Skip to content

Commit 9af6a38

Browse files
heitorPBheitorPB
committed
fix: bump xmlbuilder2 version to address security vulnerability
xmlbuilder2 has a dependency on js-yaml. js-yaml versions <3.14.2 has a moderate severity vulnerability (CVE-2025-64718). This patch bumps xmlbuilder2 to a version that depends on the fixed js-yaml. fix #3519
1 parent f611532 commit 9af6a38

2 files changed

Lines changed: 34 additions & 56 deletions

File tree

package-lock.json

Lines changed: 33 additions & 55 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
"spark-md5": "3.0.2",
4343
"utif": "3.1.0",
4444
"webworker-promise": "0.5.0",
45-
"xmlbuilder2": "3.1.1"
45+
"xmlbuilder2": "^4.0.3"
4646
},
4747
"devDependencies": {
4848
"@commitlint/cli": "19.7.1",

0 commit comments

Comments
 (0)