Fix vulnerability by updating bn.js versions to address CVE-2026-2739

common/config/rush/.pnpmfile.cjs

@@ -61,8 +61,13 @@ module.exports = {
         if (pkg.dependencies['lodash']) {
           pkg.dependencies['lodash'] = '4.17.23';
         }
+        if (pkg.dependencies['bn.js']) {
+          pkg.dependencies['bn.js'] = pkg.dependencies['bn.js'].startsWith('^5') 
+            ? '5.2.3' 
+            : '4.12.3';
+        }
       }
-
+      
       if (pkg.devDependencies) {
         if (pkg.devDependencies['http-proxy']) {
           pkg.devDependencies['http-proxy'] = '1.18.1';
@@ -109,6 +114,11 @@ module.exports = {
         if (pkg.devDependencies['lodash']) {
           pkg.devDependencies['lodash'] = '4.17.23';
         }
+        if (pkg.devDependencies['bn.js']) {
+          pkg.devDependencies['bn.js'] = pkg.devDependencies['bn.js'].startsWith('^5') 
+            ? '5.2.3' 
+            : '4.12.3';
+        }
       }
 
       return pkg;