xml2js security issue for version 0.2.8 in azure-storage

[saileerane]

For latest features support, please switch to Azure Storage JavaScript SDK V10.

Which service(blob, file, queue, table) does this issue concern?

The issue is caused by the [email protected] version. This needs to be updated to [email protected] in [email protected]

Which version of the SDK was used?

[email protected]

What's the Node.js/Browser version?

node 18

What problem was encountered?

[email protected] introduces security vulnerabilities which can be fixed by upgrading to [email protected]

Steps to reproduce the issue?

Install [email protected] and check dependencies for xml2js

Have you found a mitigation/solution?

Upgrade xml2js to 0.5.0 version

[sm3sher]

You should not use this library as there won't be any updates.

If there is a severe security issue take a look into SECURITY.md as it states:

Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them to the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report.