Skip to content

Commit

Permalink
fix(cmd-api-server): fix CVE-2023-36665 protobufjs Prototype Pollutio…
Browse files Browse the repository at this point in the history
…n vuln

Upgraded all imports of protobufjs to non-vulnerable
versions (v7.2.5)

Fixes #2682

Signed-off-by: Peter Somogyvari <[email protected]>
  • Loading branch information
petermetz committed Sep 11, 2023
1 parent 55a1507 commit a649782
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 16 deletions.
2 changes: 1 addition & 1 deletion packages/cactus-cmd-api-server/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@
"grpc-tools": "1.12.4",
"grpc_tools_node_protoc_ts": "5.3.3",
"http-status-codes": "2.1.4",
"protobufjs": "7.2.4"
"protobufjs": "7.2.5"
},
"engines": {
"node": ">=10",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"lodash": "4.17.21",
"log4js": "6.4.1",
"morgan": "1.10.0",
"protobufjs": "5.0.3",
"protobufjs": "7.2.5",
"serve-favicon": "2.4.5",
"shelljs": "0.8.5",
"socket.io": "4.5.4"
Expand Down
2 changes: 1 addition & 1 deletion weaver/samples/fabric/fabric-cli/package-local.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
"jest": "29.6.2",
"pkg": "4.5.1",
"prettier": "1.19.1",
"protobufjs": "6.11.3",
"protobufjs": "7.2.5",
"ts-jest": "29.1.1",
"ts-node": "10.9.1",
"typescript": "4.9.5"
Expand Down
2 changes: 1 addition & 1 deletion weaver/samples/fabric/fabric-cli/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
"jest": "29.6.2",
"pkg": "4.5.1",
"prettier": "1.19.1",
"protobufjs": "6.11.3",
"protobufjs": "7.2.5",
"ts-jest": "29.1.1",
"ts-node": "10.9.1",
"typescript": "4.9.5"
Expand Down
44 changes: 32 additions & 12 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -6090,7 +6090,7 @@ __metadata:
node-notifier: 8.0.2
pkg: 4.5.1
prettier: 1.19.1
protobufjs: 6.11.3
protobufjs: 7.2.5
ts-jest: 29.1.1
ts-node: 10.9.1
typescript: 4.9.5
Expand Down Expand Up @@ -6291,7 +6291,7 @@ __metadata:
lmify: 0.3.0
node-forge: 1.3.0
prom-client: 13.2.0
protobufjs: 7.2.4
protobufjs: 7.2.5
run-time-error: 1.4.0
rxjs: 7.8.1
semver: 7.5.2
Expand Down Expand Up @@ -7148,7 +7148,7 @@ __metadata:
lodash: 4.17.21
log4js: 6.4.1
morgan: 1.10.0
protobufjs: 5.0.3
protobufjs: 7.2.5
serve-favicon: 2.4.5
shelljs: 0.8.5
socket.io: 4.5.4
Expand Down Expand Up @@ -37023,7 +37023,27 @@ __metadata:
languageName: node
linkType: hard

"protobufjs@npm:6.11.3, protobufjs@npm:^6.11.3":
"protobufjs@npm:7.2.5":
version: 7.2.5
resolution: "protobufjs@npm:7.2.5"
dependencies:
"@protobufjs/aspromise": ^1.1.2
"@protobufjs/base64": ^1.1.2
"@protobufjs/codegen": ^2.0.4
"@protobufjs/eventemitter": ^1.1.0
"@protobufjs/fetch": ^1.1.0
"@protobufjs/float": ^1.0.2
"@protobufjs/inquire": ^1.1.0
"@protobufjs/path": ^1.1.2
"@protobufjs/pool": ^1.1.0
"@protobufjs/utf8": ^1.1.0
"@types/node": ">=13.7.0"
long: ^5.0.0
checksum: 3770a072114061faebbb17cfd135bc4e187b66bc6f40cd8bac624368b0270871ec0cfb43a02b9fb4f029c8335808a840f1afba3c2e7ede7063b98ae6b98a703f
languageName: node
linkType: hard

"protobufjs@npm:^6.11.3":
version: 6.11.3
resolution: "protobufjs@npm:6.11.3"
dependencies:
Expand All @@ -37047,9 +37067,9 @@ __metadata:
languageName: node
linkType: hard

"protobufjs@npm:7.2.4, protobufjs@npm:^7.2.4":
version: 7.2.4
resolution: "protobufjs@npm:7.2.4"
"protobufjs@npm:^7.0.0":
version: 7.2.3
resolution: "protobufjs@npm:7.2.3"
dependencies:
"@protobufjs/aspromise": ^1.1.2
"@protobufjs/base64": ^1.1.2
Expand All @@ -37063,13 +37083,13 @@ __metadata:
"@protobufjs/utf8": ^1.1.0
"@types/node": ">=13.7.0"
long: ^5.0.0
checksum: a952cdf2a5e5250c16ae651b570849b6f5b20a5475c3eef63ffb290ad239aa2916adfc1cc676f7fc93c69f48113df268761c0c246f7f023118c85bdd1a170044
checksum: 9afa6de5fced0139a5180c063718508fac3ea734a9f1aceb99712367b15473a83327f91193f16b63540f9112b09a40912f5f0441a9b0d3f3c6a1c7f707d78249
languageName: node
linkType: hard

"protobufjs@npm:^7.0.0":
version: 7.2.3
resolution: "protobufjs@npm:7.2.3"
"protobufjs@npm:^7.2.4":
version: 7.2.4
resolution: "protobufjs@npm:7.2.4"
dependencies:
"@protobufjs/aspromise": ^1.1.2
"@protobufjs/base64": ^1.1.2
Expand All @@ -37083,7 +37103,7 @@ __metadata:
"@protobufjs/utf8": ^1.1.0
"@types/node": ">=13.7.0"
long: ^5.0.0
checksum: 9afa6de5fced0139a5180c063718508fac3ea734a9f1aceb99712367b15473a83327f91193f16b63540f9112b09a40912f5f0441a9b0d3f3c6a1c7f707d78249
checksum: a952cdf2a5e5250c16ae651b570849b6f5b20a5475c3eef63ffb290ad239aa2916adfc1cc676f7fc93c69f48113df268761c0c246f7f023118c85bdd1a170044
languageName: node
linkType: hard

Expand Down

0 comments on commit a649782

Please sign in to comment.