search

huaweicloud / huaweicloud-sdk-nodejs-obs

Apache License 2.0
27 stars 10 forks source link

Vulnerability in xml2js 0.4.23 #22

Open edmondtm opened 1 year ago

edmondtm commented 1 year ago

Dependencies "xml2js": "0.4.23" has security vulnerabilities. https://github.com/advisories/GHSA-776f-qx25-q3cc

TakdanaiBook commented 1 year ago

I've managed to work around the issue by adding the following resolution field in package.json :

// package.json
{
  "name": "example",
  (...)
  "resolutions": {
    "xml2js": "^0.5.0"
  }
}

I'm using yarn and OBS methods seem to work just fine.

Important notes:

always test if it works properly before using this workaround.