Update gRPC dependency to address CVE-2024-37168 (#428)

Bump grpc-js to 1.10.9. Bump fabric-protos to 0.2.1. Remove unused proto-loader. Used `rush update` command. Signed-off-by: David Enyeart <enyeart@us.ibm.com>
hyperledger · Jun 13, 2024 · 1da07a6 · 1da07a6
1 parent 86137c5
commit 1da07a6
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 43 deletions.
diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml
diff --git a/libraries/fabric-shim/package.json b/libraries/fabric-shim/package.json
@@ -54,9 +54,8 @@
   },
   "dependencies": {
     "@fidm/x509": "^1.2.1",
-    "@grpc/grpc-js": "1.8.15",
-    "@grpc/proto-loader": "^0.6.6",
-    "@hyperledger/fabric-protos": "0.1.0-dev.2300102001.1",
+    "@grpc/grpc-js": "~1.10.9",
+    "@hyperledger/fabric-protos": "~0.2.1",
     "@types/node": "^16.11.1",
     "ajv": "^6.12.2",
     "fabric-contract-api": "2.5.6",