Skip to content

Commit

Permalink
fix(connector-besu): address CVEs: CVE-2022-21190,
Browse files Browse the repository at this point in the history
                    CVE-2023-36665, CVE-2022-2421

Primary Changes
----------------
1. Updated the version of the base image that is used in the Dockerfile
2. Updated the Dockerfile to use the yarn version 3
3. Updated the README to the new command to run the container

Fixes hyperledger-cacti#2745

Signed-off-by: aldousalvarez <[email protected]>
  • Loading branch information
aldousalvarez committed Feb 2, 2024
1 parent 0804bab commit 0f3e50b
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
6 changes: 4 additions & 2 deletions packages/cactus-plugin-ledger-connector-besu/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
FROM ghcr.io/hyperledger/cactus-cmd-api-server:2022-08-05-7309f2a
RUN npm install -g [email protected]
RUN npm install -g yarn \
&& yarn set version 3.6.3 \
&& yarn config set nodeLinker node-modules

ENV NODE_ENV=production
ARG NPM_PKG_VERSION=latest

RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION} --production --ignore-engines
RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION}
7 changes: 6 additions & 1 deletion packages/cactus-plugin-ledger-connector-besu/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,12 @@ docker run \
--rm \
--publish 3000:3000 \
--publish 4000:4000 \
--env PLUGINS='[{"packageName": "@hyperledger/cactus-plugin-ledger-connector-besu", "type": "org.hyperledger.cactus.plugin_import_type.LOCAL", "action": "org.hyperledger.cactus.plugin_import_action.INSTALL", "options": {"rpcApiHttpHost": "http://localhost:8545", "rpcApiWsHost":"ws://localhost:8546", "instanceId": "some-unique-besu-connector-instance-id"}}]' \
--env AUTHORIZATION_PROTOCOL='NONE' \
--env AUTHORIZATION_CONFIG_JSON='{}' \
--env GRPC_TLS_ENABLED=false \
cplcb \
node_modules/@hyperledger/cactus-cmd-api-server/dist/lib/main/typescript/cmd/cactus-api.js \
--plugins='[{"packageName": "@hyperledger/cactus-plugin-ledger-connector-besu", "type": "org.hyperledger.cactus.plugin_import_type.LOCAL", "action": "org.hyperledger.cactus.plugin_import_action.INSTALL", "options": {"rpcApiHttpHost": "http://localhost:8545", "rpcApiWsHost":"ws://localhost:8546", "instanceId": "some-unique-besu-connector-instance-id"}}]' \
cplcb
```

Expand Down

0 comments on commit 0f3e50b

Please sign in to comment.