fix(security): address CVE-2021-3749 - axios >=0.22.0

Ensured that axios is updated to >=0.22.0 in all packages that use it.

The only place where it was not possible to upgrade it through upgrading
transitive dependencies was the ubiquity connector package so for that one
I forced the issue through the resolutions section of the root package.json.

-----------------------------------------------

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses
- [WeaknessCWE-400](https://cwe.mitre.org/data/definitions/400.html)
- [WeaknessCWE-1333](https://cwe.mitre.org/data/definitions/1333.html)

CVE ID: `CVE-2021-3749`
GHSA ID: `GHSA-cph5-m8f7-6c5x`

Fixes #2790

[skip ci]

Signed-off-by: Peter Somogyvari <[email protected]>

Author: petermetz

.cspell.json

@@ -20,11 +20,11 @@
         "cactusf",
         "cafile",
         "caio",
-        "cccs",
-        "ccep",
-        "cccg",
         "cbdc",
         "Cbdc",
+        "cccg",
+        "cccs",
+        "ccep",
         "ccid",
         "celo",
         "cids",
@@ -69,6 +69,7 @@
         "immalleable",
         "ipaddress",
         "ipfs",
+        "IPFSHTTP",
         "Iroha",
         "Irohad",
         "isready",
@@ -89,8 +90,8 @@
         "miekg",
         "mitchellh",
         "MSPCONFIGPATH",
-        "Mspids",
         "MSPID",
+        "Mspids",
         "MSPIDSCOPEALLFORTX",
         "MSPIDSCOPEANYFORTX",
         "Mtls",

examples/cactus-example-carbon-accounting-business-logic-plugin/package.json

@@ -64,7 +64,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-alpha.2",
     "@hyperledger/cactus-plugin-ledger-connector-xdai": "2.0.0-alpha.2",
     "async-exit-hook": "2.0.1",
-    "axios": "0.21.4",
+    "axios": "1.5.1",
     "express": "4.18.2",
     "openapi-types": "9.1.0",
     "typescript-optional": "2.0.1",

examples/cactus-example-cbdc-bridging-backend/package.json

@@ -70,7 +70,7 @@
     "@openzeppelin/contracts": "4.9.3",
     "@openzeppelin/contracts-upgradeable": "4.9.3",
     "async-exit-hook": "2.0.1",
-    "axios": "^0.27.2",
+    "axios": "1.5.1",
     "crypto-js": "4.1.1",
     "dotenv": "^16.0.1",
     "fabric-network": "2.2.19",

examples/cactus-example-discounted-asset-trade/package.json

@@ -24,7 +24,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-alpha.2",
     "@hyperledger/cactus-verifier-client": "2.0.0-alpha.2",
     "@types/node": "14.18.54",
-    "axios": "0.24.0",
+    "axios": "1.5.1",
     "body-parser": "1.20.2",
     "cookie-parser": "1.4.6",
     "debug": "3.1.0",

examples/cactus-example-supply-chain-backend/package.json

@@ -64,7 +64,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-quorum": "2.0.0-alpha.2",
     "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2",
     "async-exit-hook": "2.0.1",
-    "axios": "0.21.4",
+    "axios": "1.5.1",
     "dotenv": "16.0.0",
     "express": "4.18.2",
     "express-jwt": "8.4.1",

examples/cactus-example-supply-chain-business-logic-plugin/package.json

@@ -65,7 +65,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-alpha.2",
     "@hyperledger/cactus-plugin-ledger-connector-quorum": "2.0.0-alpha.2",
     "async-exit-hook": "2.0.1",
-    "axios": "0.21.4",
+    "axios": "1.5.1",
     "express": "4.18.2",
     "openapi-types": "9.1.0",
     "typescript-optional": "2.0.1",

extensions/cactus-plugin-htlc-coordinator-besu/package.json

@@ -64,7 +64,7 @@
     "@hyperledger/cactus-plugin-htlc-eth-besu-erc20": "2.0.0-alpha.2",
     "@hyperledger/cactus-plugin-ledger-connector-besu": "2.0.0-alpha.2",
     "@hyperledger/cactus-test-plugin-htlc-eth-besu-erc20": "2.0.0-alpha.2",
-    "axios": "0.21.4",
+    "axios": "1.5.1",
     "body-parser": "1.20.2",
     "fast-safe-stringify": "2.1.1",
     "joi": "14.3.1",

