@npm:*": version: 0.16.2 resolution: "@types/scheduler@npm:0.16.2" @@ -29292,27 +29301,27 @@ __metadata: languageName: node linkType: hard -"htmlparser2@npm:^8.0.1": - version: 8.0.1 - resolution: "htmlparser2@npm:8.0.1" +"htmlparser2@npm:^8.0.0, htmlparser2@npm:^8.0.2": + version: 8.0.2 + resolution: "htmlparser2@npm:8.0.2" dependencies: domelementtype: ^2.3.0 - domhandler: ^5.0.2 + domhandler: ^5.0.3 domutils: ^3.0.1 - entities: ^4.3.0 - checksum: 06d5c71e8313597722bc429ae2a7a8333d77bd3ab07ccb916628384b37332027b047f8619448d8f4a3312b6609c6ea3302a4e77435d859e9e686999e6699ca39 + entities: ^4.4.0 + checksum: 29167a0f9282f181da8a6d0311b76820c8a59bc9e3c87009e21968264c2987d2723d6fde5a964d4b7b6cba663fca96ffb373c06d8223a85f52a6089ced942700 languageName: node linkType: hard -"htmlparser2@npm:^8.0.2": - version: 8.0.2 - resolution: "htmlparser2@npm:8.0.2" +"htmlparser2@npm:^8.0.1": + version: 8.0.1 + resolution: "htmlparser2@npm:8.0.1" dependencies: domelementtype: ^2.3.0 - domhandler: ^5.0.3 + domhandler: ^5.0.2 domutils: ^3.0.1 - entities: ^4.4.0 - checksum: 29167a0f9282f181da8a6d0311b76820c8a59bc9e3c87009e21968264c2987d2723d6fde5a964d4b7b6cba663fca96ffb373c06d8223a85f52a6089ced942700 + entities: ^4.3.0 + checksum: 06d5c71e8313597722bc429ae2a7a8333d77bd3ab07ccb916628384b37332027b047f8619448d8f4a3312b6609c6ea3302a4e77435d859e9e686999e6699ca39 languageName: node linkType: hard @@ -43716,6 +43725,20 @@ __metadata: languageName: node linkType: hard +"sanitize-html@npm:2.11.0": + version: 2.11.0 + resolution: "sanitize-html@npm:2.11.0" + dependencies: + deepmerge: ^4.2.2 + escape-string-regexp: ^4.0.0 + htmlparser2: ^8.0.0 + is-plain-object: ^5.0.0 + parse-srcset: ^1.0.2 + postcss: ^8.3.11 + checksum: 44807f22b0feb5a6a883b4bc04bcd8690ec3bbd6dacb24d6e52226ffe0c0e4fad43d6a882ce60e3884a327fae2de01e67e566e3a211491add50ff0160be2e98a + languageName: node + linkType: hard + "sanitize-html@npm:2.7.0": version: 2.7.0 resolution: "sanitize-html@npm:2.7.0"