Update dependencies to address CVE-2023-45857 (#689)

A vulnerable dependency was used by the CouchDB wallet implementation.

NOTE: The updated dependency version requires a Node 14 or later.
Therefore Node 10 and 12 are no longer supported.

Signed-off-by: Mark S. Lewis <[email protected]>

.github/workflows/test.yml

@@ -23,7 +23,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [ 10, 12, 14, 16, 18 ]
+        node-version:
+          - 14
+          - 16
+          - 18
+          - 20
 
     steps:
       - uses: actions/checkout@v3
@@ -33,10 +37,6 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-      - name: Update npm
-        run: |
-          npm update --global npm
-          npm --version
       - name: Install SoftHSM
         run: |
           sudo apt-get install softhsm2

.npmrc

@@ -0,0 +1 @@
+engine-strict=true

docs/index.md

@@ -37,7 +37,7 @@ The following tables show versions of Fabric, Node and other dependencies that a
 |     | Tested | Supported |
 | --- | ------ | --------- |
 | **Fabric** | 2.2 | 2.2 |
-| **Node** | 10, 12, 14, 16, 18 | 10 LTS, 12 LTS, 14 LTS, 16 LTS, 18 LTS |
+| **Node** | 14, 16, 18, 20 | 14 LTS, 16 LTS, 18 LTS, 20 LTS |
 | **Platform** | Ubuntu 22.04 | |
 
 

fabric-ca-client/.npmrc

@@ -0,0 +1 @@
+engine-strict=true

fabric-common/.npmrc

@@ -0,0 +1 @@
+engine-strict=true

fabric-common/package.json

@@ -27,7 +27,7 @@
 		"callsite": "^1.0.0",
 		"elliptic": "^6.5.4",
 		"fabric-protos": "file:../fabric-protos",
-		"js-sha3": "^0.8.0",
+		"js-sha3": "^0.9.2",
 		"jsrsasign": "^10.5.25",
 		"long": "^5.2.3",
 		"nconf": "^0.12.0",

fabric-common/types/tsconfig.json

@@ -1,15 +1,13 @@
 {
     "$schema": "https://json.schemastore.org/tsconfig",
-    "extends": "@tsconfig/node10/tsconfig.json",
+    "extends": "@tsconfig/node14/tsconfig.json",
     "compilerOptions": {
         "preserveConstEnums": true,
         "sourceMap": true,
         "declaration": true,
         "declarationMap": true,
-        "strict": true,
         "noUnusedLocals": true,
         "noImplicitReturns": true,
-        "forceConsistentCasingInFileNames": true,
         "baseUrl": ".",
         "paths": {
             "*": [

fabric-network/.npmrc

@@ -0,0 +1 @@
+engine-strict=true

fabric-network/package.json

@@ -20,14 +20,14 @@
     "test": "nyc mocha --recursive  -t 10000"
   },
   "engines": {
-    "node": ">=10.13.0"
+    "node": ">=14"
   },
   "types": "./types/index.d.ts",
   "dependencies": {
     "fabric-common": "file:../fabric-common",
     "fabric-protos": "file:../fabric-protos",
     "long": "^5.2.3",
-    "nano": "^9.0.5"
+    "nano": "^10.1.2"
   },
   "nyc": {
     "exclude": [

fabric-network/tsconfig.json

@@ -1,16 +1,14 @@
 {
     "$schema": "https://json.schemastore.org/tsconfig",
-    "extends": "@tsconfig/node10/tsconfig.json",
+    "extends": "@tsconfig/node14/tsconfig.json",
 	"compilerOptions": {
 		"declaration": true,
         "declarationMap": true,
 		"outDir": "./lib",
 		"rootDir": "./src",
 		"sourceMap": true,
-		"strict": true,
         "noUnusedLocals": true,
-        "noImplicitReturns": true,
-        "forceConsistentCasingInFileNames": true
+        "noImplicitReturns": true
 	},
 	"include": [
 		"src/"

