From cfff0640f8de74775b617245f99ae4cd3eea391c Mon Sep 17 00:00:00 2001 From: Rafael Magrin Date: Wed, 12 Jul 2023 11:31:12 -0300 Subject: [PATCH] Update xml2js to version 0.6.0 The original change to fix CVE-2023-0842 in xml2js that was released with xml2js version 0.5.0 introduced some breaking changes. A second fix was made that was released with xml2js version 0.6.0. This change updates xml2js to version 0.6.0 in order to avoid problems caused by the breaking changes introduced in xml2js version 0.5.0. Reference: https://github.com/Leonidas-from-XIV/node-xml2js/pull/674 --- package-lock.json | 18 +++++++++--------- package.json | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 59ec869..90321e1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,15 +1,15 @@ { "name": "body-parser-xml", - "version": "2.0.4", + "version": "2.0.5", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "body-parser-xml", - "version": "2.0.4", + "version": "2.0.5", "license": "MIT", "dependencies": { - "xml2js": "^0.5.0" + "xml2js": "^0.6.0" }, "devDependencies": { "body-parser": "^1.20.2", @@ -2610,9 +2610,9 @@ "dev": true }, "node_modules/xml2js": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", - "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.0.tgz", + "integrity": "sha512-eLTh0kA8uHceqesPqSE+VvO1CDDJWMwlQfB6LuN6T8w6MaDJ8Txm8P7s5cHD0miF0V+GGTZrDQfxPZQVsur33w==", "dependencies": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" @@ -4614,9 +4614,9 @@ "dev": true }, "xml2js": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", - "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.0.tgz", + "integrity": "sha512-eLTh0kA8uHceqesPqSE+VvO1CDDJWMwlQfB6LuN6T8w6MaDJ8Txm8P7s5cHD0miF0V+GGTZrDQfxPZQVsur33w==", "requires": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" diff --git a/package.json b/package.json index 6d81de2..cabc524 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ }, "homepage": "https://github.com/fiznool/body-parser-xml#readme", "dependencies": { - "xml2js": "^0.5.0" + "xml2js": "^0.6.0" }, "devDependencies": { "body-parser": "^1.20.2",