search

intacct / intacct-sdk-js

Official repository of the Sage Intacct SDK for JavaScript in Node.js
https://developer.intacct.com/tools/sdk-node-js/
Apache License 2.0
22 stars 31 forks source link

Potential security issue: dependency on xml2js v0.4.x #120

Open arthur-zhao-anrok opened 1 year ago

arthur-zhao-anrok commented 1 year ago

@intacct/intacct-sdk depends on xml2js v0.4.x. This version has a vulnerability (link). Can we upgrade to 0.5.x?

Thanks!

blimmer commented 3 months ago

@arthur-zhao-anrok I opened #129 to fix this issue. If you've got contacts at Intacct, it'd be great to get them to merge this.