[Snyk] Security upgrade crypto-js from 4.1.1 to 4.2.0

[PayPayOpenSourceIntegrations]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: crypto-js

The new version differs by 23 commits.

• ac34a5a Merge branch 'release/4.2.0' into develop
• d5af3ae Update release notes.
• 9496e07 Bump version.
• 421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
• d1f4f4d Update grunt.
• 1da3dab Discontinued
• 4dcaa7a Merge pull request Bump eslint from 8.4.1 to 8.5.0 #380 from Alanscut/dev
• 762feb2 chore: rename BF to Blowfish
• fb81418 feat: blowfish support
• c8a2312 Merge pull request Bump @types/node from 16.11.12 to 17.0.1 #379 from Alanscut/dev
• 09ee2ab feat: custom KDF hasher
• 0229694 Merge branch 'develop' of ssh://github.com/brix/crypto-js into develop
• df09288 Remove travis status, as travis is not used anymore.
• 6703e79 Merge pull request Bump @types/node from 15.3.1 to 16.4.13 #285 from paulmwatson/develop
• d50d964 No es default param.
• 4840268 Merge pull request Bump ts-jest from 27.1.1 to 27.1.2 #378 from Elity/develop
• f92ddc0 Merge pull request Bump @types/node from 16.11.12 to 17.0.0 #377 from Alanscut/dev
• fe84967 fix: es-check error
• ca7384f test: add test case,using salt in the config
• dcc3848 fix:The "cfg.salt" parameter don't work
• ecfe2e4 Update dev dependencies.
• a4dac50 Merge branch 'release/4.1.1' into develop
• 71ad0bc Minor typo fix: varialbes => variables

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[ghost]

Black Duck Security Report

Merging #771 into master will not change security risk.

Added Components

Clean: 1

Removed Components

Clean: 4

Click here to see full report