Bump simple-crypto-js from 2.2.0 to 2.3.0

[dependabot]

Bumps simple-crypto-js from 2.2.0 to 2.3.0.

Release notes

Sourced from simple-crypto-js's releases.

2.3.0

What's New in 2.3.0

• Fix chosen cipher text attacks vulnerability (thanks @paragonie-scott and @adi928).
• Fix security risk in dependencies by upgrading them.

For full change-log, please refers to CHANGELOG file.

Changelog

Sourced from simple-crypto-js's changelog.

Changes Log (What's New)

What's New in 3.0.0

• Upgrade crypto-js dependency to version 4.0.0. This version of crypto-js replaces Math.random() method with native crypto module, and will cause breaking changes in some environments that does not support native crypto module, like IE 10 earlier and React Native. If you are affected by these changes, please use SimpleCrypto ^2.5.0.

What's New in 2.5.0

• As the same with 2.4.1, but rollback crypto-js dependency to version 3.3.0 to maintain compatibility with environment that does not support native crypto module.

What's New in 2.4.2

• Removed empty string check to allow decryption and encryption on empty string (as suggested by @TransmissionsDev on issue#21).

What's New in 2.4.1

• Fix a bug on type detection mechanism where a string that begins with number detected as number when decryption, thus cutting the rest of the string result (thanks @TransmissionsDev).

What's New in 2.4.0

• Added data type detection. Decryption process will now return data with its proper data type. For now, object, string, number and boolean are supported.
• Added append() and update() functions, both to append and update the data buffer respectively.
• Added overload functions for decrpyt() and encrypt().
• Added initial support for encoding (see static variable SimpleCrypto.encoders). However, for now, it only supports UTF-8 even if you set another encoder.
• Added chaining functions support. Functions that initially have no return, like append(), update(), setSecret(), setEncoder(), now will returning its instance.
• Added static function SimpleCrypto.generateRandomString() and SimpleCrypto.generateRandomWordArray().

What's New in 2.3.1

• Fix npm dependencies security audit.

What's New in 2.3.0

• Fix chosen cipher text attacks vulnerability (thanks @paragonie-scott and @adi928).
• Upgrade crypto-js to version 4.0.0.
• Fix security risk in dev dependencies by upgrading them.

What's New in 2.2.0

• Fix CDN release, setting webpack output as UMD with default library name of SimpleCrypto.
• CDN now have two files you may use, the distribution file and minified distribution one.

What's New in 2.1.3

• Fix jsDelivr link

What's New in 2.1.2

• Update missing file in NPM release.

Commits

• 7303463 Change: run test of Travis
• a98e6b2 Add: NYC configuration file
• 0cf01f1 Release ver. 2.3.0
• bb3a8d0 Misc: idea
• 81de762 Fix: cryptographic test to conform #17
• ba6fd57 Docs: version 2.3.0 release
• 551b252 Merge pull request #16 from danang-id/dependabot/npm_and_yarn/acorn-6.4.1
• a868aea Merge pull request #14 from danang-id/dependabot/npm_and_yarn/handlebars-4.5.3
• 4165843 Merge pull request #17 from 418sec/master
• 6f21c80 Merge pull request #1 from adi928/master
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by danangid, a new releaser for simple-crypto-js since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.