Use of a Broken or Risky Cryptographic Algorithm

Question

ehamery opened this issue 3 years ago · 6 comments

The elliptic package is reported as not safe by npm audit, see the advisory. It needs to be updated to a version >=6.5.4.

Answer 1 · 2021-11-25T15:24:05.000Z

The elliptic package is reported as not safe by npm audit, see the advisory. It needs to be update to a version >=6.5.4.

thanks. I'll check it soon.

Answer 2 · 2021-11-26T08:13:08.000Z

just published v2.0.2 fixes the problem.

Answer 3 · 2021-11-26T09:12:28.000Z

Thanks, then could you update connex as well?

Answer 4 · 2021-11-26T19:49:35.000Z

I created a PR to fix the other vulnerabilities.

Answer 5 · 2021-11-29T02:38:49.000Z

Thanks, then could you update connex as well?

Connex was updated.

Answer 6 · 2021-12-02T02:27:34.000Z

This issue is fixed, so I am closing it, but there are other vulnerabilities that are fixed by this PR.