Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HIGH Snyk severity in dependency, update elliptic to 6.6.1 #192

Closed
aumetov opened this issue Nov 20, 2024 · 2 comments
Closed

HIGH Snyk severity in dependency, update elliptic to 6.6.1 #192

aumetov opened this issue Nov 20, 2024 · 2 comments

Comments

@aumetov
Copy link

aumetov commented Nov 20, 2024

Improper Verification of Cryptographic Signature has High security severity score in snyk reports 8.7
Affecting elliptic package, versions <6.6.0

https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
Need to upgrade elliptic package to latest version 6.6.1
@manpreet-compro
Copy link

Yes, flagged by AWS inspector also in my case
Elliptic has fixed this - indutny/elliptic#325

Could we upgrade the package and release new version

@omsmith
Copy link
Contributor

omsmith commented Nov 25, 2024

jwk-to-pem's constraint on elliptic already matched the updated version.

However, I've release 2.0.7 should that help your teams with your scanners.

Consider moving your usage away from jwk-to-pem to modern Node.js features: #187 (comment)

@omsmith omsmith closed this as completed Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@omsmith @manpreet-compro @aumetov