fix(core): Update xml2js to address CVE-2023-0842 (#5948)

GH advisory: https://github.com/advisories/GHSA-776f-qx25-q3cc
2025-01-11 21:07:28 -08:00 · 2023-04-11 15:05:56 +02:00 · 2023-04-11 15:05:56 +02:00 · 3085ed9bee
parent f0eba0a2f3
commit 3085ed9bee
4 changed files with 19 additions and 29 deletions
--- a/package.json
+++ b/package.json
@ -79,6 +79,7 @@
      "tslib": "^2.5.0",
      "ts-node": "^10.9.1",
      "typescript": "^5.0.3",
+      "xml2js": "^0.5.0",
      "cpy@8>globby": "^11.1.0",
      "qqjs>globby": "^11.1.0"
    },
--- a/packages/nodes-base/package.json
+++ b/packages/nodes-base/package.json
@ -802,7 +802,7 @@
    "@types/ssh2-sftp-client": "^5.1.0",
    "@types/tmp": "^0.2.0",
    "@types/uuid": "^8.3.2",
-    "@types/xml2js": "^0.4.3",
+    "@types/xml2js": "^0.4.11",
    "eslint-plugin-n8n-nodes-base": "^1.12.0",
    "gulp": "^4.0.0",
    "n8n-core": "workspace:*"
@ -902,6 +902,6 @@
    "uuid": "^8.3.2",
    "vm2": "~3.9.15",
    "xlsx": "^0.17.0",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
  }
 }
--- a/packages/workflow/package.json
+++ b/packages/workflow/package.json
@ -48,7 +48,7 @@
    "@types/lodash.merge": "^4.6.6",
    "@types/lodash.set": "^4.3.6",
    "@types/luxon": "^3.2.0",
-    "@types/xml2js": "^0.4.3"
+    "@types/xml2js": "^0.4.11"
  },
  "dependencies": {
    "@n8n_io/riot-tmpl": "^3.0.0",
@ -66,6 +66,6 @@
    "recast": "^0.21.5",
    "title-case": "^3.0.3",
    "transliteration": "^2.3.5",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -17,6 +17,7 @@ overrides:
  tslib: ^2.5.0
  ts-node: ^10.9.1
  typescript: ^5.0.3
+  xml2js: ^0.5.0
  cpy@8>globby: ^11.1.0
  qqjs>globby: ^11.1.0

@ -1410,8 +1411,8 @@ importers:
        specifier: ^0.17.0
        version: 0.17.5
      xml2js:
-        specifier: ^0.4.23
-        version: 0.4.23
+        specifier: ^0.5.0
+        version: 0.5.0
    devDependencies:
      '@types/amqplib':
        specifier: ^0.10.1
@ -1618,7 +1619,7 @@ importers:
        specifier: ^8.3.2
        version: 8.3.4
      '@types/xml2js':
-        specifier: ^0.4.3
+        specifier: ^0.4.11
        version: 0.4.11
      eslint-plugin-n8n-nodes-base:
        specifier: ^1.12.0
@ -1678,8 +1679,8 @@ importers:
        specifier: ^2.3.5
        version: 2.3.5
      xml2js:
-        specifier: ^0.4.23
-        version: 0.4.23
+        specifier: ^0.5.0
+        version: 0.5.0
    devDependencies:
      '@types/crypto-js':
        specifier: ^4.1.1
@ -1709,7 +1710,7 @@ importers:
        specifier: ^3.2.0
        version: 3.2.0
      '@types/xml2js':
-        specifier: ^0.4.3
+        specifier: ^0.4.11
        version: 0.4.11

 packages:
@ -1861,7 +1862,7 @@ packages:
      tslib: 2.5.0
      tunnel: 0.0.6
      uuid: 8.3.2
-      xml2js: 0.4.23
+      xml2js: 0.5.0
    transitivePeerDependencies:
      - encoding
    dev: false
@ -8251,7 +8252,7 @@ packages:
      url: 0.10.3
      util: 0.12.4
      uuid: 8.0.0
-      xml2js: 0.4.19
+      xml2js: 0.5.0
    dev: false

  /aws-sign2@0.7.0:
@ -8555,7 +8556,7 @@ packages:
    resolution: {integrity: sha512-tWvcAbh8QPd/lj+yfGZBMY/roof/e2iSXrJbYXYjxVhHQ88D2CF3AxDTdwhb9wcNdHVNbCttaWipchJPEs5r0g==}
    engines: {node: '>=10'}
    dependencies:
-      xml2js: 0.4.23
+      xml2js: 0.5.0
    dev: false

  /body-parser@1.20.1:
@ -18626,7 +18627,7 @@ packages:
    resolution: {integrity: sha512-aqD3E8iavcCdkhVxNDIdg1nkBI17jgqF+9OqPS1orwNaOgySdpvq6B+DoONLhzjzwV8mWg37sb60e4bmLK117A==}
    dependencies:
      entities: 2.2.0
-      xml2js: 0.4.23
+      xml2js: 0.5.0
    dev: false

  /run-async@2.4.1:
@ -20730,7 +20731,7 @@ packages:
      sqlite3: 5.1.6
      tslib: 2.5.0
      uuid: 9.0.0
-      xml2js: 0.4.23
+      xml2js: 0.5.0
      yargs: 17.6.2
    transitivePeerDependencies:
      - supports-color
@ -22145,15 +22146,8 @@ packages:
    engines: {node: '>=12'}
    dev: true

-  /xml2js@0.4.19:
-    resolution: {integrity: sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==}
-    dependencies:
-      sax: 1.2.4
-      xmlbuilder: 9.0.7
-    dev: false
-
-  /xml2js@0.4.23:
-    resolution: {integrity: sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==}
+  /xml2js@0.5.0:
+    resolution: {integrity: sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==}
    engines: {node: '>=4.0.0'}
    dependencies:
      sax: 1.2.4
@ -22169,11 +22163,6 @@ packages:
    engines: {node: '>=4.0'}
    dev: false

-  /xmlbuilder@9.0.7:
-    resolution: {integrity: sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ==}
-    engines: {node: '>=4.0'}
-    dev: false
-
  /xmlchars@2.2.0:
    resolution: {integrity: sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==}
    dev: true