deps: elliptic@^6.5.6 - Githubissues

Brightspace / node-jwk-to-pem

Convert a json web key to a PEM for use by OpenSSL or crytpo

Apache License 2.0

151 stars 29 forks source link

Closed Luke-Roy-IBM closed 3 months ago

Luke-Roy-IBM commented 3 months ago

Update elliptic to 6.5.6 to fix known vulnerability

Signedoff-by: Luke Roy luke.roy@ibm.com

omsmith commented 3 months ago

Hi @Luke-Roy-IBM - thanks and appreciate it; however, the open advisories are also against 6.5.6.

See https://github.com/Brightspace/node-jwk-to-pem/issues/187#issuecomment-2273399652, jwk-to-pem does not use the part of elliptic which the advisories concern, but we will update the package when a version is available.