Update xml-crypto dependency to ^2.0.0 in version 1.22.1 and publish new 1.X.X version as PATCH or MINOR

[marcosins]

Description

Feature request: I would like you to consider updating xml-crypto to version ^2.0.0 in strong-soap@1.22.1 and up.

xml-crypto@2.0.0 solves an Improper Key Verification vulnerability by disabling by default support for the HMAC-SHA1 'signing' algorithm, as described in their release page.

For tag 1.22.1 the only instance were strong-soap uses xml-crypto is here in WSSecurityCert.js:
https://github.com/strongloop/strong-soap/blob/bda154bd9610d9cdfaf0f4c800b11d19bbb5d500/src/security/WSSecurityCert.js#L9

Expected result

Either strong-soap@1.22.2 or strong-soap-@1.23.0 is published with xml-crypto@2.0.0 as dependency.

Additional information

• linux x64 12.20.0

[dhmlau]

@marcosins, would you like to submit a PR? Thanks.

[marcosins]

Hi @dhmlau, I published #302. Let me know if anything else needs to be done in order to comply with your contributing guidelines.

[marcosins]

I'm submitting again my changes in #305 with more clean commits

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.