search

microsoft / tfs-cli

Cross-platform CLI for Microsoft Team Foundation Server and Visual Studio Team Services
MIT License
372 stars 132 forks source link

Bump xml2js from 0.4.19 to 0.5.0 #434

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps xml2js from 0.4.19 to 0.5.0.

Commits
  • 9f730bb Update package.json with latest PR
  • 50a492a Merge pull request #603 from autopulated/master
  • 7bc3c5d Merge pull request #598 from fnimick/master
  • f412a12 Merge pull request #635 from wisesimpson/patch-1
  • d318ce0 Update README.md
  • 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
  • a212950 Add documentation for explicitCharkey option
  • 1832e0b Merge pull request #512 from economia/master
  • 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
  • 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/tfs-cli/network/alerts).
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
BernieWhite commented 1 year ago

Any update approving this one?

kirill-ivlev commented 1 year ago

@BernieWhite thank you for your contribution, let us test this changes and merge after it

JamieMagee commented 1 year ago

This resolves a high severity security vulnerability https://github.com/advisories/GHSA-776f-qx25-q3cc

ThomasFWise commented 1 year ago

@kirill-ivlev Any update on validating? @microsoft/azure-pipelines-platform - Could we get a review on this?

DannyAg commented 1 year ago

Any update? Awaiting to remediate a security vulnerability.

kyle-rader-msft commented 1 year ago

@microsoft/azure-pipelines-platform @kirill-ivlev We really need to merge this.

kyle-rader-msft commented 1 year ago

Thank you!!