fix(cactus-example-supply-chain-app): mitigate CVE-2022-24434 and CVE-2022-24999

Fixes #2041

These changes will fixx the following
vulnerabilities with their CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Signed-off-by: aldousalvarez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>

Author: aldousalvarez

examples/cactus-example-supply-chain-backend/package.json

@@ -66,7 +66,7 @@
     "async-exit-hook": "2.0.1",
     "axios": "0.21.4",
     "dotenv": "16.0.0",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "fabric-network": "2.2.10",
     "jose": "4.9.2",
     "openapi-types": "9.1.0",

examples/cactus-example-supply-chain-business-logic-plugin/package.json

@@ -64,7 +64,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-quorum": "1.2.0",
     "async-exit-hook": "2.0.1",
     "axios": "0.21.4",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "openapi-types": "9.1.0",
     "typescript-optional": "2.0.1",
     "uuid": "8.3.2"

examples/cactus-example-supply-chain-frontend/package.json

@@ -72,7 +72,7 @@
   },
   "devDependencies": {
     "@angular-builders/custom-webpack": "13.1.0",
-    "@angular-devkit/build-angular": "13.3.5",
+    "@angular-devkit/build-angular": "14.0.0",
     "@angular/cli": "13.3.5",
     "@angular/compiler": "13.3.7",
     "@angular/compiler-cli": "13.3.7",

packages/cactus-cmd-api-server/package.json

@@ -65,16 +65,16 @@
     "async-exit-hook": "2.0.1",
     "axios": "0.21.4",
     "bluebird": "3.7.2",
-    "body-parser": "1.19.0",
+    "body-parser": "1.20.1",
     "compression": "1.7.4",
     "convict": "6.2.4",
     "convict-format-with-validator": "6.2.0",
     "cors": "2.8.5",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "express-http-proxy": "1.6.2",
     "express-jwt": "6.0.0",
     "express-openapi-validator": "4.12.12",
-    "express-rate-limit": "6.3.0",
+    "express-rate-limit": "6.7.0",
     "fs-extra": "10.0.0",
     "google-protobuf": "3.18.0-rc.2",
     "jose": "4.9.2",

packages/cactus-plugin-consortium-manual/package.json

@@ -58,7 +58,7 @@
     "@hyperledger/cactus-core-api": "1.2.0",
     "axios": "0.21.4",
     "body-parser": "1.19.0",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "jose": "4.9.2",
     "json-stable-stringify": "1.0.1",
     "prom-client": "13.2.0",

packages/cactus-plugin-keychain-memory/package.json

@@ -57,7 +57,7 @@
     "@hyperledger/cactus-core": "1.2.0",
     "@hyperledger/cactus-core-api": "1.2.0",
     "axios": "0.21.4",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "prom-client": "13.2.0",
     "uuid": "8.3.2"
   },

packages/cactus-plugin-ledger-connector-fabric/package.json

@@ -60,7 +60,7 @@
     "axios": "0.21.4",
     "bl": "5.0.0",
     "bn.js": "4.12.0",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "fabric-ca-client": "2.5.0-snapshot.8",
     "fabric-common": "2.5.0-snapshot.8",
     "fabric-network": "2.5.0-snapshot.8",
@@ -69,7 +69,7 @@
     "form-data": "4.0.0",
     "http-status-codes": "2.1.4",
     "jsrsasign": "10.5.25",
-    "multer": "1.4.3",
+    "multer": "1.4.5-lts.1",
     "ngo": "2.7.0",
     "node-ssh": "12.0.0",
     "node-vault": "0.9.22",

packages/cactus-plugin-ledger-connector-quorum/package.json

@@ -57,7 +57,7 @@
     "@hyperledger/cactus-core": "1.2.0",
     "@hyperledger/cactus-core-api": "1.2.0",
     "axios": "0.21.4",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "prom-client": "13.2.0",
     "run-time-error": "1.4.0",
     "rxjs": "7.3.0",