Security vulnerability in browserify-sign

Question

Security vulnerability in browserify-sign

mikaelharsjo opened this issue 4 years ago · comments

The 4.0.0 version of browserify-sign depends on a version elliptic that has a vulnerability. You should update it too 4.2.1.

Marton Sari · Answer 1 · Thu Jan 14 2021 21:25:51 GMT+0800 (China Standard Time)

Can we move this forward? It blocks me in an enterprise env, where snyk spots this issue.

Calvin Metcalf · Answer 2 · Thu Jan 14 2021 22:10:43 GMT+0800 (China Standard Time)

delete your package-lock or yarn-lock and reinstall, this project calls for ^4.0.0 which means >= 4.0.0 && <5.0.0 so it should use the latest version of browserify-sign

Marton Sari · Answer 3 · Thu Jan 14 2021 22:59:02 GMT+0800 (China Standard Time)

Thanks, indeed it solved the problem. (I guess this issue can be closed then.)