Closed lukewang2018 closed 1 year ago
@lukewang2018 We have an internal ticket open and are working on it. we will do a release soon.
Thanks @IBMalok for your quick response! Waiting for new release.
@lukewang2018 A new version of ibm-cos-sdk-js(1.13.1) is released with the vulnerability fix. Can you close this issue
Thanks a lot! Yes, v1.13.1 will fix the issue.
[Security] Need to bump up xml2js to be 0.5.0 to fix the security issue CVE-2023-0842
We are using ibm-cos-sdk-js which depends on a vulnerable version of xml2js which is vulnerable to prototype pollution. Refer to https://github.com/advisories/GHSA-776f-qx25-q3cc
Could you help make a release with latest xml2js? Thanks a lot!
"xml2js": "^0.5.0",
btw, please also fix other audit issues via
npm audit fix --force
. Thanks!