Update to work with xml2js 0.5.0

blueasysoft / resx-json-typescript-converter

A small tool to generate json-files and a ready-to-use resource manager in typescript from c# *.resx-files.

Other

2 stars 5 forks source link

Update to work with xml2js 0.5.0 #4

Closed curiouscatgithub closed 1 year ago

curiouscatgithub commented 1 year ago

xml2js has been updated with a breaking version to address a security issue: https://github.com/Leonidas-from-XIV/node-xml2js/issues/667. This change makes resx-json-typescript-converter work with xml2js 0.5.0

curiouscatgithub commented 1 year ago

@mvdcorput , @Thodor12 , @lheasysoft , @blueasysoft could you please take a look at this small change? It is needed to address a vulnerability in xml2js dependency.

Thodor12 commented 1 year ago

It looks good to me, but @lheasysoft is the only maintainer of this repository as far as I'm aware, I cannot merge this. I don't know if he/she is still active on Github, their account looks pretty dead. Worst case scenario you'd have to fork and re-release under a different name (license permits this)

Alternatively you can grab the index.ts source and pull it into your own code.

blueasysoft commented 1 year ago

LH ist not available at the moment. I guess he will answer in 2-3 weeks and a merge is likely.

lheasysoft commented 1 year ago

I am finally back and will take a look at the PR very soon. Sorry for letting you wait that long.

curiouscatgithub commented 1 year ago

Thank you @lheasysoft.

lheasysoft commented 1 year ago

First of all: Thanks for your contribution :-) I appreciate that you provided a working fix for the breaking changes in xml2js. I will merge this PR and update the npm package.

Just one question: Why did you change the package name in package.json? This package is "https://www.npmjs.com/package/resx-json-typescript-converter" (a major overhaul of "resx-to-typescript"). As I can't update the "resx-to-typescript" package on npm, I will stick with "resx-json-typescript-converter" for the name as this is the package that is maintained.

curiouscatgithub commented 1 year ago

Thanks for reviewing and merging! As to change to the package name, Im not aware I have changed it, in my pull request I think it did not change, in any case nothing intentional. Thanks again.

lheasysoft commented 1 year ago

Sorry, I got that wrong. There was a change in the package-lock.json. But it was actually setting the right name there instead of the old, wrong one. My bad. Thanks again for you commit :-)