xml2js 0.5.0 - regression

[rutanika]

Describe the bug

xml2js was upgraded to 0.5.0 due to sec vulnerability.
However, there was a regression reported in xml2js 0.5.0.
They released a fix in xml2js 0.6.0:
Leonidas-from-XIV/node-xml2js#677
Could you please upgrade xml2js to 0.6.0?
Thanks

Expected Behavior

upgrade xml2js to 0.6.0

Current Behavior

Leonidas-from-XIV/node-xml2js#677

Reproduction Steps

Leonidas-from-XIV/node-xml2js#677

Possible Solution

upgrade xml2js to 0.6.0

Additional Information/Context

No response

SDK version used

2.1421.0

Environment details (OS name and version, etc.)

NA

[RanVaknin]

Hi @rutanika ,

Is this breaking some existing implementation for you?

I can add it to the backlog, but since there is not CVE associated with it, it will be a lower priority.

Thanks,
Ran~

[rutanika]

Hi @RanVaknin,

You've upgraded to xml2js 0.5.0 due to CVE-2023-0842:
https://www.cve.org/CVERecord?id=CVE-2023-0842

However, there is regression reported in xml2js 0.5.0: Leonidas-from-XIV/node-xml2js#677

We use the following API operations of aws-sdk/clients/s3:
listObjectsV2
headObject
deleteObjects
putObject
copyObject
deleteObject
getObject

Does this regression in xml2js 0.5.0 affect these API operations?

[rutanika]

Hi @RanVaknin,
Any update?

[RanVaknin]

Now merged #4559