Closed elribonazo closed 3 months ago
# npm audit report
elliptic 2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
No fix available
node_modules/@hyperledger/identus-apollo/node_modules/elliptic
node_modules/elliptic
@hyperledger/identus-apollo *
Depends on vulnerable versions of elliptic
node_modules/@hyperledger/identus-apollo
micromatch *
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix --force`
Will install patch-package@6.0.7, which is a breaking change
node_modules/micromatch
find-yarn-workspace-root *
Depends on vulnerable versions of micromatch
node_modules/find-yarn-workspace-root
patch-package >=6.1.0-0
Depends on vulnerable versions of find-yarn-workspace-root
node_modules/patch-package
5 vulnerabilities (2 low, 3 moderate)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Description:
This Pr enables a holder to receive, parse and reply to a Presentation request though an out of band Invitation message.
Basically, allowing the holder to receive and reply to a Presentation Request without a pre-established DIDComm connection.
Checklist: