Update dependencies to address CVE-2024-7254

This vulnerability affects the Java bindings. Go and Node bindings are
also updated; as are the tooling versions used to build the bindings.

Note that the Node bindings are now built targeting Node 18, since this
is the oldest currently supported LTS release.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>

.github/workflows/ci-checks.yml

@@ -21,18 +21,18 @@ jobs:
       publish_release: ${{ steps.check_release_tag.outputs.publish_release }}
 
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Check release tag
-      id: check_release_tag
-      run: |
-        git fetch --tags origin
-        TAGS=$(git tag --points-at HEAD | { grep -c "^v${BINDING_VERSION}$" || :; })
-        if [ "${GITHUB_EVENT_NAME}" != "pull_request" ] && [ $TAGS -eq 1 ]; then
-          echo "::set-output name=publish_release::true"
-        else
-          echo "::set-output name=publish_release::false"
-        fi
+      - name: Check release tag
+        id: check_release_tag
+        run: |
+          git fetch --tags origin
+          TAGS=$(git tag --points-at HEAD | { grep -c "^v${BINDING_VERSION}$" || :; })
+          if [ "${GITHUB_EVENT_NAME}" != "pull_request" ] && [ $TAGS -eq 1 ]; then
+            echo "::set-output name=publish_release::true"
+          else
+            echo "::set-output name=publish_release::false"
+          fi
 
   check_version:
     name: Check versions
@@ -41,52 +41,52 @@ jobs:
       binding_version: ${{ env.BINDING_VERSION }}
 
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '8'
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
 
-    - name: Check package.json version
-      working-directory: bindings/node
-      run: |
-        NODE_MODULE_VERSION=$(jq --raw-output .version package.json)
-        echo "Expected version: ${BINDING_VERSION}"
-        echo "package.json version: ${NODE_MODULE_VERSION}"
-        [ "${NODE_MODULE_VERSION}" = "${BINDING_VERSION}" ] || exit 1
+      - name: Check package.json version
+        working-directory: bindings/node
+        run: |
+          NODE_MODULE_VERSION=$(jq --raw-output .version package.json)
+          echo "Expected version: ${BINDING_VERSION}"
+          echo "package.json version: ${NODE_MODULE_VERSION}"
+          [ "${NODE_MODULE_VERSION}" = "${BINDING_VERSION}" ] || exit 1
 
-    - name: Check pom.xml version
-      working-directory: bindings/java
-      run: |
-        POM_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
-        echo "Expected version: ${BINDING_VERSION}"
-        echo "pom.xml version: ${POM_VERSION}"
-        [ "${POM_VERSION%-SNAPSHOT}" = "${BINDING_VERSION}" ] || exit 1
+      - name: Check pom.xml version
+        working-directory: bindings/java
+        run: |
+          POM_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "Expected version: ${BINDING_VERSION}"
+          echo "pom.xml version: ${POM_VERSION}"
+          [ "${POM_VERSION%-SNAPSHOT}" = "${BINDING_VERSION}" ] || exit 1
 
   lint:
     name: Lint
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: 1.20.2
-        cache: false
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+          cache: false
 
-    - name: Cache build dependencies
-      uses: actions/cache@v4
-      env:
-        cache-name: makefile-deps
-      with:
-        path: ~/.cache/fabric-protos
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
-        restore-keys: |
-          ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
-          ${{ runner.os }}-${{ env.cache-name }}-
+      - name: Cache build dependencies
+        uses: actions/cache@v4
+        env:
+          cache-name: makefile-deps
+        with:
+          path: ~/.cache/fabric-protos
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
+            ${{ runner.os }}-${{ env.cache-name }}-
 
-    - name: Run build
-      run: make lint
+      - name: Run build
+        run: make lint

.github/workflows/gh-pages.yml

@@ -2,9 +2,9 @@ name: GitHub Pages
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
   workflow_dispatch:
 
 jobs:
@@ -18,51 +18,51 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout (build)
-      uses: actions/checkout@v4
-      with:
-        path: build
+      - name: Checkout (build)
+        uses: actions/checkout@v4
+        with:
+          path: build
 
-    - name: Checkout (publish)
-      uses: actions/checkout@v4
-      with:
-        path: publish
+      - name: Checkout (publish)
+        uses: actions/checkout@v4
+        with:
+          path: publish
 
-    - name: Cache build dependencies
-      uses: actions/cache@v4
-      env:
-        cache-name: makefile-deps
-      with:
-        path: ~/.cache/fabric-protos
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
-        restore-keys: |
-          ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
-          ${{ runner.os }}-${{ env.cache-name }}-
+      - name: Cache build dependencies
+        uses: actions/cache@v4
+        env:
+          cache-name: makefile-deps
+        with:
+          path: ~/.cache/fabric-protos
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('Makefile') }}
+            ${{ runner.os }}-${{ env.cache-name }}-
 
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: 1.20.2
-        cache: false
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+          cache: false
 
-    - name: Run make
-      run: make genprotos
-      working-directory: build
+      - name: Run make
+        run: make genprotos
+        working-directory: build
 
-    - name: Create GitHub pages commit
-      run: |
-        git config --global user.email "hyperledger-bot@hyperledger.org"
-        git config --global user.name "hyperledger-bot"
-        git checkout --orphan publish-pages
-        git rm -rf .
-        cp -a ../build/docs/. .
-        git add -A
-        git commit -m "Deploy to GitHub Pages"
-        git status
-        git log --name-status
-      working-directory: publish
+      - name: Create GitHub pages commit
+        run: |
+          git config --global user.email "hyperledger-bot@hyperledger.org"
+          git config --global user.name "hyperledger-bot"
+          git checkout --orphan publish-pages
+          git rm -rf .
+          cp -a ../build/docs/. .
+          git add -A
+          git commit -m "Deploy to GitHub Pages"
+          git status
+          git log --name-status
+        working-directory: publish
 
-    - name: Push GitHub pages commit
-      run: git push --force origin publish-pages:gh-pages
-      if: github.event_name != 'pull_request'
-      working-directory: publish
+      - name: Push GitHub pages commit
+        run: git push --force origin publish-pages:gh-pages
+        if: github.event_name != 'pull_request'
+        working-directory: publish