Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(examples): upgrade Angular to v15 #2229

Closed
petermetz opened this issue Dec 8, 2022 · 1 comment · Fixed by #2540
Closed

docs(examples): upgrade Angular to v15 #2229

petermetz opened this issue Dec 8, 2022 · 1 comment · Fixed by #2540
Assignees
@petermetz
Labels
dependencies Pull requests that update a dependency file dependent Developer_Experience enhancement New feature or request good-first-issue Good for newcomers good-first-issue-400-expert Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities

Comments

@petermetz
Copy link
Member

petermetz commented Dec 8, 2022
edited

Description

Depends on #2231
Depends on #2377

There are vulnerabilities in the transitive dependencies of older Angular versions.
For example this one: #2228

$ npm ls socket.io-parser

├─┬ @hyperledger/cactus-example-supply-chain-frontend@1.1.3 -> ./examples/cactus-example-supply-chain-frontend
│ ├─┬ @angular-devkit/build-angular@13.3.5
│ │ └─┬ karma@6.3.19
│ │   └─┬ socket.io@4.5.0
│ │     └── socket.io-parser@4.0.4 deduped
│ └─┬ karma@6.3.19
│   └─┬ socket.io@4.5.0
│     └── socket.io-parser@4.0.4 deduped
└─┬ karma@6.3.16
  └─┬ socket.io@4.4.1
    └── socket.io-parser@4.0.4
@petermetz petermetz added enhancement New feature or request good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Developer_Experience Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-400-expert P1 Priority 1: Highest labels Dec 8, 2022
@petermetz petermetz self-assigned this Dec 8, 2022
@petermetz petermetz mentioned this issue Dec 8, 2022
Closed
petermetz added a commit to petermetz/cacti that referenced this issue Dec 8, 2022
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
5f82a69 
To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

Depends on hyperledger#2229

Fixes hyperledger#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz mentioned this issue Dec 8, 2022
Merged
petermetz added a commit to petermetz/cacti that referenced this issue Dec 8, 2022
@petermetz
docs(examples): upgrade Angular to v15
930d655 
Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Dec 8, 2022
@petermetz
docs(examples): upgrade Angular to v15
f4c243d 
WORK IN PROGRESS
BUILD IS BROKEN RIGHT NOW

Fixes hyperledger#2229
@github-actions
Copy link

github-actions bot commented Dec 8, 2022
edited

This PR/issue depends on:

petermetz added a commit to petermetz/cacti that referenced this issue Dec 9, 2022
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
2ae862f 
To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on hyperledger#2229

Fixes hyperledger#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Mar 25, 2023
@petermetz
docs(examples): upgrade Angular to v14
55ffa43 
Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 3, 2023
@petermetz
docs(examples): upgrade Angular to v15
f6a004f 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 6, 2023
@petermetz
docs(examples): upgrade Angular to v15
078c229 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz mentioned this issue Jul 6, 2023
Merged
petermetz added a commit to petermetz/cacti that referenced this issue Jul 6, 2023
@petermetz
docs(examples): upgrade Angular to v15
7a31735 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.
6. Set the rootDir property in the electricity trade example's tsconfig.json
file to the standard value (./) because without it the new tsc compiler
version seems to be putting the compiled source files in a different
location by default (probably an accidental breaking change on the compiler's
part or just a lack of my understanding of how the configuration of it
should work). With the rootDir explicitly specified, it appears to be
compiling the files in the correct location as before.

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 7, 2023
@petermetz
docs(examples): upgrade Angular to v15
c023f2f 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.
6. Set the rootDir property in the electricity trade example's tsconfig.json
file to the standard value (./) because without it the new tsc compiler
version seems to be putting the compiled source files in a different
location by default (probably an accidental breaking change on the compiler's
part or just a lack of my understanding of how the configuration of it
should work). With the rootDir explicitly specified, it appears to be
compiling the files in the correct location as before.
7. De-duplicated the examples/cactus-example-tcs-huawei/tsconfig.json
file's compilerOptions.tsBuildInfoFile property because it was in collision
with the electricity trade example's property of the same name, leading to
the compiler thinking that it had already compiled the package's code
when it has not.

