Port PR #25502 from main

- bump xml2js version to resolve CVE-2023-0842 for @azure/core-http (#25502) @azure/core-http
Azure · Apr 17, 2023 · 9b3f06a · 9b3f06a
1 parent 1df8a1c
commit 9b3f06a
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 21 deletions.
diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml
diff --git a/sdk/core/core-http/CHANGELOG.md b/sdk/core/core-http/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Release History
 
+## 2.3.2 (2023-04-17)
+
+### Other Changes
+
+- Upgrade dependency `xml2js` version to `^0.5.0`.
+
 ## 2.3.1 (2022-11-09)
 
 ### Bugs Fixed

diff --git a/sdk/core/core-http/package.json b/sdk/core/core-http/package.json
@@ -130,7 +130,7 @@
     "tslib": "^2.2.0",
     "tunnel": "^0.0.6",
     "uuid": "^8.3.0",
-    "xml2js": "^0.4.19"
+    "xml2js": "^0.5.0"
   },
   "devDependencies": {
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",