Elliptic's private key extraction in ECDSA upon signing a malformed input #6301
Assignees
Labels
Comments
|
So is there a fix for this issue? I'm considering a manual override like this in package.json: "pnpm": { And reinstalling, but I am wary of interfering with deps through overrides. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Hardhat
v2.22.18
What happened?
https://github.com/advisories/GHSA-vjh7-7g9h-fjfh/dependabot
Dependabot cannot update elliptic to a non-vulnerable version
The latest possible version that can be installed is 6.5.4 because of the following conflicting dependencies:
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@nomicfoundation/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
@typechain/[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
[email protected] requires [email protected] via a transitive dependency on @ethersproject/[email protected]
No patched version available for elliptic
The earliest fixed version is 6.6.1.
Minimal reproduction steps
tried github to present a fix for my repository
Search terms
No response
The text was updated successfully, but these errors were encountered: