SECURITY: bitcoin-core 3.0.0 depends on vulnerable version of json-bigint

[avillacis]

As reported by npm install bitcoin-core --save:

$ npm install bitcoin-core --save
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

added 69 packages, and audited 129 packages in 7s

3 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

$ npm audit
# npm audit report

json-bigint  <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install bitcoin-core@1.2.0, which is a breaking change
node_modules/json-bigint
  bitcoin-core  >=2.0.0
  Depends on vulnerable versions of json-bigint
  node_modules/bitcoin-core

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

From what I can understand from the GitHub advisory, the bitcoin-core library should be updated to use json-bigint 1.0.0 or later (if still required). Otherwise a malicious Bitcoin node might cause a DoS on the nodejs client by injecting a particular property in the JSON output.

[skeptrunedev]

I am also experiencing this issue

[pedrobranco]

Will be fixed in the next couple days.

[pedrobranco]

Fixed in #130 .