Security issue: insecure cryptography is used #22
Assignees
Labels
dependencies
Pull requests that update a dependency file
Comments
Merged
|
Hello there! The work to replace elliptic (and other unmaintained various cryptographic libraries) has been started in You're more than welcome to give us advice along the way as you're the maintainer of these audited libraries :) |
|
Thank you also for opening your first issue in this repo @paulmillr. We really appreciate it! :) |
|
New WIP PR related to this: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/celo-org/celo-monorepo/blob/3902e9c3d874cafe406b40aed5dcf38a59963843/packages/sdk/base/package.json#L28
You're using elliptic, which has long been unmaintained, and has a few cases where it produces invalid outputs, which means in blockchain context "users lose money".
It is advised to replace it with audited
@noble/curves.The text was updated successfully, but these errors were encountered: