Update elliptic to 6.5.7 (CVE-2024-42461) (#206)

owlcode · fanatid · commit 289dbc34b0b1 · 2024-10-20T17:01:48.000+07:00
* Update elliptic to 6.5.7 (CVE-2024-42461) In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. See https://nvd.nist.gov/vuln/detail/CVE-2024-42461 https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
diff --git a/package.json b/package.json
@@ -52,7 +52,7 @@
     "bn.js": "^4.11.8",
     "create-hash": "^1.2.0",
     "drbg.js": "^1.0.1",
-    "elliptic": "^6.5.2",
+    "elliptic": "^6.5.7",
     "nan": "^2.14.0",
     "safe-buffer": "^5.1.2"
   },
