Closed beltran-rubo closed 1 year ago
The xml2js included is 0.4.23 in the latest version availble (v3.7.1.). This includes the CVE-2023-0842. Do you plan to update this component to xml2js version 0.5.0 that includes the fix?
xml2js is not used directly by the renderer. It is a nested dependency of one of the jimp plugins, which we have no control over.
The xml2js included is 0.4.23 in the latest version availble (v3.7.1.). This includes the CVE-2023-0842. Do you plan to update this component to xml2js version 0.5.0 that includes the fix?