build(deps): fix CVE-2024-21484 - force jsrsasign >=11.0.0 resolutions

1. Also upgraded the Fabric ledger related dependencies across the board
because this newer version has a higher probability of not having issues
with the newer transitive dependency that we are forcing on it.

Signed-off-by: Peter Somogyvari <[email protected]>

compute_changed_packages.yaml

@@ -0,0 +1,25 @@
+  compute_changed_packages:
+    outputs:
+      plugin-ledger-connector-besu-changed: ${{ steps.changes.outputs.plugin-ledger-connector-besu-changed }}
+      plugin-ledger-connector-corda-changed: ${{ steps.changes.outputs.plugin-ledger-connector-corda-changed }}
+      plugin-ledger-connector-fabric-changed: ${{ steps.changes.outputs.plugin-ledger-connector-fabric-changed }}
+      plugin-ledger-connector-quorum-changed: ${{ steps.changes.outputs.plugin-ledger-connector-quorum-changed }}
+      cmd-api-server-changed: ${{ steps.changes.outputs.cmd-api-server-changed }}
+
+
+    needs: 
+      - build-dev
+      - compute_changed_packages
+    if: needs.compute_changed_packages.outputs.plugin-ledger-connector-iroha2-changed == 'true'
+
+
+    needs: 
+      - build-dev
+      - compute_changed_packages
+    if: needs.compute_changed_packages.outputs.ghcr-corda-all-in-one-obligation-changed == 'true'
+
+
+
+    needs: 
+      - compute_changed_packages
+    if: needs.compute_changed_packages.outputs.ghcr-corda-all-in-one-obligation-changed == 'true'

examples/cactus-example-carbon-accounting-backend/package.json

@@ -65,7 +65,7 @@
     "@openzeppelin/contracts": "4.9.3",
     "@openzeppelin/contracts-upgradeable": "4.9.3",
     "async-exit-hook": "2.0.1",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "fs-extra": "10.1.0",
     "openapi-types": "9.1.0",
     "typescript-optional": "2.0.1",

examples/cactus-example-cbdc-bridging-backend/package.json

@@ -73,7 +73,7 @@
     "axios": "1.6.0",
     "crypto-js": "4.2.0",
     "dotenv": "^16.0.1",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "fs-extra": "10.1.0",
     "knex": "2.5.1",
     "kubo-rpc-client": "3.0.1",

examples/cactus-example-discounted-asset-trade/package.json

@@ -32,8 +32,8 @@
     "ethereumjs-common": "1.5.2",
     "ethereumjs-tx": "2.1.2",
     "express": "4.18.2",
-    "fabric-ca-client": "2.2.19",
-    "fabric-network": "2.2.19",
+    "fabric-ca-client": "2.2.20",
+    "fabric-network": "2.2.20",
     "http-errors": "1.6.3",
     "indy-sdk": "1.16.0-dev-1655",
     "jsonwebtoken": "9.0.0",

examples/cactus-example-electricity-trade/package.json

@@ -29,8 +29,8 @@
     "ethereumjs-common": "1.5.2",
     "ethereumjs-tx": "2.1.2",
     "express": "4.18.2",
-    "fabric-ca-client": "2.2.19",
-    "fabric-network": "2.2.19",
+    "fabric-ca-client": "2.2.20",
+    "fabric-network": "2.2.20",
     "http-errors": "1.6.3",
     "js-yaml": "3.14.1",
     "jsonwebtoken": "9.0.0",

examples/cactus-example-supply-chain-backend/package.json

@@ -70,7 +70,7 @@
     "dotenv": "16.0.0",
     "express": "4.18.2",
     "express-jwt": "8.4.1",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "jose": "4.9.2",
     "openapi-types": "9.1.0",
     "solc": "0.8.6",

examples/cactus-example-tcs-huawei/package.json

@@ -24,8 +24,8 @@
     "ethereumjs-common": "1.5.2",
     "ethereumjs-tx": "2.1.2",
     "express": "4.18.2",
-    "fabric-ca-client": "2.2.19",
-    "fabric-network": "2.2.19",
+    "fabric-ca-client": "2.2.20",
+    "fabric-network": "2.2.20",
     "http-errors": "1.6.3",
     "js-yaml": "3.14.1",
     "jsonwebtoken": "8.5.1",

examples/test-run-transaction/package.json

@@ -22,8 +22,8 @@
     "ethereumjs-common": "1.5.2",
     "ethereumjs-tx": "2.1.2",
     "express": "4.18.2",
-    "fabric-ca-client": "2.2.19",
-    "fabric-network": "2.2.19",
+    "fabric-ca-client": "2.2.20",
+    "fabric-network": "2.2.20",
     "http-errors": "1.6.3",
     "jsonwebtoken": "8.5.1",
     "log4js": "6.4.0",

package.json

@@ -87,6 +87,7 @@
     "glob-parent": ">=5.1.2",
     "http-cache-semantics": ">=4.1.1",
     "jsonwebtoken": ">=9.0.0",
+    "jsrsasign": ">=11.0.0",
     "lodash": ">=4.17.21",
     "minimist": ">=1.2.6",
     "nano": ">=10.0.0",

packages/cactus-cmd-socketio-server/package.json

@@ -53,7 +53,7 @@
     "ethereumjs-common": "1.5.2",
     "ethereumjs-tx": "2.1.2",
     "express": "4.18.2",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "http-errors": "1.6.3",
     "js-yaml": "3.14.1",
     "jsonwebtoken": "9.0.0",

packages/cactus-plugin-persistence-fabric/package.json

@@ -73,7 +73,7 @@
     "@hyperledger/cactus-plugin-keychain-memory": "2.0.0-alpha.2",
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-alpha.2",
     "axios": "1.6.0",
-    "fabric-protos": "2.2.19",
+    "fabric-protos": "2.2.20",
     "js-sha256": "0.9.0",
     "pg": "8.8.0",
     "safe-stable-stringify": "2.4.3",
@@ -86,7 +86,7 @@
     "@types/uuid": "8.3.4",
     "body-parser": "1.20.2",
     "express": "4.18.2",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "uuid": "8.3.2"
   },
   "engines": {

packages/cactus-plugin-satp-hermes/package.json

@@ -79,7 +79,7 @@
     "@types/uuid": "9.0.6",
     "body-parser": "1.20.2",
     "express": "4.18.2",
-    "fabric-network": "2.2.19",
+    "fabric-network": "2.2.20",
     "kubo-rpc-client": "3.0.1",
     "typescript": "5.3.3"
   },