Twist lock complaining about public-encrypt

[HMhamedminaee]

When we run twist lock on ibm-cos-sdk package it complains about public-encrypt

A quick npm list shows it is coming from ibm-cos-sdk package

npm list public-encrypt └─┬ ibm-cos-sdk@1.11.0 └─┬ crypto-browserify@3.12.0 └── public-encrypt@4.0.3

More info:

`Type: compliance
Sev.: high
Description: Private keys stored in image
Found: /opt/app-root/node_modules/public-encrypt/test/1024.priv, /opt/app-root/node_modules/public-encrypt/test/ec.pass.priv, /opt/app-root/node_modules/public-encrypt/test/ec.priv, /opt/app-root/node_modules/public-encrypt/test/pass.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.1024.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.2028.priv, /opt/app-root/node_modules/public-encrypt/test/rsa.pass.priv, /opt/app-root/node_modules/public-encrypt/test/test_key.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey.pem, /opt/app-root/node_modules/public-encrypt/test/test_rsa_privkey_encrypted.pem

Images affected:`

[IBMeric]

I believe the tool is detecting test code from public-encrypt. If you look at their source repo (and the paths above), you'll see that these files are all related to tests for that package: https://github.com/crypto-browserify/publicEncrypt/.

It looks like there is already an upstream issue: browserify/publicEncrypt#19. Once that is resolved and crypto-browserify is updated, we can pick up a new version.