Security Issue: Outdated `crypto-js` Dependency

[BhattJayD]

Describe the bug
The react-native-config-encrypted package uses an outdated version of crypto-js (3.1.9-1), which contains two known vulnerabilities:

1. CVE-2023-46233 - Use of Weak Hash (crypto-js < 4.2.0)
2. CVE-2020-36732 - Insecure Randomness (crypto-js >= 3.2.0 < 3.2.1)

These issues could weaken the security of encrypted environment variables, making them potentially susceptible to attacks.

To Reproduce

1. Install react-native-config-encrypted in a project.
2. Check the package.json and yarn.lock/package-lock.json to verify the crypto-js version.
3. Observe that crypto-js version is 3.1.9-1, which is outdated and vulnerable.

Expected behavior
The package should use a secure version of crypto-js (at least 4.2.0) to mitigate known security risks.

Smartphone (please complete the following information):
N/A

Additional context

Suggested Fix

Upgrade crypto-js to 4.2.0 or later to resolve the known security vulnerabilities.

References:

• https://security.snyk.io/vuln/npm?search=crypto-js
• https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119
• https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472

Thank you for maintaining this package! Looking forward to your response.