fabric-network/tsconfig.lint.json

@@ -1,6 +1,6 @@
 {
     "$schema": "https://json.schemastore.org/tsconfig",
-    "extends": "@tsconfig/node10/tsconfig.json",
+    "extends": "@tsconfig/node14/tsconfig.json",
 	"compilerOptions": {
 		"allowJs": false,
 		"declaration": true,

fabric-protos/.npmrc

@@ -0,0 +1 @@
+engine-strict=true

package.json

@@ -42,21 +42,22 @@
   "devDependencies": {
     "@cucumber/cucumber": "^7.3.2",
     "@cucumber/pretty-formatter": "^1.0.0-alpha.1",
-    "@tsconfig/node10": "^1.0.8",
+    "@tsconfig/node14": "^14.1.0",
     "@types/chai": "^4.2.18",
     "@types/chai-as-promised": "^7.1.4",
     "@types/mocha": "^8.2.3",
+    "@types/node": "^14.18.63",
     "@types/rimraf": "^3.0.0",
     "@types/sinon": "^10.0.0",
     "@types/tape": "^4.2.33",
-    "@typescript-eslint/eslint-plugin": "~4.33.0",
-    "@typescript-eslint/parser": "^4.33.0",
+    "@typescript-eslint/eslint-plugin": "^5.62.0",
+    "@typescript-eslint/parser": "^5.62.0",
     "bn.js": "^5.2.0",
     "chai": "^4.3.4",
     "chai-as-promised": "^7.1.1",
     "elliptic": "^6.5.4",
-    "eslint": "^7.32.0",
-    "eslint-plugin-tsdoc": "^0.2.14",
+    "eslint": "^8.53.0",
+    "eslint-plugin-tsdoc": "^0.2.17",
     "fabric-ca-client": "file:./fabric-ca-client",
     "fabric-client": "^1.4.18",
     "fabric-common": "file:./fabric-common",
@@ -76,9 +77,9 @@
     "strip-ansi": "^6.0.1",
     "tape": "^5.2.2",
     "tape-promise": "^4.0.0",
-    "ts-mocha": "^9.0.2",
+    "ts-mocha": "^10.0.0",
     "ts-mock-imports": "^1.3.4",
-    "typescript": "~4.4.4",
+    "typescript": "~4.9.5",
     "winston": "^2.4.5"
   },
   "licenses": [

test/ts-fixtures/chaincode/node/events/package.json

@@ -4,16 +4,15 @@
 	"description": "events chaincode implemented in node.js",
     "main": "index.js",
 	"engines": {
-		"node": ">=8",
-		"npm": ">=5"
+		"node": ">=8"
 	},
 	"scripts": {
         "start": "fabric-chaincode-node start"
 	},
 	"engine-strict": true,
 	"license": "Apache-2.0",
 	"dependencies": {
-        "fabric-contract-api": "^2.0.0",
-        "fabric-shim": "^2.0.0"
+        "fabric-contract-api": "~2.2.0",
+        "fabric-shim": "~2.2.0"
 	}
 }

test/ts-fixtures/chaincode/node/fabcar/package.json

@@ -4,8 +4,7 @@
     "description": "FabCar contract implemented in JavaScript",
     "main": "index.js",
     "engines": {
-        "node": ">=8",
-        "npm": ">=5"
+        "node": ">=8"
     },
     "scripts": {
         "lint": "eslint .",
@@ -17,8 +16,8 @@
     "author": "Hyperledger",
     "license": "Apache-2.0",
     "dependencies": {
-        "fabric-contract-api": "^2.0.0",
-        "fabric-shim": "^2.0.0"
+        "fabric-contract-api": "~2.2.0",
+        "fabric-shim": "~2.2.0"
     },
     "devDependencies": {
         "chai": "^4.1.2",

