fix: package.json & package-lock.json to reduce vulnerabilities (#305)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874
2025-12-19 04:17:44 +00:00 · 2023-04-10 00:41:47 +08:00
parent 565ee609ef
commit 04003a709e
2 changed files with 31 additions and 8 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -46,7 +46,7 @@
        "uuid-random": "^1.3.2",
        "verify-aws-sns-signature": "^0.1.0",
        "ws": "^8.9.0",
-        "xml2js": "^0.4.23"
+        "xml2js": "^0.5.0"
      },
      "devDependencies": {
        "clear-module": "^4.1.2",
@@ -3264,6 +3264,18 @@
        "node": ">=12.x"
      }
    },
+    "node_modules/drachtio-modesl/node_modules/xml2js": {
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
+      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "dependencies": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~11.0.0"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
    "node_modules/drachtio-srf": {
      "version": "4.5.23",
      "resolved": "https://registry.npmjs.org/drachtio-srf/-/drachtio-srf-4.5.23.tgz",
@@ -8597,9 +8609,9 @@
      }
    },
    "node_modules/xml2js": {
-      "version": "0.4.23",
-      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
-      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz",
+      "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==",
      "dependencies": {
        "sax": ">=0.6.0",
        "xmlbuilder": "~11.0.0"
@@ -11239,6 +11251,17 @@
        "eventemitter2": "^6.4.4",
        "uuid-random": "^1.3.2",
        "xml2js": "^0.4.19"
+      },
+      "dependencies": {
+        "xml2js": {
+          "version": "0.4.23",
+          "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
+          "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+          "requires": {
+            "sax": ">=0.6.0",
+            "xmlbuilder": "~11.0.0"
+          }
+        }
      }
    },
    "drachtio-srf": {
@@ -15304,9 +15327,9 @@
      "requires": {}
    },
    "xml2js": {
-      "version": "0.4.23",
-      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
-      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz",
+      "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==",
      "requires": {
        "sax": ">=0.6.0",
        "xmlbuilder": "~11.0.0"
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
    "uuid-random": "^1.3.2",
    "verify-aws-sns-signature": "^0.1.0",
    "ws": "^8.9.0",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
  },
  "devDependencies": {
    "clear-module": "^4.1.2",