Critical crypto.js vulnerability makes this library unusable. #7
Description
When trying to add this NPM module to my server and deploy code with it, I encountered this critical vulnerability:
# npm audit report
crypto-js <4.2.0
Severity: critical
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard - https://github.com/advisories/GHSA-xwcq-pm8m-c4vf
No fix available
node_modules/crypto-js
paapi5-nodejs-sdk *
Depends on vulnerable versions of crypto-js
node_modules/paapi5-nodejs-sdk
2 critical severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Could you please refactor the code to use a different crypto-js module that does not have this vulnerability? In the meantime, I just downloaded the source code and modified it myself for use on my server.