build(deps): bulk fix CVEs via dependency resolution overrides 2023-10-23

1. Couldn't get rid of vulnerable versions in a couple of dependencies
because the underlying dependencies have gone ESM only which is a blocker
for us at the moment unfortunately.
2. Swapped out the ubiquity TS client to a version of it that I self
published onto npm after a full renovation of all of its dependencies.

Depends on hyperledger-cacti#2807 (because that one also has a couple of dependency bumps
that are needed to eliminate the vulnerabilities)

Fixes hyperledger-cacti#2828

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Author: petermetz

package.json

@@ -77,16 +77,27 @@
     "init-registries": "npm config set @iroha2:registry=https://nexus.iroha.tech/repository/npm-group/"
   },
   "resolutions": {
-    "ansi-html": ">0.0.8",
+    "@babel/traverse": ">=7.23.2",
+    "ansi-html": ">=0.0.8",
     "axios": ">=0.27.2",
-    "glob-parent": "5.1.2",
+    "engine.io": ">=6.4.2",
+    "get-func-name": ">=2.0.1",
+    "glob-parent": ">=5.1.2",
     "http-cache-semantics": ">=4.1.1",
+    "jsonwebtoken": ">=9.0.0",
     "lodash": ">=4.17.21",
     "minimist": ">=1.2.6",
     "nano": ">=10.0.0",
     "node-forge": ">=1.3.0",
+    "postcss": ">=8.4.31",
     "protobufjs": ">=7.2.5",
-    "underscore": "1.13.2"
+    "semver": ">=7.5.2",
+    "socket.io-parser": ">=4.2.3",
+    "tough-cookie": ">=4.1.3",
+    "xml2js": ">=0.5.0",
+    "yargs-parser": ">=18.1.1",
+    "underscore": ">=1.13.2",
+    "zod": ">=3.22.3"
   },
   "devDependencies": {
     "@commitlint/cli": "17.7.1",

packages/cactus-plugin-ledger-connector-ubiquity/package.json

@@ -57,10 +57,10 @@
   "dependencies": {
     "@hyperledger/cactus-core": "2.0.0-alpha.2",
     "@hyperledger/cactus-core-api": "2.0.0-alpha.2",
-    "@ubiquity/ubiquity-ts-client-modified": "https://github.com/RafaelAPB/ubiquity-ts-client-mirror.git",
     "dotenv": "16.0.1",
     "prom-client": "13.2.0",
-    "typescript-optional": "2.0.1"
+    "typescript-optional": "2.0.1",
+    "ubiquity-ts-client-renovated": "1.0.0"
   },
   "devDependencies": {
     "@hyperledger/cactus-common": "2.0.0-alpha.2",

packages/cactus-plugin-ledger-connector-ubiquity/src/main/typescript/plugin-ledger-connector-ubiquity.ts

@@ -27,9 +27,9 @@ import { GetTransactionsByAddressEndpoint } from "./endpoints/transaction/get-tr
 import {
   UbiquityClient,
   TxPage,
-  Balance,
+  BalanceV1,
   Tx,
-} from "@ubiquity/ubiquity-ts-client-modified";
+} from "ubiquity-ts-client-renovated";
 
 export interface IPluginLedgerConnectorUbiquity {
   logLevel?: LogLevelDesc;
@@ -135,7 +135,7 @@ export class PluginLedgerConnectorUbiquity
     protocol: PROTOCOL_TYPE,
     network: NETWORK_TYPE,
     address: string,
-  ): Promise<AxiosResponse<Balance[]>> {
+  ): Promise<AxiosResponse<BalanceV1[]>> {
     const fnTag = `${this.className}:GetBalancesByAddresses`;
     this.log.debug("enter ", fnTag);
     const accounts = this.client.accountsApi.getListOfBalancesByAddress(