Update elliptic package to fix vulnerability

cryptocoinjs / secp256k1-node

Node.js binding for an Optimized C library for EC operations on curve secp256k1

Other

341 stars 120 forks source link

Update elliptic package to fix vulnerability #158

Closed rabomarnix closed 4 years ago

rabomarnix commented 4 years ago

A medium severity vulernability was reported some time ago. It regards a Timing Attack in the elliptic package. This vulnerability is fixed in version 6.5.2.

Details: https://app.snyk.io/vuln/SNYK-JS-ELLIPTIC-511941

I will open a PR soon

fanatid commented 4 years ago

Thanks. Updated in https://github.com/cryptocoinjs/secp256k1-node/commit/c44ff4515d734167b6ab963c20924639da5ab816, published as 3.8.0