-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade secp256k1 from 4.0.3 to 4.0.4 #707
base: develop
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade secp256k1 from 4.0.3 to 4.0.4. See this package in npm: secp256k1 See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/4cfcc648-b54f-458b-9cd3-2587dd5a928d?utm_source=github&utm_medium=referral&page=upgrade-pr
Run & review this pull request in StackBlitz Codeflow. |
|
Reviewer's Guide by SourceryThis PR upgrades the secp256k1 dependency from version 4.0.3 to 4.0.4 to address multiple critical and high severity security vulnerabilities related to improper verification of cryptographic signatures and integrity check validation. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
Snyk has created this PR to upgrade secp256k1 from 4.0.3 to 4.0.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released on 2 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-ELLIPTIC-7577916
SNYK-JS-ELLIPTIC-7577917
SNYK-JS-ELLIPTIC-7577918
SNYK-JS-ELLIPTIC-8172694
SNYK-JS-ELLIPTIC-8187303
SNYK-JS-SECP256K1-8237220
Release notes
Package name: secp256k1
4.0.4
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Bug Fixes: