MGASA-2026-0004 Updated sodium packages fix security vulnerability

Libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. CVE-2025-69277...

0xsodium (>=0.2.0 <=0.14.0), @0xsodium/graphquery (>=0.2.0 <=0.14.0) +176 more potentially affected by CVE-2024-21529 via dset (>=3.1.0 <=3.1.3)

dset NPM version =3.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.0.4, =0.0.4, =0.6.0, =0.2.0, =0.2.0, =0.0.0, =1.4.0-beta.2, =0.1.0, =0.1.10, =0.1.11 - @didomi/react =1.8.3 and more Source cves: CVE-2024-21529 Source advisory: SNYK:JS-DSET-7116691...