[Snyk] Security upgrade crypto-js from 4.1.1 to 4.2.0

[isomeradmin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: crypto-js

The new version differs by 23 commits.

• ac34a5a Merge branch 'release/4.2.0' into develop
• d5af3ae Update release notes.
• 9496e07 Bump version.
• 421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
• d1f4f4d Update grunt.
• 1da3dab Discontinued
• 4dcaa7a Merge pull request feat(identity): add types to user router #380 from Alanscut/dev
• 762feb2 chore: rename BF to Blowfish
• fb81418 feat: blowfish support
• c8a2312 Merge pull request [REF] Property setting on express request #379 from Alanscut/dev
• 09ee2ab feat: custom KDF hasher
• 0229694 Merge branch 'develop' of ssh://github.com/brix/crypto-js into develop
• df09288 Remove travis status, as travis is not used anymore.
• 6703e79 Merge pull request [Snyk] Security upgrade axios from 0.21.1 to 0.21.3 #285 from paulmwatson/develop
• d50d964 No es default param.
• 4840268 Merge pull request test(identity): add unit tests for user/sites service #378 from Elity/develop
• f92ddc0 Merge pull request Refactor/separate auth initialisation #377 from Alanscut/dev
• fe84967 fix: es-check error
• ca7384f test: add test case,using salt in the config
• dcc3848 fix:The "cfg.salt" parameter don't work
• ecfe2e4 Update dev dependencies.
• a4dac50 Merge branch 'release/4.1.1' into develop
• 71ad0bc Minor typo fix: varialbes => variables

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

[seaerchin]

will close after crypto-js removed