CVE-2024-57965 | updated axios to 1.7.9 (#825)

* updated axios to 1.7.9

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* revert elliptic

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* updated elliptic to 6.6.1

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* elliptic to 6.6.1 in apollo

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* parse-duration to 2.1.3

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* syntax error for importing parse

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* added type = module for parse-duration error

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* revert back to parse-duration": "^1.1.0",

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* updated parse-duration and code syntax

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* removed 	"type": "module",

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* syntax update

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

* replaced parse-duration with wrapper

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

---------

Signed-off-by: Ketul Shah <shah.ketul@ibm.com>

Author: ketulsha

packages/apollo/package-lock.json

@@ -32,7 +32,7 @@
 		"lodash": "^4.17.20",
 		"material-ui-chip-input-v5": "^1.0.0",
 		"node-stdlib-browser": "^1.2.0",
-		"parse-duration": "^1.1.0",
+		"parse-duration": "^2.1.3",
 		"prop-types": "^15.8.1",
 		"query-string": "^9.0.0",
 		"react": "^18.3.1",

packages/apollo/package.json

@@ -15,7 +15,6 @@
  */
 
 import _ from 'lodash';
-import parse from 'parse-duration';
 import PropTypes from 'prop-types';
 import React, { Component } from 'react';
 import { withTranslation } from 'react-i18next';
@@ -52,6 +51,8 @@ const acl_resources = require('../../utils/acl/resources.json');
 const bytes = require('bytes');
 const semver = require('semver');
 const url = require('url');
+//const parse = require('parse-duration');
+import parse from "../../utils/parseDuration";
 
 const SCOPE = 'channelModal';
 const Log = new Logger(SCOPE);

packages/apollo/src/components/ChannelModal/ChannelModal.js

@@ -23,11 +23,12 @@ import { withTranslation } from 'react-i18next';
 import TranslateLink from '../../../TranslateLink/TranslateLink';
 import * as constants from '../../../../utils/constants';
 import { Checkbox } from "@carbon/react";
-import parse from 'parse-duration';
 import Form from '../../../Form/Form';
 
 const bytes = require('bytes');
 const SCOPE = 'channelModal';
+// const parse = require('parse-duration');
+import parse from "../../../../utils/parseDuration";
 
 // This is step "block_cutting_params"
 //

packages/apollo/src/components/ChannelModal/Wizard/BlockCuttingParams/BlockCuttingParams.js

@@ -15,7 +15,6 @@
 */
 import { Button, CodeSnippet, Loading, SkeletonText, Toggle, Checkbox } from "@carbon/react";
 import _ from 'lodash';
-import parse from 'parse-duration';
 import PropTypes from 'prop-types';
 import React from 'react';
 import { withTranslation } from 'react-i18next';
@@ -53,6 +52,8 @@ const naturalSort = require('javascript-natural-sort');
 
 const bytes = require('bytes');
 const semver = require('semver');
+// const parse = require('parse-duration');
+import parse from "../../utils/parseDuration";
 
 const SCOPE = 'ordererModal';
 const Log = new Logger(SCOPE);

packages/apollo/src/components/OrdererModal/OrdererModal.js

@@ -15,7 +15,6 @@
 */
 import { Checkbox, CodeSnippet, TextInput } from "@carbon/react";
 import _ from 'lodash';
-import parse from 'parse-duration';
 import PropTypes from 'prop-types';
 import React from 'react';
 import { withTranslation, Trans } from 'react-i18next';
@@ -40,6 +39,8 @@ const semver = require('semver');
 const SCOPE = 'signatureDetailModal';
 const Log = new Logger(SCOPE);
 const bytes = require('bytes');
+// const parse = require('parse-duration');
+import parse from "../../utils/parseDuration";
 
 class SignatureDetailModal extends React.Component {
 	componentDidMount() {

packages/apollo/src/components/SignatureDetailModal/SignatureDetailModal.js

@@ -33,6 +33,7 @@ const org_template = require('../utils/configtx/org_template.json');
 const bytes = require('bytes');
 const diff = require('deep-diff');
 const urlParser = require('url');
+import parse from "../utils/parseDuration";
 
 const Log = new Logger('ChannelApi');
 
