Update bn.js to address security vulnerabilities

[richardsimko]

GHSA-378v-28hj-76wf

bn.js has a vulnerability which is fixed in 5.2.3, however this package depends on ^4.0.0 making resolution impossible for consumers of this package. Would it be possible to update bn.js to 5.2.3?

[spdaley]

From looking at indutny/bn.js#316, it looks like they've also fixed the 4.x version in 4.12.3 but, at the very least, the github advisory doesn't seem to be aware of the v4 fix.

[richardsimko]

Thanks! I opened github/advisory-database#7000 to try to get an update to the advisory