Skip to content

Bump elliptic #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump elliptic #90

wants to merge 1 commit into from

Conversation

billcastle
Copy link

@billcastle billcastle commented Aug 16, 2024
edited
Loading

Dependabots are being raised for elliptic
indutny/elliptic#319

Due to this issue:
Improper Verification of Cryptographic Signature
https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916

Which was fixed in ellipsis@6.5.7
indutny/elliptic#317
@billcastle billcastle changed the title update ellipsis update outdated elliptic dependency Aug 16, 2024
@billcastle billcastle changed the title update outdated elliptic dependency Bump elliptic Aug 16, 2024
ljharb
ljharb requested changes Aug 16, 2024
View reviewed changes
Copy link
Member

@ljharb ljharb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This simply isn’t needed; that’s what the ^ is for. Just update your lockfile.
@ljharb ljharb marked this pull request as draft August 16, 2024 04:17
@PuneetPunamiya
Copy link

PuneetPunamiya commented Sep 5, 2024
edited
Loading

Hey, any estimate when can we get this pr merged ?
@ljharb
Copy link
Member

ljharb commented Sep 5, 2024

@PuneetPunamiya never? Read my comment again.
@ljharb ljharb closed this Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@billcastle @PuneetPunamiya @ljharb