extensions/cactus-plugin-object-store-ipfs/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hyperledger/cactus-plugin-object-store-ipfs",
   "version": "2.0.0-alpha.2",
-  "description": "IPFS backed objec store plugin implementation for Hyperledger Cactus",
+  "description": "IPFS backed object store plugin implementation for Hyperledger Cactus",
   "keywords": [
     "Hyperledger",
     "Cactus",
@@ -58,7 +58,7 @@
     "@hyperledger/cactus-common": "2.0.0-alpha.2",
     "@hyperledger/cactus-core": "2.0.0-alpha.2",
     "@hyperledger/cactus-core-api": "2.0.0-alpha.2",
-    "axios": "0.21.4",
+    "axios": "1.5.1",
     "ipfs-http-client": "60.0.1",
     "run-time-error": "1.4.0",
     "typescript-optional": "2.0.1",
@@ -68,7 +68,7 @@
     "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2",
     "@types/express": "4.17.19",
     "express": "4.18.2",
-    "ipfs-core-types": "0.6.1",
+    "ipfs-core-types": "0.14.1",
     "multiformats": "9.4.9"
   },
   "engines": {

extensions/cactus-plugin-object-store-ipfs/src/main/typescript/i-ipfs-http-client.ts

@@ -1,11 +1,11 @@
 import type { IPFS } from "ipfs-core-types";
-import type { EndpointConfig } from "ipfs-http-client";
+import type { EndpointConfig, IPFSHTTPClient } from "ipfs-http-client";
 
 export interface IIpfsHttpClient extends IPFS {
   getEndpointConfig: () => EndpointConfig;
 }
 
-export function isIpfsHttpClientOptions(x: unknown): x is IIpfsHttpClient {
+export function isIpfsHttpClientOptions(x: unknown): x is IPFSHTTPClient {
   if (!x) {
     return false;
   }

extensions/cactus-plugin-object-store-ipfs/src/main/typescript/plugin-object-store-ipfs.ts

@@ -1,6 +1,6 @@
 import path from "path";
 import type { Express } from "express";
-import { create } from "ipfs-http-client";
+import { create, IPFSHTTPClient } from "ipfs-http-client";
 import type { Options } from "ipfs-http-client";
 import { RuntimeError } from "run-time-error";
 import { Logger, Checks, LoggerProvider } from "@hyperledger/cactus-common";
@@ -22,7 +22,6 @@ import OAS from "../json/openapi.json";
 import { GetObjectEndpointV1 } from "./web-services/get-object-endpoint-v1";
 import { SetObjectEndpointV1 } from "./web-services/set-object-endpoint-v1";
 import { HasObjectEndpointV1 } from "./web-services/has-object-endpoint-v1";
-import type { IIpfsHttpClient } from "./i-ipfs-http-client";
 import { isIpfsHttpClientOptions } from "./i-ipfs-http-client";
 
 export const K_IPFS_JS_HTTP_ERROR_FILE_DOES_NOT_EXIST =
@@ -31,13 +30,13 @@ export const K_IPFS_JS_HTTP_ERROR_FILE_DOES_NOT_EXIST =
 export interface IPluginObjectStoreIpfsOptions extends ICactusPluginOptions {
   readonly logLevel?: LogLevelDesc;
   readonly parentDir: string;
-  readonly ipfsClientOrOptions: Options | IIpfsHttpClient;
+  readonly ipfsClientOrOptions: Options | IPFSHTTPClient;
 }
 
 export class PluginObjectStoreIpfs implements IPluginObjectStore {
   public static readonly CLASS_NAME = "PluginObjectStoreIpfs";
 
-  private readonly ipfs: IIpfsHttpClient;
+  private readonly ipfs: IPFSHTTPClient;
   private readonly log: Logger;
   private readonly instanceId: string;
   private readonly parentDir: string;