fix(core): Update xml2js to address CVE-2023-0842 (#5948)

GH advisory: GHSA-776f-qx25-q3cc
n8n-io · Apr 11, 2023 · 3085ed9 · 3085ed9
1 parent f0eba0a
commit 3085ed9
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 29 deletions.
diff --git a/package.json b/package.json
@@ -79,6 +79,7 @@
       "tslib": "^2.5.0",
       "ts-node": "^10.9.1",
       "typescript": "^5.0.3",
+      "xml2js": "^0.5.0",
       "cpy@8>globby": "^11.1.0",
       "qqjs>globby": "^11.1.0"
     },

diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json
@@ -802,7 +802,7 @@
     "@types/ssh2-sftp-client": "^5.1.0",
     "@types/tmp": "^0.2.0",
     "@types/uuid": "^8.3.2",
-    "@types/xml2js": "^0.4.3",
+    "@types/xml2js": "^0.4.11",
     "eslint-plugin-n8n-nodes-base": "^1.12.0",
     "gulp": "^4.0.0",
     "n8n-core": "workspace:*"
@@ -902,6 +902,6 @@
     "uuid": "^8.3.2",
     "vm2": "~3.9.15",
     "xlsx": "^0.17.0",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
   }
 }
diff --git a/packages/workflow/package.json b/packages/workflow/package.json
@@ -48,7 +48,7 @@
     "@types/lodash.merge": "^4.6.6",
     "@types/lodash.set": "^4.3.6",
     "@types/luxon": "^3.2.0",
-    "@types/xml2js": "^0.4.3"
+    "@types/xml2js": "^0.4.11"
   },
   "dependencies": {
     "@n8n_io/riot-tmpl": "^3.0.0",
@@ -66,6 +66,6 @@
     "recast": "^0.21.5",
     "title-case": "^3.0.3",
     "transliteration": "^2.3.5",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml