The version of libsecp256k1 in use is vulnerable to overflowing signatures: https://rustsec.org/advisories/RUSTSEC-2021-0076.html.

An upgrade to 0.5 or later should fix the issue, any idea on how much effort is required for this update?

Happy to work with you to get this updated 🙏

Oh it looks like libsecp256k1 is only used for testing so I created #169 to add some clarity if anyone else stumbles upon this.

Thanks for reporting.
I'll remove this dependency altogether in exchange for the original secp256k1 library.