fix(deps): override elliptic and lodash to fix vulnerabilities

- Add npm overrides for elliptic (^6.6.1) and lodash (^4.17.21) in package.json. - This resolves multiple security vulnerabilities reported by GitHub Dependabot in these transitive dependencies, inherited via digibyte-message. - Updates package-lock.json to reflect the overridden versions.
author: Pawel Zelawski <pawel.zelawski@outlook.com> 2025-04-10 19:08:03 +0200
committer: Pawel Zelawski <pawel.zelawski@outlook.com> 2025-04-10 19:08:03 +0200
commit: 8978768890b945d36d78eedb0019d877ca327dca (patch)
tree: 22f5d82cc0178aebee8f3ea7c4ec1d5ae630a3a8
parent: 27ee7449f9e21502814000652ee72532439fed57 (diff)
2 files changed, 30 insertions, 21 deletions
diff --git a/package-lock.json b/package-lock.json
index 5dd28ee..31d3e66 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "digiid-ts",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "digiid-ts",
-      "version": "0.1.0",
+      "version": "1.0.0",
       "license": "MIT",
       "dependencies": {
         "digibyte-message": "github:digicontributer/bitcore-message#9d9c8ad30158db25f683e2dee746a14a9d7ec8a0"
@@ -933,13 +933,6 @@
         "concat-map": "0.0.1"
       }
     },
-    "node_modules/@microsoft/api-extractor/node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@microsoft/api-extractor/node_modules/lru-cache": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -2506,20 +2499,32 @@
       "license": "MIT"
     },
     "node_modules/elliptic": {
-      "version": "6.4.0",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz",
-      "integrity": "sha512-s8oifyiQMQi+n/gJuw37WK3D1aVOWIgj59+DBsg48eJPo34QZWl2cl9kL4SI/W94/AdMFAyXG+QnSzbXQ+iJ1w==",
+      "version": "6.6.1",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.1.tgz",
+      "integrity": "sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==",
       "license": "MIT",
       "dependencies": {
-        "bn.js": "^4.4.0",
-        "brorand": "^1.0.1",
+        "bn.js": "^4.11.9",
+        "brorand": "^1.1.0",
         "hash.js": "^1.0.0",
-        "hmac-drbg": "^1.0.0",
-        "inherits": "^2.0.1",
-        "minimalistic-assert": "^1.0.0",
-        "minimalistic-crypto-utils": "^1.0.0"
+        "hmac-drbg": "^1.0.1",
+        "inherits": "^2.0.4",
+        "minimalistic-assert": "^1.0.1",
+        "minimalistic-crypto-utils": "^1.0.1"
       }
     },
+    "node_modules/elliptic/node_modules/bn.js": {
+      "version": "4.12.1",
+      "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.1.tgz",
+      "integrity": "sha512-k8TVBiPkPJT9uHLdOKfFpqcfprwBFOAAXXozRubr7R7PfIuKvQlzcI4M0pALeqXN09vdaMbUdUj+pass+uULAg==",
+      "license": "MIT"
+    },
+    "node_modules/elliptic/node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
     "node_modules/emoji-regex": {
       "version": "9.2.2",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
@@ -3482,9 +3487,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.4",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
-      "integrity": "sha512-6X37Sq9KCpLSXEh8uM12AKYlviHPNNk4RxiGBn4cmKGJinbXBneWIV7iE/nXkM928O7ytHcHb6+X6Svl0f4hXg==",
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
       "license": "MIT"
     },
     "node_modules/lodash.merge": {
diff --git a/package.json b/package.json
index 79849c5..8468c97 100644
--- a/package.json
+++ b/package.json
@@ -72,5 +72,9 @@
   },
   "dependencies": {
     "digibyte-message": "github:digicontributer/bitcore-message#9d9c8ad30158db25f683e2dee746a14a9d7ec8a0"
+  },
+  "overrides": {
+    "elliptic": "^6.6.1",
+    "lodash": "^4.17.21"
   }
 }
author	Pawel Zelawski <pawel.zelawski@outlook.com>	2025-04-10 19:08:03 +0200
committer	Pawel Zelawski <pawel.zelawski@outlook.com>	2025-04-10 19:08:03 +0200
commit	8978768890b945d36d78eedb0019d877ca327dca (patch)
tree	22f5d82cc0178aebee8f3ea7c4ec1d5ae630a3a8
parent	27ee7449f9e21502814000652ee72532439fed57 (diff)