Security Vulnerabilities in @layerzerolabs/lz-v2-utilities Package

[abubakvr]

Issue Summary

The npm audit report has identified multiple security vulnerabilities in the elliptic package, which is a dependency of the @ethersproject/signing-key, which is indirectly a dependency of @ethersproject/abi after installing @layerzerolabs/lz-v2-utilities package.

Vulnerabilities

1. Elliptic's EDDSA missing signature length check
   • Advisory: GHSA-f7q4-pwc6-w24p
2. Elliptic's ECDSA missing check for whether leading bit of r and s is zero
   • Advisory: GHSA-977x-g7h5-7qgw
3. Elliptic allows BER-encoded signatures
   • Advisory: GHSA-49q7-c7j4-3p7m

Steps to Reproduce

1. Run npm audit in the project.
2. Observe the vulnerabilities mentioned above.

The audit suggests running npm audit fix --force, but this will result in a breaking change by downgrading @layerzerolabs/lz-v2-utilities to version 2.1.6.