Skip to content

Commit

Permalink
fix: mitigate CVE-2024-42461 - bump elliptic to v6.5.7
Browse files Browse the repository at this point in the history 
Improper Verification of Cryptographic Signature
https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916

Signed-off-by: Peter Somogyvari <[email protected]>
  • Loading branch information
@petermetz
petermetz committed Oct 15, 2024
1 parent 8579017 commit 32c242a
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 32 deletions.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@
"axios": ">=0.27.2",
"braces": ">=3.0.3",
"x-dicer": ">0.3.1",
"elliptic": ">=6.5.7",
"engine.io": ">=6.4.2",
"get-func-name": ">=2.0.1",
"glob-parent": ">=5.1.2",
Expand Down
2 changes: 1 addition & 1 deletion weaver/sdks/fabric/interoperation-node-sdk/package-local.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"@grpc/grpc-js": "1.11.3",
"@grpc/proto-loader": "0.7.13",
"@hyperledger/cacti-weaver-protos-js": "file:./protos-js",
"elliptic": "6.5.4",
"elliptic": "6.5.7",
"fabric-common": "2.2.20",
"fabric-network": "2.2.20",
"fabric-protos": "2.2.20",
Expand Down
32 changes: 1 addition & 31 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26576,22 +26576,7 @@ __metadata:
languageName: node
linkType: hard

"elliptic@npm:6.5.4, elliptic@npm:^6.4.0, elliptic@npm:^6.4.1, elliptic@npm:^6.5.2, elliptic@npm:^6.5.3, elliptic@npm:^6.5.4":
version: 6.5.4
resolution: "elliptic@npm:6.5.4"
dependencies:
bn.js: "npm:^4.11.9"
brorand: "npm:^1.1.0"
hash.js: "npm:^1.0.0"
hmac-drbg: "npm:^1.0.1"
inherits: "npm:^2.0.4"
minimalistic-assert: "npm:^1.0.1"
minimalistic-crypto-utils: "npm:^1.0.1"
checksum: 10/2cd7ff4b69720dbb2ca1ca650b2cf889d1df60c96d4a99d331931e4fe21e45a7f3b8074e86618ca7e56366c4b6258007f234f9d61d9b0c87bbbc8ea990b99e94
languageName: node
linkType: hard

"elliptic@npm:6.5.7":
"elliptic@npm:>=6.5.7":
version: 6.5.7
resolution: "elliptic@npm:6.5.7"
dependencies:
Expand All @@ -26606,21 +26591,6 @@ __metadata:
languageName: node
linkType: hard

"elliptic@npm:^6.5.5":
version: 6.5.5
resolution: "elliptic@npm:6.5.5"
dependencies:
bn.js: "npm:^4.11.9"
brorand: "npm:^1.1.0"
hash.js: "npm:^1.0.0"
hmac-drbg: "npm:^1.0.1"
inherits: "npm:^2.0.4"
minimalistic-assert: "npm:^1.0.1"
minimalistic-crypto-utils: "npm:^1.0.1"
checksum: 10/5444b4f18e0c0fdfa14de26f69f7dbc44c78a211e91825823d698dcc91071ef1a3954d87730f364183fc83b0a86d8affed864e347da2e549bdcead3b46de126f
languageName: node
linkType: hard

"emittery@npm:0.10.0":
version: 0.10.0
resolution: "emittery@npm:0.10.0"
Expand Down

0 comments on commit 32c242a

Please sign in to comment.