Closed mikaelharsjo closed 3 years ago
Can we move this forward? It blocks me in an enterprise env, where snyk spots this issue.
delete your package-lock or yarn-lock and reinstall, this project calls for ^4.0.0
which means >= 4.0.0 && <5.0.0
so it should use the latest version of browserify-sign
Thanks, indeed it solved the problem. (I guess this issue can be closed then.)
The
4.0.0
version ofbrowserify-sign
depends on a versionelliptic
that has a vulnerability. You should update it too4.2.1
.