fix: address high severity issue by upgrading fast-xml-parser (#83)

Upgrade fast-xml-parser from v3 to v4 in order to address a (according to npm) high severity vulnerability, namely CVE-2023-34104. I did not evaluate the impact of the CVE on this project, but upgrading is easy enough and avoids any potential problems. Plus, staying on the latest available version is always good :)
simple-icons · Jun 8, 2023 · a609b86 · a609b86
1 parent 2d0f467
commit a609b86
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 29 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -39,7 +39,7 @@
     "ansi-regex": "^5.0.1",
     "chalk": "^5.0.0",
     "cheerio": "^1.0.0-rc.6",
-    "fast-xml-parser": "^3.12.13",
+    "fast-xml-parser": "^4.2.4",
     "glob": "^7.1.2",
     "htmlparser2": "^3.9.1",
     "log-update": "^5.0.0",

diff --git a/src/rules/valid.js b/src/rules/valid.js
@@ -1,5 +1,5 @@
 import Logger from "../lib/logger.js";
-import xmlParser from "fast-xml-parser";
+import { XMLValidator } from "fast-xml-parser";
 const logger = Logger("rule:valid");
 
 /** @typedef {import("../lib/reporter.js")} Reporter */
@@ -34,7 +34,7 @@ export default {
                 logger.debug("Encountered empty SVG. Considering valid");
                 return;
             }
-            const result = xmlParser.validate(ast.source);
+            const result = XMLValidator.validate(ast.source);
             if (result !== true) {
                 reporter.error(result.err.msg, null, ast);
             }