There is a breaking change in CryptoJS 4+ from 3+ which is not considered a breaking change in this repository, because this repository don't use the affected functions from CryptoJS that have this breaking changes.
- upgraded CryptoJS to v4.2.0
Here are the release notes of the CryptoJS lib that explains the breaking change
4.2.0
Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
Custom KDF Hasher
Blowfish support
4.1.1
Fix module order in bundled release.
Include the browser field in the released package.json.
4.1.0
Added url safe variant of base64 encoding. https://github.com/brix/crypto-js/pull/357
Avoid webpack to add crypto-browser package. https://github.com/brix/crypto-js/pull/364
4.0.0
This is an update including breaking changes for some environments.
In this version Math.random() has been replaced by the random methods of the native crypto module.
For this reason CryptoJS might not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native.
3.3.0
Rollback, 3.3.0 is the same as 3.1.9-1.
The move of using native secure crypto module will be shifted to a new 4.x.x version. As it is a breaking change the impact is too big for a minor release.