Remove CryptoJS dependency since its unmaintained

aws / aws-sigv4-auth-cassandra-nodejs-driver-plugin

A SigV4 authentication client side plugin for the open-source DataStax NodeJS Driver for Apache Cassandra. Allows use of IAM users and roles.

Apache License 2.0

5 stars 16 forks source link

Open oorestisime opened 9 months ago

oorestisime commented 9 months ago

This package relies on CryptoJS which is unmaintained and has often some vulnerabilities with latest being critical.

You rely on it for some hmac calculation. We can use native node crypto operations for them.

Would you accept a PR for this?

bhoudu commented 5 months ago

at least can it be updated to 4.2.0 ? as it solves OWASP critical status