@@ -742,7 +743,7 @@ class ChannelApi {
 
 		let timeout = block_params.timeout;
 		if (timeout) {
-			const parse = require('parse-duration');
+			// const parse = require('parse-duration');
 			let time_ms = parse(timeout);
 			if (time_ms < parse(constants.TIMEOUT_MIN) || time_ms > parse(constants.TIMEOUT_MAX)) {
 				return '\'BatchTimeout\' out of range';
@@ -790,7 +791,7 @@ class ChannelApi {
 
 		let tick_interval = raft_params.tick_interval;
 		if (tick_interval) {
-			const parse = require('parse-duration');
+			// const parse = require('parse-duration');
 			let time_ms = parse(tick_interval);
 			if (time_ms < parse(constants.TICK_INTERVAL_MIN) || time_ms > parse(constants.TICK_INTERVAL_MAX)) {
 				return '\'Tick Interval\' out of range';

packages/apollo/src/rest/ChannelApi.js

@@ -30,6 +30,7 @@ const Log = new Logger('OrdererRestApi');
 
 const ORDERER_TYPE = 'fabric-orderer';
 const LEGACY_ORDERER_TYPE = 'orderer';
+import parse from "../utils/parseDuration";
 
 class OrdererRestApi {
 	static systemChannel = 'testchainid';
@@ -751,7 +752,7 @@ class OrdererRestApi {
 
 			let timeout = block_params.timeout;
 			if (timeout) {
-				const parse = require('parse-duration');
+				// const parse = require('parse-duration');
 				let time_ms = parse(timeout);
 				if (time_ms < parse(constants.TIMEOUT_MIN) || time_ms > parse(constants.TIMEOUT_MAX)) {
 					throw new Error('\'BatchTimeout\' out of range');
@@ -858,7 +859,7 @@ class OrdererRestApi {
 
 		let tick_interval = raft_params.tick_interval;
 		if (tick_interval) {
-			const parse = require('parse-duration');
+			// const parse = require('parse-duration');
 			let time_ms = parse(tick_interval);
 			if (time_ms < parse(constants.TICK_INTERVAL_MIN) || time_ms > parse(constants.TICK_INTERVAL_MAX)) {
 				throw new Error('\'Tick Interval\' out of range');

packages/apollo/src/rest/OrdererRestApi.js

@@ -0,0 +1,55 @@
+const unit = Object.create(null)
+const m = 60000, h = m * 60, d = h * 24, y = d * 365.25
+
+unit.year = unit.yr = unit.y = y
+unit.month = unit.mo = unit.mth = y / 12
+unit.week = unit.wk = unit.w = d * 7
+unit.day = unit.d = d
+unit.hour = unit.hr = unit.h = h
+unit.minute = unit.min = unit.m = m
+unit.second = unit.sec = unit.s = 1000
+unit.millisecond = unit.millisec = unit.ms = 1
+unit.microsecond = unit.microsec =  unit.us = unit.µs = 1e-3
+unit.nanosecond = unit.nanosec = unit.ns = 1e-6
+
+unit.group = ','
+unit.decimal = '.'
+unit.placeholder = ' _'
+
+
+
+const durationRE = /((?:\d{1,16}(?:\.\d{1,16})?|\.\d{1,16})(?:[eE][-+]?\d{1,4})?)\s?([\p{L}]{0,14})/gu
+
+parse.unit = unit;
+
+/**
+ * convert `str` to ms
+ *
+ * @param {string} str
+ * @param {string} format
+ * @return {number}
+ */
+export default function parse(str = '', format = 'ms') {
+  let result = null, prevUnits
+
+  String(str)
+    .replace(new RegExp(`(\\d)[${parse.unit.placeholder}${parse.unit.group}](\\d)`, 'g'), '$1$2')  // clean up group separators / placeholders
+    .replace(parse.unit.decimal, '.') // normalize decimal separator
+    .replace(durationRE, (_, n, units) => {
+    // if no units, find next smallest units or fall back to format value
+    // eg. 1h30 -> 1h30m
+    if (!units) {
+      if (prevUnits) {
+        for (const u in parse.unit) if (parse.unit[u] < prevUnits) { units = u; break }
+      }
+      else units = format
+    }
+    else units = units.toLowerCase()
+
+    prevUnits = units = parse.unit[units] || parse.unit[units.replace(/s$/, '')]
+
+    if (units) result = (result || 0) + n * units
+  })
+
+  return result && ((result / (parse.unit[format] || 1)) * (str[0] === '-' ? -1 : 1))
+}