chore(deps): fabric connector upgrade bl #499

petermetz · 2021-01-15T19:45:57Z

Fixes #498

commit 5431c4708e842fb4c8384882bd4d5e02f7bef045
Author: Peter Somogyvari <peter.somogyvari@accenture.com>
Date:   Fri Jan 15 11:44:33 2021 -0800

    chore(deps): specify explicit bl version 1.2.3 in fabric plugin
    
    This is necessary so that we can resolve the issue of us
    being susceptible to this CVE:
    
    https://github.com/advisories/GHSA-pp7h-53gx-mx7r
    
    Fixes #498
    
    Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Depends on #506

jonathan-m-hamilton

LGTM

This is necessary so that we can resolve the issue of us being susceptible to this CVE: GHSA-pp7h-53gx-mx7r Fixes hyperledger-cacti#498 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

github-actions · 2021-01-26T00:31:05Z

🎉 Great news! Looks like all the dependencies have been resolved:

~~fix(package-json): invalid webpack commit sha #506~~

💡 To add or remove a dependency please update this issue/PR description.

Brought to you by Dependent Issues (:robot: ). Happy coding!

- Prototype Pollution in immer hyperledger-cacti#434 hyperledger-cacti#435 - Overflow in prost-types hyperledger-cacti#423 - Dependabot alerts hyperledger-cacti#499 - Dependabot alerts hyperledger-cacti#570 Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>

petermetz added Fabric Security Related to existing or potential security vulnerabilities labels Jan 15, 2021

petermetz added this to the v0.4.0 milestone Jan 15, 2021

petermetz requested review from sfuji822, jonathan-m-hamilton and takeutak January 15, 2021 19:45

petermetz changed the title ~~chore/deps/fabric connector upgrade bl~~ chore(deps): fabric connector upgrade bl Jan 15, 2021

petermetz enabled auto-merge (rebase) January 15, 2021 19:46

petermetz added the help wanted Extra attention is needed label Jan 15, 2021

takeutak approved these changes Jan 19, 2021

View reviewed changes

petermetz force-pushed the chore/deps/fabric-connector-upgrade-bl-498 branch 2 times, most recently from edaea2a to 7ac5df4 Compare January 19, 2021 19:52

jonathan-m-hamilton approved these changes Jan 19, 2021

View reviewed changes

github-actions bot added the dependent label Jan 21, 2021

chore(deps): specify explicit bl version 1.2.3 in fabric plugin

14c8c5e

This is necessary so that we can resolve the issue of us being susceptible to this CVE: GHSA-pp7h-53gx-mx7r Fixes hyperledger-cacti#498 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

petermetz force-pushed the chore/deps/fabric-connector-upgrade-bl-498 branch from 00dc777 to 14c8c5e Compare January 26, 2021 00:30

github-actions bot removed the dependent label Jan 26, 2021

petermetz merged commit b13b213 into hyperledger-cacti:main Jan 26, 2021

petermetz deleted the chore/deps/fabric-connector-upgrade-bl-498 branch January 26, 2021 17:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): fabric connector upgrade bl #499

chore(deps): fabric connector upgrade bl #499

petermetz commented Jan 15, 2021 •

edited

Loading

jonathan-m-hamilton left a comment

github-actions bot commented Jan 26, 2021

chore(deps): fabric connector upgrade bl #499

chore(deps): fabric connector upgrade bl #499

Conversation

petermetz commented Jan 15, 2021 • edited Loading

jonathan-m-hamilton left a comment

Choose a reason for hiding this comment

github-actions bot commented Jan 26, 2021

petermetz commented Jan 15, 2021 •

edited

Loading