bump xml2js version to resolve CVE-2023-0842 for @azure/core-http (#2…

…5502) ### Packages impacted by this PR @azure/core-http ### Issues associated with this PR #25499 ### Describe the problem that is addressed by this PR Yes ### What are the possible designs available to address the problem? If there are more than one possible design, why was the one in this PR chosen? Just bumping the dependency version ### Are there test cases added in this PR? _(If not, why?)_ Just bumping the dependency version ### Provide a list of related PRs _(if any)_ ### Command used to generate this PR:**_(Applicable only to SDK release request PRs)_ ### Checklists - [x] Added impacted package name to the issue description - [x] Does this PR needs any fixes in the SDK Generator?** _(If so, create an Issue in the [Autorest/typescript](https://github.com/Azure/autorest.typescript) repository and link it here)_ - [ ] Added a changelog (if necessary)
Azure · Apr 10, 2023 · b6ec757 · b6ec757
1 parent c4b6d49
commit b6ec757
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml
diff --git a/sdk/core/core-http/package.json b/sdk/core/core-http/package.json
@@ -130,7 +130,7 @@
     "tslib": "^2.2.0",
     "tunnel": "^0.0.6",
     "uuid": "^8.3.0",
-    "xml2js": "^0.4.19"
+    "xml2js": "^0.5.0"
   },
   "devDependencies": {
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",