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 14, 2023
@petermetz
docs(examples): upgrade Angular to v15
11c8b11 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.
6. Set the rootDir property in the electricity trade example's tsconfig.json
file to the standard value (./) because without it the new tsc compiler
version seems to be putting the compiled source files in a different
location by default (probably an accidental breaking change on the compiler's
part or just a lack of my understanding of how the configuration of it
should work). With the rootDir explicitly specified, it appears to be
compiling the files in the correct location as before.
7. De-duplicated the examples/cactus-example-tcs-huawei/tsconfig.json
file's compilerOptions.tsBuildInfoFile property because it was in collision
with the electricity trade example's property of the same name, leading to
the compiler thinking that it had already compiled the package's code
when it has not.

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Jul 14, 2023
@petermetz
docs(examples): upgrade Angular to v15
e0eec2d 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.
6. Set the rootDir property in the electricity trade example's tsconfig.json
file to the standard value (./) because without it the new tsc compiler
version seems to be putting the compiled source files in a different
location by default (probably an accidental breaking change on the compiler's
part or just a lack of my understanding of how the configuration of it
should work). With the rootDir explicitly specified, it appears to be
compiling the files in the correct location as before.
7. De-duplicated the examples/cactus-example-tcs-huawei/tsconfig.json
file's compilerOptions.tsBuildInfoFile property because it was in collision
with the electricity trade example's property of the same name, leading to
the compiler thinking that it had already compiled the package's code
when it has not.

Fixes #2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 16, 2023
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
1818915 
Project-wide update of socket-io was necessary to 4.5.4 because of its
transitive dependence on socket.io-parser.

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on hyperledger#2229

Fixes hyperledger#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Jul 16, 2023
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
b68a5d6 
Project-wide update of socket-io was necessary to 4.5.4 because of its
transitive dependence on socket.io-parser.

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on hyperledger#2229

Fixes hyperledger#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Jul 16, 2023
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
9172172 
Project-wide update of socket-io was necessary to 4.5.4 because of its
transitive dependence on socket.io-parser.

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on #2229

Fixes #2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@petermetz @sandeepnRES
docs(examples): upgrade Angular to v15
3b20197 
1. Upgraded from Angular v14 to v15 for both GUI packages that use it.
2. Upgraded the Typescript compiler project-wide to 4.8.4
3. Due to 2) There was a change needed in the file
examples/cactus-example-discounted-asset-trade/transaction-fabric.ts
which introduces a constraint on the T type parameter.
4. Disabled the staged files linting because right now ESLint is broken
due to our Typescript version being >=4.8.0 (and upgrading it was not
an option because then it is broken due to ESM issues...)
5. Cleaned out a lot of the unused dev dependencies of the front-end
packages where angular was upgraded. These dependencies were related to
end-to-end browser testing which we haven't set up yet to be executed
because all the front-end packages are just example code that - while
important to test - does not have the highest priority in this sense.
6. Set the rootDir property in the electricity trade example's tsconfig.json
file to the standard value (./) because without it the new tsc compiler
version seems to be putting the compiled source files in a different
location by default (probably an accidental breaking change on the compiler's
part or just a lack of my understanding of how the configuration of it
should work). With the rootDir explicitly specified, it appears to be
compiling the files in the correct location as before.
7. De-duplicated the examples/cactus-example-tcs-huawei/tsconfig.json
file's compilerOptions.tsBuildInfoFile property because it was in collision
with the electricity trade example's property of the same name, leading to
the compiler thinking that it had already compiled the package's code
when it has not.

Fixes hyperledger#2229

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@petermetz @sandeepnRES
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
abec3c1 
Project-wide update of socket-io was necessary to 4.5.4 because of its
transitive dependence on socket.io-parser.

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on hyperledger#2229

Fixes hyperledger#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
dependencies Pull requests that update a dependency file dependent Developer_Experience enhancement New feature or request good-first-issue Good for newcomers good-first-issue-400-expert Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs(examples): upgrade Angular to v15 petermetz/cacti
1 participant
@petermetz