Skip to content

Commit 4e9ba53

Browse files
committed
deps: update "xml2js"
Problem: outdated `xml2js` dependency is pulled in by `webfont`, which hasn't been active for 2 years. $ npm ls xml2js aws-toolkit-vscode@2.6.0-SNAPSHOT /Volumes/workplace/aws-toolkit-vscode ├─┬ @vscode/vsce@2.19.0 │ └── xml2js@0.5.0 ├─┬ aws-sdk@2.1384.0 │ └── xml2js@0.5.0 ├─┬ vscode-nls-dev@4.0.4 │ └── xml2js@0.5.0 ├─┬ webfont@11.2.26 │ └── xml2js@0.4.23 └── xml2js@0.6.1 Solution: Add "overrides" directive to force the transitive "xml2js" package to a non-vulnerable version.
1 parent ac3097a commit 4e9ba53

File tree

2 files changed

+8
-3
lines changed

2 files changed

+8
-3
lines changed

package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4403,6 +4403,11 @@
44034403
"xml2js": "^0.6.1",
44044404
"yaml-cfn": "^0.3.2"
44054405
},
4406+
"overrides": {
4407+
"webfont": {
4408+
"xml2js": "0.5.0"
4409+
}
4410+
},
44064411
"prettier": {
44074412
"printWidth": 120,
44084413
"trailingComma": "es5",

0 commit comments

Comments
 (0)