From c455d384c69e208103c5bb411216a3be299dfe50 Mon Sep 17 00:00:00 2001
From: Steve Hobbs <steve.hobbs@auth0.com>
Date: Wed, 26 May 2021 13:37:57 +0100
Subject: [PATCH] Pin crypto-js to 3.3.0 (#131)

Merging as we temporarily accept the risk of the vulnerability in `crypto-js@3.3.0`.
---
 package-lock.json | 6 +++---
 package.json      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 937009c..085bf58 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3923,9 +3923,9 @@
       "dev": true
     },
     "crypto-js": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.0.0.tgz",
-      "integrity": "sha512-bzHZN8Pn+gS7DQA6n+iUmBfl0hO5DJq++QP3U6uTucDtk/0iGpXd/Gg7CGR0p8tJhofJyaKoWBuJI4eAO00BBg=="
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz",
+      "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q=="
     },
     "css-color-names": {
       "version": "0.0.4",
diff --git a/package.json b/package.json
index 7fed443..b633d0e 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
   "license": "MIT",
   "dependencies": {
     "base64-js": "^1.3.0",
-    "crypto-js": "^4.0.0",
+    "crypto-js": "3.3.0",
     "es6-promise": "^4.2.8",
     "jsbn": "^1.1.0",
     "unfetch": "^4.1.0",