Remove CryptoJS dependency since its unmaintained

[oorestisime]

This package relies on CryptoJS which is unmaintained and has often some vulnerabilities with latest being critical.

You rely on it for some hmac calculation. We can use native node crypto operations for them.

Would you accept a PR for this?

[bhoudu]

at least can it be updated to 4.2.0 ? as it solves OWASP critical status