[Snyk] Security upgrade crypto-browserify from 3.12.0 to 3.12.1

[Omrisnyk]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	124/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00062, Social Trends: No, Days since published: 362, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	No	No Known Exploit	No Path Found
	112/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00116, Social Trends: No, Days since published: 1358, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 6.65, Likelihood: 1.67, Score Version: V5	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: crypto-browserify

• 3.12.1 - 2024-10-22
  

  v3.12.1

• 3.12.0 - 2017-11-03
  

  3.12.0

from crypto-browserify GitHub release notes

Commit messages

Package name: crypto-browserify

The new version differs by 31 commits.

• 55476ac v3.12.1
• 3f564b4 [Tests] ignore the "low" warning from elliptic
• b2cadea [Tests] node 22+ removes `crypto.createCipher`
• 6fad824 [Tests] add `nyc`
• 42cfba1 [Dev Deps] update `@ ljharb/eslint-config`, `object.entries`, `tape`
• 73a8db9 [Tests] replace `aud` with `npm audit`
• b638139 [meta] add `sideEffects` flag
• 5db1531 [readme] minor cleanups
• 7050e61 Merge tags: `v2.1.9`, `v2.1.10`, `v2.1.11`, `v3.0.1`, `v3.0.2`, `v3.0.3`, `v3.2.0`, `v3.2.1`, `v3.2.2`, `v3.2.3`, `v3.2.4`, `v3.2.5`, `v3.2.6`, `v3.8.3`, `v3.9.0`, `v3.9.1`, `v3.9.2`, `v3.9.3`, `v3.9.4`, `v3.9.7`, `v3.9.8`, `v3.9.9`, `v3.9.10`, `v3.9.11`, `v3.9.12`, `v3.9.13`, `v3.9.14`, `v3.10.0`, `v3.11.0`, `v3.11.1`, `v3.12.0`
• 2e18bb2 [meta] document support as node 0.10+
• da8a1a2 [Deps] update `browserify-sign`
• 0c62cf8 [Deps] pin `hash-base` to ~3.0, due to a breaking change
• 3878562 [Tests] remove zuul; it’s dead
• 0bc31e6 [Dev Deps] update `aud`, `tape`
• 8ff13b0 [Tests] skip `engines` check for now
• 24eea0d [Tests] mostly switch to Github Actions
• 797455f [Tests] node 17 doesn’t support rmd160
• 33596f6 [Tests] node 17+ requires a DH key length of >= 512
• 1179f7c [Deps] update `browserify-cipher browserify-sign `, `create-ecdh`, `create-hash`, `create-hmac`, `diffie-hellman`, `inherits`, `pbkdf2`, `public-encrypt`, `randombytes`, `randomfill`
• 0a9aab4 [Tests] rename test scripts to match my conventions
• 7223ce7 [meta] update repo URLs
• 5757219 [Tests] refactor so tests are not recursive
• e592c95 [Dev Deps] update `safe-buffer`, `tape`, `zuul`
• 7d8170e Only apps should have lockfiles

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cryptographic Issues