Updates kyber dependencies

Fixes CVE-2020-13822 (elliptic) and CVE-2020-7660 (serialize-javascript)
dedis · Aug 19, 2020 · f4705ca · f4705ca
1 parent 6e09132
commit f4705ca
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 31 deletions.
diff --git a/PUBLISH.md b/PUBLISH.md
@@ -22,7 +22,7 @@ As we don't plan to have any big changes, the major-version is probably stuck
 A minor-version increase should be done for a new stable functionality that
  will be kept backward-compatible.
 A patch-version is mostly an irregular release whenever somebody thinks it's
- important to have the latest code available.
+ important to have the latest code available (use `npm version patch`).
 
 It is good to announce a release on the DEDIS/engineer slack channel.
 This allows others to know that a new release is about to happen and propose

diff --git a/external/js/kyber/package-lock.json b/external/js/kyber/package-lock.json
diff --git a/external/js/kyber/package.json b/external/js/kyber/package.json
@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "@dedis/kyber",
-  "version": "3.4.3",
+  "version": "3.4.4",
   "description": "A typescript implementation of Kyber interfaces",
   "main": "index.js",
   "browser": "bundle.min.js",
@@ -37,7 +37,7 @@
     "@types/elliptic": "^6.4.12",
     "bn.js": "^5.1.2",
     "crypto-browserify": "^3.12.0",
-    "elliptic": "^6.4.1",
+    "elliptic": "^6.5.3",
     "hash.js": "^1.1.3"
   },
   "devDependencies": {