webcrypto-liner
webcrypto-liner copied to clipboard
[Snyk] Security upgrade elliptic from 6.5.0 to 6.5.4
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|
![]() |
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899 |
No | No Known Exploit |
![]() |
Timing Attack SNYK-JS-ELLIPTIC-511941 |
No | No Known Exploit |
![]() |
Cryptographic Issues SNYK-JS-ELLIPTIC-571484 |
No | Proof of Concept |
Commit messages
Package name: elliptic
The new version differs by 15 commits.- 43ac7f2 6.5.4
- f4bc72b package: bump deps
- 441b742 ec: validate that a point before deriving keys
- e71b2d9 lib: relint using eslint
- 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
- 8647803 6.5.3
- 856fe4d signature: prevent malleability and overflows
- 6048941 6.5.2
- 9984964 package: bump dependencies
- ec735ed utils: leak less information in `getNAF()`
- 71e4e8e 6.5.1
- 7ec66ff short: add infinity check before multiplying
- ee7970b travis: really move on
- 637d021 travis: move on
- 5ed0bab package: update deps
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
@microshine could we make the changes related to this PR to update the dependency?