Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential security issue: dependency on xml2js v0.4.x #120

Open
arthur-zhao-anrok opened this issue Jun 26, 2023 · 1 comment · May be fixed by #129
Open

Potential security issue: dependency on xml2js v0.4.x #120

arthur-zhao-anrok opened this issue Jun 26, 2023 · 1 comment · May be fixed by #129

Comments

@arthur-zhao-anrok
Copy link

arthur-zhao-anrok commented Jun 26, 2023
edited
Loading

@intacct/intacct-sdk depends on xml2js v0.4.x. This version has a vulnerability (link). Can we upgrade to 0.5.x?

Thanks!
@arthur-zhao-anrok arthur-zhao-anrok changed the title Potential security issue: dependency on xml2js v4.x Potential security issue: dependency on xml2js v0.4.x Jun 28, 2023
blimmer added a commit to blimmer/intacct-sdk-js that referenced this issue Apr 18, 2024
@blimmer
fix: bump xml2js to 0.6.2
e51f6ca 
Fixes intacct#120
Resolves https://nvd.nist.gov/vuln/detail/CVE-2023-0842
@blimmer blimmer linked a pull request Apr 18, 2024 that will close this issue
Open
@blimmer
Copy link

blimmer commented Apr 18, 2024

@arthur-zhao-anrok I opened #129 to fix this issue. If you've got contacts at Intacct, it'd be great to get them to merge this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bump xml2js to 0.6.2 blimmer/intacct-sdk-js
2 participants
@blimmer @arthur-zhao-anrok