From 2c6408cd5ff5ce4b7264bea9c7a0465283aeedc7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 12 Apr 2023 05:56:55 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- package-lock.json | 43 ++++++++++++++++++++++++++++++++++--------- package.json | 2 +- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 04edba42d6c0..a979b104ad92 100644 --- a/package-lock.json +++ b/package-lock.json @@ -74,7 +74,7 @@ "remark-parse-no-trim": "^8.0.4", "remark-rehype": "^10.1.0", "revalidator": "^0.3.1", - "rss-parser": "^3.12.0", + "rss-parser": "^3.13.0", "scroll-anchoring": "^0.1.0", "semver": "^7.3.5", "slash": "^4.0.0", @@ -19130,12 +19130,24 @@ } }, "node_modules/rss-parser": { - "version": "3.12.0", - "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.12.0.tgz", - "integrity": "sha512-aqD3E8iavcCdkhVxNDIdg1nkBI17jgqF+9OqPS1orwNaOgySdpvq6B+DoONLhzjzwV8mWg37sb60e4bmLK117A==", + "version": "3.13.0", + "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.13.0.tgz", + "integrity": "sha512-7jWUBV5yGN3rqMMj7CZufl/291QAhvrrGpDNE4k/02ZchL0npisiYYqULF71jCEKoIiHvK/Q2e6IkDwPziT7+w==", "dependencies": { "entities": "^2.0.3", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" + } + }, + "node_modules/rss-parser/node_modules/xml2js": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "dependencies": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + }, + "engines": { + "node": ">=4.0.0" } }, "node_modules/run-parallel": { @@ -22151,6 +22163,7 @@ "version": "0.4.23", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "optional": true, "dependencies": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" @@ -36801,12 +36814,23 @@ "dev": true }, "rss-parser": { - "version": "3.12.0", - "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.12.0.tgz", - "integrity": "sha512-aqD3E8iavcCdkhVxNDIdg1nkBI17jgqF+9OqPS1orwNaOgySdpvq6B+DoONLhzjzwV8mWg37sb60e4bmLK117A==", + "version": "3.13.0", + "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.13.0.tgz", + "integrity": "sha512-7jWUBV5yGN3rqMMj7CZufl/291QAhvrrGpDNE4k/02ZchL0npisiYYqULF71jCEKoIiHvK/Q2e6IkDwPziT7+w==", "requires": { "entities": "^2.0.3", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" + }, + "dependencies": { + "xml2js": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "requires": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + } + } } }, "run-parallel": { @@ -39137,6 +39161,7 @@ "version": "0.4.23", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "optional": true, "requires": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" diff --git a/package.json b/package.json index d9f4bb8c8be3..5bcaf216f650 100644 --- a/package.json +++ b/package.json @@ -76,7 +76,7 @@ "remark-parse-no-trim": "^8.0.4", "remark-rehype": "^10.1.0", "revalidator": "^0.3.1", - "rss-parser": "^3.12.0", + "rss-parser": "^3.13.0", "scroll-anchoring": "^0.1.0", "semver": "^7.3.5", "slash": "^4.0.0",