Merge pull request #1471 from mflasquin/bump-crypto-js

Bump crypto-js from 4.0.0 to 4.2.0 to fix CVE-2023-46233
foliojs · Nov 8, 2023 · befd432 · befd432 · othmane-elgoubi · Nov 8, 2023
2 parents 4ec77dd + 7135056
commit befd432
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ### Unreleased
 
 - Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a
+- Update crypto-js to v4.2.0 (properly fix security issue)
 
 ### [v0.13.0] - 2021-10-24
 

diff --git a/package.json b/package.json
@@ -48,7 +48,7 @@
     "rollup-plugin-cpy": "^2.0.1"
   },
   "dependencies": {
-    "crypto-js": "^4.0.0",
+    "crypto-js": "^4.2.0",
     "fontkit": "^1.8.1",
     "linebreak": "^1.0.2",
     "png-js": "^1.0.0"

diff --git a/yarn.lock b/yarn.lock
@@ -2946,10 +2946,10 @@ crypto-browserify@^3.0.0:
     randombytes "^2.0.0"
     randomfill "^1.0.3"
 
-crypto-js@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.0.0.tgz#2904ab2677a9d042856a2ea2ef80de92e4a36dcc"
-  integrity sha512-bzHZN8Pn+gS7DQA6n+iUmBfl0hO5DJq++QP3U6uTucDtk/0iGpXd/Gg7CGR0p8tJhofJyaKoWBuJI4eAO00BBg==
+crypto-js@^4.2.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631"
+  integrity sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==
 
 cssom@^0.5.0:
   version "0.5.0"