Bumping @azure/storage-blob for security issue

microsoft / backfill

A JavaScript caching library for reducing build time

MIT License

157 stars 31 forks source link

Closed jcreamer898 closed 1 year ago

jcreamer898 commented 1 year ago

There is a downstream CVE in xml2js 0.4.23.

Bumping the storage-blob package will fix it by ensuring it uses 0.5.0 of xml2js.

ecraig12345 commented 1 year ago

I ended up doing this update and the Node version bump in separate PRs. New version should be released shortly.