recalbox-manager [Snyk] Security upgrade xml2js from 0.4.23 to 0.5.0

[Snyk] Security upgrade xml2js from 0.4.23 to 0.5.0

Open snyk-bot opened this issue 1 year ago • 0 comments

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: xml2js

The new version differs by 18 commits.

bd0f780 Bump dependency versions to fix security issues
3a8d46e Update lockfile
9f730bb Update package.json with latest PR
50a492a Merge pull request #603 from autopulated/master
7bc3c5d Merge pull request #598 from fnimick/master
f412a12 Merge pull request #635 from wisesimpson/patch-1
d318ce0 Update README.md
581b19a use Object.create(null) to create all parsed objects (prevent prototype replacement)
a212950 Add documentation for `explicitCharkey` option
1832e0b Merge pull request #512 from economia/master
198063c Merge pull request #556 from Omega-Ariston/fix-issue544
0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
a44bad4 Update README.md
a3ae596 append example to README for issue #552
aad6dd6 fix issue554
fa32064 readme updated with default empty tag as function
f074644 cr fixes (will be squashed after another cr)
19a4c2f Call function for emptyTag if specified

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Apr 14 '23 14:04 snyk-bot