Reputation: 91
xml2js is vulnerable to prototype pollution
xml2js <=0.4.23 Severity: high xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc No fix available node_modules/xml2js aws-sdk * Depends on vulnerable versions of xml2js node_modules/aws-sdk
2 high severity vulnerabilities
Upgraded aws-sdk npm package to latest version. But vulnerability still exists.
Upvotes: 8
Views: 6296
Answers (3)
Reputation: 51
Given answers work well for hiding the error but you will face errors while making a development build or apk of the app. Following steps helped me solve the issue:
Search for xml2js in package-lock.json file
You will find xml2js version like this
"xml2js" : "0.4.23"
You need to replace 0.4.23 by 0.5.0
`"xml2js" : "0.5.0"`
- Run
npm install
This will resolve the error.
Upvotes: 3
Reputation: 11
This solution worked for me
delete package-lock.json
delete node modules
npm i xml2jsadd this to my package.json:
"overrides": { "xml2js": "^0.5.0" }npm i
Upvotes: 0
Reputation: 747
- delete your
package-lock.json, - add this to your
package.json:
"overrides": {
"xml2js": "^0.5.0"
}
- reinstall the deps :
npm i
Upvotes: 16
Related Questions
- How to fix dependencies problems when installing firebase in my project?
- How to fix : Inefficient Regular Expression Complexity in chalk/ansi-regex
- How to fix "xml2js" vulnerability in npm audit report for Microsoft Office add-in packages?
- How to upgrade commons-codec 1.11 used by aws-sdk:ssm in gradle Java
- https-proxy-agent upgraded to 3.0.0 but npm audit still showing not fixed