From 79f30fd4c4bd015cab71aaeada2c5c3a301bf605 Mon Sep 17 00:00:00 2001 From: aldousalvarez Date: Mon, 29 Jan 2024 19:38:26 +0800 Subject: [PATCH] build(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421 Primary Changes ---------------- 1. Updated the version of the base image that is used in the Dockerfile 2. Updated the Dockerfile to use the yarn version 4 3. Updated the README to the new command to run the container Fixes #2745 Signed-off-by: aldousalvarez --- packages/cactus-plugin-ledger-connector-besu/Dockerfile | 8 +++++--- packages/cactus-plugin-ledger-connector-besu/README.md | 7 ++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/cactus-plugin-ledger-connector-besu/Dockerfile b/packages/cactus-plugin-ledger-connector-besu/Dockerfile index 7441514ba97..737cdc9cbb5 100644 --- a/packages/cactus-plugin-ledger-connector-besu/Dockerfile +++ b/packages/cactus-plugin-ledger-connector-besu/Dockerfile @@ -1,7 +1,9 @@ -FROM ghcr.io/hyperledger/cactus-cmd-api-server:2022-08-05-7309f2a -RUN npm install -g yarn@1.22.17 +FROM ghcr.io/hyperledger/cactus-cmd-api-server:2024-03-18-8ddc02d +RUN npm install -g yarn \ + && yarn set version 4.1.0 \ + && yarn config set nodeLinker node-modules ENV NODE_ENV=production ARG NPM_PKG_VERSION=latest -RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION} --production --ignore-engines +RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION} --exact diff --git a/packages/cactus-plugin-ledger-connector-besu/README.md b/packages/cactus-plugin-ledger-connector-besu/README.md index 9d7e25bde67..89c25a74f47 100644 --- a/packages/cactus-plugin-ledger-connector-besu/README.md +++ b/packages/cactus-plugin-ledger-connector-besu/README.md @@ -149,7 +149,12 @@ docker run \ --rm \ --publish 3000:3000 \ --publish 4000:4000 \ - --env PLUGINS='[{"packageName": "@hyperledger/cactus-plugin-ledger-connector-besu", "type": "org.hyperledger.cactus.plugin_import_type.LOCAL", "action": "org.hyperledger.cactus.plugin_import_action.INSTALL", "options": {"rpcApiHttpHost": "http://localhost:8545", "rpcApiWsHost":"ws://localhost:8546", "instanceId": "some-unique-besu-connector-instance-id"}}]' \ + --env AUTHORIZATION_PROTOCOL='NONE' \ + --env AUTHORIZATION_CONFIG_JSON='{}' \ + --env GRPC_TLS_ENABLED=false \ + cplcb \ + node_modules/@hyperledger/cactus-cmd-api-server/dist/lib/main/typescript/cmd/cactus-api.js \ + --plugins='[{"packageName": "@hyperledger/cactus-plugin-ledger-connector-besu", "type": "org.hyperledger.cactus.plugin_import_type.LOCAL", "action": "org.hyperledger.cactus.plugin_import_action.INSTALL", "options": {"rpcApiHttpHost": "http://localhost:8545", "rpcApiWsHost":"ws://localhost:8546", "instanceId": "some-unique-besu-connector-instance-id"}}]' \ cplcb ```