2023-08-08 Cacti Maintainers Agenda

Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit our Code of Conduct: Hyperledger Code of Conduct

Discussion

  1. gRPC legacy versions
  2. Critical and high security vulnerabilities
    1. ejs
      1. https://github.com/hyperledger/cacti/security/dependabot/643
      2. $ yarn why ejs -R
        ├─ @hyperledger/cacti-weaver-besu-cli@workspace:weaver/samples/besu/besu-cli
        │  └─ gluegun@npm:5.1.2 (via latest)
        │     └─ ejs@npm:3.1.6 (via npm:3.1.6)

        └─ @hyperledger/cacti-weaver-fabric-cli@workspace:weaver/samples/fabric/fabric-cli
          └─ gluegun@npm:5.1.2 (via latest)

    2. mongoose
      1. https://github.com/hyperledger/cacti/security/dependabot/700
      2.  Detected in mongoose (npm) • examples/test-run-transaction/supply-chain-app-stub/package.json 
  3. 2.0.0-alpha.2 release issuance
  4. Ad-hoc Discussion Items

Recording

TBD