From 786114e30f5a9bf54f5a09d0873f84867639bc43 Mon Sep 17 00:00:00 2001
From: Evan Charlton <evancharlton@gmail.com>
Date: Wed, 17 Sep 2025 09:35:37 +0000
Subject: [PATCH] fix: Bump xml2js to ^0.6.2

`xml2js` prior to 0.5.0 is vulnerable (see: [CVE-2023-0842]). This
change bumps `jsonfromresx` to use the latest version, which is still
compatible with `jsonfromresx`'s usage of `parseString`.

[CVE-2023-0842]: https://nvd.nist.gov/vuln/detail/CVE-2023-0842
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 361cfa4..b472145 100644
--- a/package.json
+++ b/package.json
@@ -35,6 +35,6 @@
     "grunt-contrib-watch": "^0.6.1"
   },
   "dependencies": {
-    "xml2js": "^0.4.10"
+    "xml2js": "^0.6.2"
   }
 }