Security vulnerability in browserify-sign
mikaelharsjo opened this issue · comments
Mikael Härsjö commented
The 4.0.0
version of browserify-sign
depends on a version elliptic
that has a vulnerability. You should update it too 4.2.1
.
Marton Sari commented
Can we move this forward? It blocks me in an enterprise env, where snyk spots this issue.
Calvin Metcalf commented
delete your package-lock or yarn-lock and reinstall, this project calls for ^4.0.0
which means >= 4.0.0 && <5.0.0
so it should use the latest version of browserify-sign
Marton Sari commented
Thanks, indeed it solved the problem. (I guess this issue can be closed then.)