From 9df66379c5c6796242698864b516fb0ea9c64b31 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 12 Apr 2023 02:45:25 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- package-lock.json | 43 ++++++++++++++++++++++++++++++++++--------- package.json | 2 +- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1123f7ede538..5d2bc0eac8a3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -73,7 +73,7 @@ "remark-parse-no-trim": "^8.0.4", "remark-rehype": "^10.1.0", "revalidator": "^0.3.1", - "rss-parser": "^3.12.0", + "rss-parser": "^3.13.0", "scroll-anchoring": "^0.1.0", "semver": "^7.3.5", "slash": "^4.0.0", @@ -19094,12 +19094,24 @@ } }, "node_modules/rss-parser": { - "version": "3.12.0", - "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.12.0.tgz", - "integrity": "sha512-aqD3E8iavcCdkhVxNDIdg1nkBI17jgqF+9OqPS1orwNaOgySdpvq6B+DoONLhzjzwV8mWg37sb60e4bmLK117A==", + "version": "3.13.0", + "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.13.0.tgz", + "integrity": "sha512-7jWUBV5yGN3rqMMj7CZufl/291QAhvrrGpDNE4k/02ZchL0npisiYYqULF71jCEKoIiHvK/Q2e6IkDwPziT7+w==", "dependencies": { "entities": "^2.0.3", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" + } + }, + "node_modules/rss-parser/node_modules/xml2js": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "dependencies": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + }, + "engines": { + "node": ">=4.0.0" } }, "node_modules/run-parallel": { @@ -22356,6 +22368,7 @@ "version": "0.4.23", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "optional": true, "dependencies": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" @@ -37030,12 +37043,23 @@ "dev": true }, "rss-parser": { - "version": "3.12.0", - "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.12.0.tgz", - "integrity": "sha512-aqD3E8iavcCdkhVxNDIdg1nkBI17jgqF+9OqPS1orwNaOgySdpvq6B+DoONLhzjzwV8mWg37sb60e4bmLK117A==", + "version": "3.13.0", + "resolved": "https://registry.npmjs.org/rss-parser/-/rss-parser-3.13.0.tgz", + "integrity": "sha512-7jWUBV5yGN3rqMMj7CZufl/291QAhvrrGpDNE4k/02ZchL0npisiYYqULF71jCEKoIiHvK/Q2e6IkDwPziT7+w==", "requires": { "entities": "^2.0.3", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" + }, + "dependencies": { + "xml2js": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "requires": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + } + } } }, "run-parallel": { @@ -39535,6 +39559,7 @@ "version": "0.4.23", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "optional": true, "requires": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" diff --git a/package.json b/package.json index b925ec98fc3e..43b53151203d 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,7 @@ "remark-parse-no-trim": "^8.0.4", "remark-rehype": "^10.1.0", "revalidator": "^0.3.1", - "rss-parser": "^3.12.0", + "rss-parser": "^3.13.0", "scroll-anchoring": "^0.1.0", "semver": "^7.3.5", "slash": "^4.0.0",