https://github.com/advisories/GHSA-mpg4-rc92-vx8v

NaturalIntelligence / fast-xml-parser

Validate XML, Parse XML and Build XML rapidly without C/C++ based libraries and no callback.

https://naturalintelligence.github.io/fast-xml-parser/

MIT License

2.54k stars 306 forks source link

https://github.com/advisories/GHSA-mpg4-rc92-vx8v #665

Closed sean-hill closed 2 months ago

sean-hill commented 2 months ago

My build system is reporting this vulnerability. Because of the dependency @aws-sdk/core has on fast-xml-parser. I was just curious if you guys were aware of this and if any updates were being made. Thanks!

github-actions[bot] commented 2 months ago

We're glad you find this project helpful. We'll try to address this issue ASAP. You can vist https://solothought.com to know recent features. Don't forget to star this repo.

amitguptagwl commented 2 months ago

The fixed was provided in v4.4.1. However, it has no impact on mentioned library.

nileshtrivedi commented 2 months ago

This has been fixed in aws-sdk/core v3.621.0: https://github.com/aws/aws-sdk-js-v3/issues/6367

sean-hill commented 2 months ago

@nileshtrivedi thank you!