From 1b21e16cbc91b9627458dc40df878bd2342b9183 Mon Sep 17 00:00:00 2001
From: Zak Burke <zburke@ebsco.com>
Date: Wed, 14 Jun 2023 08:32:45 -0400
Subject: [PATCH] STCLI-234 bump fast-xml-parser (#331)

Bump `fast-xml-parser` to `^4.24` to avoid CVE-2023-34104, CVE-2023-26920

Refs STCLI-234
---
 CHANGELOG.md       | 1 +
 lib/cli/context.js | 4 ++--
 package.json       | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 46bbd0db..ca6939a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
 * Bump `just-kebab-case` to `^4.2.0`.
 * Remove `isbinaryfile` resolution.
 * Bump devdeps `sinon` to `15.0.4`, `sinon-chai` to `3.7.0`.
+* Bump `fast-xml-parser` to `4.2.4`. Refs STCLI-234.
 
 ## [2.7.0](https://github.com/folio-org/stripes-cli/tree/v2.7.0) (2023-02-07)
 [Full Changelog](https://github.com/folio-org/stripes-cli/compare/v2.6.3...v2.7.0)
diff --git a/lib/cli/context.js b/lib/cli/context.js
index cd698d69..ce1e02a6 100644
--- a/lib/cli/context.js
+++ b/lib/cli/context.js
@@ -9,7 +9,7 @@ const logger = require('./logger')();
 const globalDirs = require('./global-dirs');
 const { stripesModules, toFolioName } = require('../environment/inventory');
 
-const xmlParser = importLazy('fast-xml-parser');
+const { XMLParser } = importLazy('fast-xml-parser');
 
 const cliRoot = path.join(__dirname, '..', '..');
 
@@ -39,7 +39,7 @@ function loadXml(filePath) {
   let xml;
   try {
     const data = fs.readFileSync(filePath, 'utf-8');
-    xml = xmlParser.parse(data);
+    xml = (new XMLParser()).parse(data);
   } catch (err) {
     console.log(err);
   }
diff --git a/package.json b/package.json
index 756912b9..d5d062b7 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "configstore": "^3.1.1",
     "debug": "^4.0.1",
     "express": "^4.17.1",
-    "fast-xml-parser": "^3.12.10",
+    "fast-xml-parser": "^4.2.4",
     "find-up": "^2.1.0",
     "fs-extra": "^11.1.1",
     "get-stdin": "^6.0.0",