From 3b925f0fc639aa5d852e130ace0b645cfd222beb Mon Sep 17 00:00:00 2001
From: Ken Irwin <ken@kenirwin.net>
Date: Mon, 10 Apr 2023 08:45:50 -0400
Subject: [PATCH] update xml2js version to 0.5.0

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the `__proto__` property to be edited.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index fd8e1eb..b566f01 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
     "deprecate": "^0.1.0",
     "lodash": "^4.13.1",
     "query-string": "^4.1.0",
-    "xml2js": "^0.4.16"
+    "xml2js": "^0.5.0"
   },
   "description": "NodeJS of CAS client.",
   "devDependencies": {