Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: mitigate CVE-2024-42461 - bump elliptic to v6.5.7 #3580

Merged

Conversation

petermetz
Copy link
Contributor

Improper Verification of Cryptographic Signature
https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916

Signed-off-by: Peter Somogyvari [email protected]

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@petermetz petermetz requested a review from a team October 9, 2024 16:10
@petermetz petermetz added the Security Related to existing or potential security vulnerabilities label Oct 9, 2024
Improper Verification of Cryptographic Signature
https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916

Signed-off-by: Peter Somogyvari <[email protected]>
@petermetz petermetz force-pushed the fix-cve-2024-42461-elliptic-v6-5-7 branch from a37b405 to f5c0987 Compare October 14, 2024 22:37
@petermetz petermetz merged commit 32c242a into hyperledger-cacti:main Oct 15, 2024
144 of 145 checks passed
@petermetz petermetz deleted the fix-cve-2024-42461-elliptic-v6-5-7 branch October 15, 2024 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Security Related to existing or potential security vulnerabilities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants