Skip to content

Commit 4e9ba53

Browse files
justinmk3justinmk3
committed
deps: update "xml2js"
Problem: outdated `xml2js` dependency is pulled in by `webfont`, which hasn't been active for 2 years. $ npm ls xml2js [email protected] /Volumes/workplace/aws-toolkit-vscode ├─┬ @vscode/[email protected] │ └── [email protected] ├─┬ [email protected] │ └── [email protected] ├─┬ [email protected] │ └── [email protected] ├─┬ [email protected] │ └── [email protected] └── [email protected] Solution: Add "overrides" directive to force the transitive "xml2js" package to a non-vulnerable version.
1 parent ac3097a commit 4e9ba53

File tree

2 files changed

+8
-3
lines changed

2 files changed

+8
-3
lines changed

package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4403,6 +4403,11 @@
44034403
"xml2js": "^0.6.1",
44044404
"yaml-cfn": "^0.3.2"
44054405
},
4406+
"overrides": {
4407+
"webfont": {
4408+
"xml2js": "0.5.0"
4409+
}
4410+
},
44064411
"prettier": {
44074412
"printWidth": 120,
44084413
"trailingComma": "es5",

0 commit comments

Comments
 (0)