test/ts-fixtures/chaincode/node/fabcarUpgrade/package.json

@@ -4,8 +4,7 @@
     "description": "FabCar contract implemented in JavaScript",
     "main": "index.js",
     "engines": {
-        "node": ">=8",
-        "npm": ">=5"
+        "node": ">=8"
     },
     "scripts": {
         "lint": "eslint .",
@@ -17,8 +16,8 @@
     "author": "Hyperledger",
     "license": "Apache-2.0",
     "dependencies": {
-        "fabric-contract-api": "^2.0.0",
-        "fabric-shim": "^2.0.0"
+        "fabric-contract-api": "~2.2.0",
+        "fabric-shim": "~2.2.0"
     },
     "devDependencies": {
         "chai": "^4.1.2",

test/ts-scenario/src/steps/lib/chaincode.ts

@@ -169,7 +169,7 @@ async function submitChannelRequest(
 					BaseUtils.logAndThrow(msg);
 				}
 			} else if (response.response && response.response.status) {
-				if (response.response.status === 200) {
+				if (response.response.status === Client.Status.SUCCESS) {
 					BaseUtils.logMsg(` - Good peer response ${response.response.status as number}`);
 				} else {
 					BaseUtils.logAndThrow(`Problem with the chaincode invoke :: status: ${response.response.status} message: ${response.response.message}`);

test/ts-scenario/src/steps/lib/deprecatedSDK.ts

@@ -105,7 +105,7 @@ export async function sdk_chaincode_install_for_org(ccType: 'golang' | 'car' | '
 		const errors: Client.ProposalErrorResponse[] = [];
 		for (const proposalResponse of proposalResponses) {
 			let valid = false;
-			if ((proposalResponse as Client.ProposalResponse).response && (proposalResponse as Client.ProposalResponse).response.status === 200) {
+			if ((proposalResponse as Client.ProposalResponse).response?.status === Client.Status.SUCCESS) {
 				valid = true;
 			} else {
 				errors.push(proposalResponse as Client.ProposalErrorResponse);
@@ -221,7 +221,7 @@ export async function sdk_chaincode_instantiate(ccName: string, ccType: 'golang'
 		}
 		const proposal: Client.Proposal = results[1];
 		for (const proposalResponse of proposalResponses) {
-			if (!((proposalResponse).response && (proposalResponse).response.status === 200)) {
+			if (proposalResponse.response?.status !== Client.Status.SUCCESS) {
 				throw new Error(`The proposal of type ${type} was bad: ${JSON.stringify(proposalResponse)}`);
 			}
 		}

test/ts-scenario/src/steps/lib/utility/clientUtils.ts

@@ -318,7 +318,7 @@ export async function commitChannelRequest(requestName: string, clientName: stri
 					BaseUtils.logAndThrow('Eventer checkConnection test failed');
 				}
 			} catch (error) {
-				BaseUtils.logError(`Failed to connect to channel event hub ${eventer.toString()}`);
+				BaseUtils.logError(`Failed to connect to channel event hub ${util.inspect(eventer)}`);
 				BaseUtils.logError(`Failed to connect ${util.inspect(error)}`);
 				throw error;
 			}
@@ -513,7 +513,7 @@ export async function queryChannelRequest(clientName: string, channelName: strin
 						queryObject.results.chaincodecheck = queryObject.results.general;
 					}
 					for (const error of queryResponse.errors) {
-						queryObject.results[`peer${inc}`] = error.toString();
+						queryObject.results[`peer${inc}`] = String(error);
 						BaseUtils.logMsg(`Query failure ${util.inspect(queryObject.results[`peer${inc}`])}`);
 						inc++;
 					}

test/ts-scenario/tsconfig.json

@@ -1,14 +1,12 @@
 {
     "$schema": "https://json.schemastore.org/tsconfig",
-    "extends": "@tsconfig/node10/tsconfig.json",
+    "extends": "@tsconfig/node14/tsconfig.json",
 	"compilerOptions": {
 		"declaration": true,
         "declarationMap": true,
 		"sourceMap": true,
-		"strict": true,
         "noUnusedLocals": true,
         "noImplicitReturns": true,
-        "forceConsistentCasingInFileNames": true,
         "outDir": "lib",
         "rootDir": "src"
 	}