[All] running "yarn audit" shows a hight number of vulnerabilities

[jehadbaeth]

a classic one :)

662 vulnerabilities found - Packages audited: 1854
Severity: 653 Low | 2 Moderate | 7 High

one that caught my eye (just to assert that this needs to be addressed)

│ high          │ Signature Malleability                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ elliptic                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.5.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack > node-libs-browser > crypto-browserify >            │
│               │ create-ecdh > elliptic                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1547   

FYI running yarn audit fix is not working .

there is a couple of ways to run an automatic upgrade of dependencies 1- manual 2- an implementation of the above-mentioned method

[serg-plusplus]

Please, take a look at our PR fixing the three issues outlined in the report you have provided: https://github.com/madfish-solutions/thanos-wallet/pull/100 and let us know whether these fixes are sufficient.

Fix for this specific issue: https://github.com/madfish-solutions/thanos-wallet/pull/100/commits/18b3d16ded37e26ef3692b8cecd2c194f6b10e9f, https://github.com/madfish-solutions/thanos-wallet/pull/100/commits/2b2a0375e85afce0b32f0f52d2ed00cd210a70df

Result:

yarn audit v1.22.5
0 vulnerabilities found - Packages audited: 1361

Thanks in advance!