Advisory with NPM package elliptic (all versions)

I have an NPM repo running `@stackframe/react` version 2.8.64, matching the latest at [package.json](https://github.com/stack-auth/stack-auth/blob/bb69ee4230d2a4e40ff0b961f288352ea1ec58d3/packages/react/package.json#L4).

npm audit report shows the following:

```
# npm audit report

elliptic  *
Elliptic Uses a Cryptographic Primitive with a Risky Implementation - https://github.com/advisories/GHSA-848j-6mx2-7j84
No fix available
node_modules/elliptic
  @stackframe/stack-shared  >=2.5.31
  Depends on vulnerable versions of elliptic
  node_modules/@stackframe/react/node_modules/@stackframe/stack-shared
    @stackframe/react  *
    Depends on vulnerable versions of @stackframe/stack-shared
    Depends on vulnerable versions of @stackframe/stack-ui
    node_modules/@stackframe/react
    @stackframe/stack-ui  >=2.5.31
    Depends on vulnerable versions of @stackframe/stack-shared
    node_modules/@stackframe/react/node_modules/@stackframe/stack-ui

4 low severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
```

The advisory being referred to is this one, raised last month: https://github.com/advisories/GHSA-848j-6mx2-7j84

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Advisory with NPM package elliptic (all versions) #1157

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Advisory with NPM package elliptic (all versions) #1157

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions