security – xml2js is vulnerable to prototype pollution
I have added and deleted lock file and npm i
“overrides”: {
“xml2js”: “^0.5.0”
}
in package.json still package-lock.json showing
“aws-sdk”: {
“version”: “2.1181.0”,
“resolved”: “https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1181.0.tgz”,
“integrity”: “sha512-AAHSknRFAIjXBA/XNAL7gS79agr1LbS0oGimOJqJauGSJfWNaOpDc7z6OLNUQqGa5Joc3maD5QJcSKp1Pm/deQ==”,
“dev”: true,
“requires”: {
“buffer”: “4.9.2”,
“events”: “1.1.1”,
“ieee754”: “1.1.13”,
“jmespath”: “0.16.0”,
“querystring”: “0.2.0”,
“sax”: “1.2.1”,
“url”: “0.10.3”,
“util”: “^0.12.4”,
“uuid”: “8.0.0”,
“xml2js”: “0.4.19”
}
}
Read more here: Source link