Skip to content

Commit 9c8b394

Browse files
mergify[bot]CopilotGytisCepk
authored
Security Fix: Remove unnecessary fast-xml-parser override (backport #9095) [release/4.11.x] (#9098)
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Gytis Cepkauskas <98940208+GytisCepk@users.noreply.github.com>
1 parent 4a44512 commit 9c8b394

4 files changed

Lines changed: 30 additions & 15 deletions

File tree

common/config/rush/pnpm-config.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
"playwright": "~1.56.1", // https://github.com/advisories/GHSA-7mvr-c777-76hp @itwin/oidc-signin-tool>@playwright/test
1414
"qs": "^6.14.1", // http://github.com/advisories/GHSA-6rw7-vpxm-498p @itwin/certa>express>qs
1515
"browserslist": "latest", // https://github.com/browserslist/update-db#readme
16-
"fast-xml-parser": "^5.3.6", // https://github.com/advisories/GHSA-jmr7-xgp7-cmfj @google-cloud/storage > fast-xml-parser
1716
"minimatch@<3.1.4": "^3.1.4", // https://github.com/advisories/GHSA-7r86-cg39-jmmj and https://github.com/advisories/GHSA-23c5-xmqv-rm74
1817
"minimatch@>=5.0.0 <5.1.8": "^5.1.8", // https://github.com/advisories/GHSA-7r86-cg39-jmmj and https://github.com/advisories/GHSA-23c5-xmqv-rm74
1918
"minimatch@>=9.0.0 <9.0.7": "^9.0.7", // https://github.com/advisories/GHSA-7r86-cg39-jmmj and https://github.com/advisories/GHSA-23c5-xmqv-rm74
@@ -43,4 +42,4 @@
4342
}
4443
}
4544
}
46-
}
45+
}

common/config/rush/pnpm-lock.yaml

Lines changed: 21 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

full-stack-tests/presentation/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@
5959
"fast-sort": "^3.0.2",
6060
"mocha": "^10.2.0",
6161
"rimraf": "^3.0.2",
62-
"fast-xml-parser": "^5.3.6",
62+
"fast-xml-parser": "^5.5.6",
6363
"global-jsdom": "^26.0.0",
6464
"internal-tools": "workspace:*",
6565
"prettier": "^3.2.5",
@@ -110,4 +110,4 @@
110110
"./lib/**/*.test.js"
111111
]
112112
}
113-
}
113+
}

full-stack-tests/presentation/src/IModelSetupUtils.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
import path from "path";
66
import sanitize from "sanitize-filename";
77
import { IModelDb, IModelJsFs, SnapshotDb } from "@itwin/core-backend";
8-
import { GuidString, Id64String } from "@itwin/core-bentley";
8+
import { assert, GuidString, Id64String } from "@itwin/core-bentley";
99
import {
1010
BisCodeSpec,
1111
CategoryProps,
@@ -67,7 +67,11 @@ export function importSchema(mochaContext: Mocha.Context, imodel: { importSchema
6767
const parsedSchema = new XMLParser({
6868
ignoreAttributes: false,
6969
attributeNamePrefix: "",
70-
isArray: (_, jpath) => jpath.startsWith("ECSchema."),
70+
jPath: true,
71+
isArray: (_, jpath) => {
72+
assert(typeof jpath === "string");
73+
return jpath.startsWith("ECSchema.");
74+
},
7175
}).parse(schemaXml);
7276
const schemaItems = Object.values(parsedSchema.ECSchema)
7377
.flatMap<any>((itemDef) => itemDef)

0 commit comments

Comments
 (0)