search

vechain / thor-devkit.js

Typescript library to aid DApp development on VeChain Thor
MIT License
39 stars 30 forks source link

Use of a Broken or Risky Cryptographic Algorithm #39

Closed ehamery closed 2 years ago

ehamery commented 2 years ago

The elliptic package is reported as not safe by npm audit, see the advisory. It needs to be updated to a version >=6.5.4.

qianbin commented 2 years ago

The elliptic package is reported as not safe by npm audit, see the advisory. It needs to be update to a version >=6.5.4.

thanks. I'll check it soon.

qianbin commented 2 years ago

just published v2.0.2 fixes the problem.

ehamery commented 2 years ago

Thanks, then could you update connex as well?

ehamery commented 2 years ago

I created a PR to fix the other vulnerabilities.

qianbin commented 2 years ago

Thanks, then could you update connex as well?

Connex was updated.

ehamery commented 2 years ago

This issue is fixed, so I am closing it, but there are other vulnerabilities that are fixed by this PR.