fix: address CVE-2022-24434, GHSA-wm7h-9275-46v2 caused by dicer

The process for this fix was to:
1. `yarn why -R dicer`
2. Then examine the output of that and see which dependencies are using
dicer indirectly (transient dependencies)
3. `yarn up multer --exact`
4. `yarn up express-openapi-validator --exact`
5. Profit, e.g. running `yarn why -R dicer` at this point shows that
dicer has been eliminated from the dependency tree completely.

https://github.com/hyperledger/cacti/security/dependabot/176

Weaknesses
CWE-248

CVE ID
CVE-2022-24434

GHSA ID
GHSA-wm7h-9275-46v2

Also sneaking in a test case hot-fix for
besu/deploy-contract/private-deploy-contract-from-json-cactus.test.ts
where the error message assertion broke down after a change in error
handling of the contract deployment endpoint.

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

packages/cactus-cmd-api-server/package.json

@@ -83,7 +83,7 @@
     "express": "4.19.2",
     "express-http-proxy": "1.6.2",
     "express-jwt": "8.4.1",
-    "express-openapi-validator": "5.0.4",
+    "express-openapi-validator": "5.2.0",
     "express-rate-limit": "6.7.0",
     "fastify": "4.26.2",
     "fs-extra": "11.2.0",

packages/cactus-core/package.json

@@ -55,7 +55,7 @@
     "body-parser": "1.20.2",
     "express": "4.19.2",
     "express-jwt-authz": "2.4.1",
-    "express-openapi-validator": "5.0.4",
+    "express-openapi-validator": "5.2.0",
     "http-errors": "2.0.0",
     "http-errors-enhanced-cjs": "2.0.1",
     "run-time-error-cjs": "1.4.0",

packages/cactus-plugin-ledger-connector-besu/src/test/typescript/integration/plugin-ledger-connector-besu/deploy-contract/private-deploy-contract-from-json-cactus.test.ts

@@ -414,8 +414,17 @@ describe("PluginLedgerConnectorBesu", () => {
           type: Web3SigningCredentialType.PrivateKeyHex,
         },
       });
-      await expect(contractInvocationNoPrivTxConfig).rejects.toMatch(
-        /Returned values aren't valid, did it run Out of Gas\? You might also see this error if you are not using the correct ABI for the contract you are retrieving data from, requesting data from a block number that does not exist, or querying a node which is not fully synced\./,
+      // try {
+      //   await contractInvocationNoPrivTxConfig;
+      // } catch (ex) {
+      //   console.log(ex);
+      // }
+      const wrongSecretErrorMsgPattern =
+        /Returned values aren't valid, did it run Out of Gas\? You might also see this error if you are not using the correct ABI for the contract you are retrieving data from, requesting data from a block number that does not exist, or querying a node which is not fully synced\./;
+
+      await expect(contractInvocationNoPrivTxConfig).rejects.toHaveProperty(
+        "message",
+        expect.stringMatching(wrongSecretErrorMsgPattern),
       );
     }
 

packages/cactus-plugin-ledger-connector-corda/package.json

@@ -60,7 +60,7 @@
     "@hyperledger/cactus-core": "2.0.0-rc.2",
     "@hyperledger/cactus-core-api": "2.0.0-rc.2",
     "axios": "1.6.0",
-    "express-openapi-validator": "5.0.4",
+    "express-openapi-validator": "5.2.0",
     "internal-ip": "6.2.0",
     "joi": "17.13.3",
     "node-ssh": "13.1.0",

packages/cactus-plugin-ledger-connector-polkadot/package.json

@@ -74,13 +74,13 @@
     "axios": "1.6.0",
     "bl": "5.1.0",
     "express": "4.19.2",
-    "express-openapi-validator": "4.13.1",
+    "express-openapi-validator": "5.2.0",
     "form-data": "4.0.0",
     "fs-extra": "11.2.0",
     "http-errors-enhanced-cjs": "2.0.1",
     "http-status-codes": "2.1.4",
     "joi": "17.13.3",
-    "multer": "1.4.2",
+    "multer": "1.4.5-lts.1",
     "ngo": "2.6.2",
     "openapi-types": "12.1.3",
     "prom-client": "15.1.3",