Update jsrsasign dependency to address CVE-2022-25898 (#603)

Signed-off-by: Mark S. Lewis <[email protected]>

Author: bestbeforetoday

fabric-ca-client/package.json

@@ -20,7 +20,7 @@
   "types": "./types/index.d.ts",
   "dependencies": {
     "fabric-common": "file:../fabric-common",
-    "jsrsasign": "^10.4.1",
+    "jsrsasign": "^10.5.25",
     "url": "^0.11.0",
     "winston": "^2.4.5"
   },

fabric-common/package.json

@@ -28,7 +28,7 @@
 		"elliptic": "^6.5.4",
 		"fabric-protos": "file:../fabric-protos",
 		"js-sha3": "^0.8.0",
-		"jsrsasign": "^10.4.1",
+		"jsrsasign": "^10.5.25",
 		"nconf": "^0.12.0",
 		"promise-settle": "^0.3.0",
 		"sjcl": "^1.0.8",

fabric-common/test/Utils.js

@@ -12,9 +12,9 @@ const testUtils = require('./TestUtils');
 const chai = require('chai');
 const chaiAsPromised = require('chai-as-promised');
 const sinonChai = require('sinon-chai');
-const tmp = require('tmp');
 const fs = require('fs-extra');
 const winston = require('winston');
+const os = require('os');
 
 const should = chai.should();
 chai.use(chaiAsPromised);
@@ -210,13 +210,15 @@ describe('Utils', () => {
 		describe('log to a file', async () => {
 			let debugFilePath;
 			let errorFilePath;
-			let dir;
+			let tmpDir;
 
 			before(async () => {
 				// create a temp file
-				dir = tmp.dirSync();
-				debugFilePath  = path.join(dir.name, 'debug.log');
-				errorFilePath = path.join(dir.name, 'error.log');
+				const prefix = `${os.tmpdir()}${path.sep}`;
+				tmpDir = await fs.promises.mkdtemp(prefix);
+
+				debugFilePath  = path.join(tmpDir, 'debug.log');
+				errorFilePath = path.join(tmpDir, 'error.log');
 				await fs.ensureFile(debugFilePath);
 				await fs.ensureFile(errorFilePath);
 			});
@@ -228,9 +230,9 @@ describe('Utils', () => {
 				const logger = Utils.getLogger(loggerName);
 				logger.transports.should.be.an.instanceOf(Object);
 				logger.transports.debugfile.should.be.an.instanceOf(winston.transports.File);
-				logger.transports.debugfile.dirname.should.equal(dir.name);
+				logger.transports.debugfile.dirname.should.equal(tmpDir);
 				logger.transports.errorfile.should.be.an.instanceOf(winston.transports.File);
-				logger.transports.errorfile.dirname.should.equal(dir.name);
+				logger.transports.errorfile.dirname.should.equal(tmpDir);
 
 				// Log to the file
 				logger.error('Test logger - error');
@@ -261,7 +263,7 @@ describe('Utils', () => {
 
 			after(async () => {
 				// Remove tmp dir
-				await fs.remove(dir.name);
+				await fs.remove(tmpDir);
 			});
 
 		});

fabric-network/test/testutils.ts

@@ -11,7 +11,7 @@ import * as os from 'os';
 import * as path from 'path';
 import * as util from 'util';
 
-import _rimraf = require('rimraf');
+import _rimraf from 'rimraf';
 const rimraf = util.promisify(_rimraf);
 
 /**
@@ -89,7 +89,7 @@ export function newEndorsementResponse(response: protos.IResponse, properties: P
 		},
 		payload: Buffer.from(payload),
 		response: {
-			message: response.message,
+			message: response.message ?? '',
 			payload: Buffer.alloc(0),
 			status: response.status ?? 200,
 		},

package.json

@@ -67,8 +67,8 @@
     "fabric-protos": "file:./fabric-protos",
     "ink-docstrap": "^1.3.2",
     "jsdoc": "^3.6.6",
-    "jsrsasign": "^10.4.1",
-    "mocha": "^8.4.0",
+    "jsrsasign": "^10.5.25",
+    "mocha": "^9.2.2",
     "nano": "^10.0.0",
     "npm-run-all": "^4.1.5",
     "nyc": "^15.0.0",