From 717b31fd24378b3159b2a70e5a8c08f76f6a6fb9 Mon Sep 17 00:00:00 2001
From: Jesse Houwing <jesse.houwing@gmail.com>
Date: Thu, 18 Mar 2021 16:09:07 +0100
Subject: [PATCH] Fixes CVE in xmldom by taking latest x2js

---
 BuildTasks/PublishExtension/.snyk             |  4 ----
 BuildTasks/PublishExtension/package-lock.json | 15 ++++-----------
 BuildTasks/PublishExtension/package.json      |  2 +-
 3 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/BuildTasks/PublishExtension/.snyk b/BuildTasks/PublishExtension/.snyk
index 6aa330c1..8b28ab24 100644
--- a/BuildTasks/PublishExtension/.snyk
+++ b/BuildTasks/PublishExtension/.snyk
@@ -5,8 +5,4 @@ ignore:
   'npm:shelljs:20140723':
     - azure-pipelines-task-lib > shelljs:
         reason: No patch available. Code currently not exposed through extension.
-  SNYK-JS-XMLDOM-1084960:
-    - x2js > xmldom:
-        reason: No fix available at the moment.
-        expires: '2021-04-15T10:34:22.850Z'
 patch: {}
diff --git a/BuildTasks/PublishExtension/package-lock.json b/BuildTasks/PublishExtension/package-lock.json
index b5348ae6..fd24a878 100644
--- a/BuildTasks/PublishExtension/package-lock.json
+++ b/BuildTasks/PublishExtension/package-lock.json
@@ -272,18 +272,11 @@
       "integrity": "sha1-r5jpvvy0YsCrbHUu3QgstS+1MKA="
     },
     "x2js": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/x2js/-/x2js-3.4.0.tgz",
-      "integrity": "sha512-1tozn7D51ghz2DAiy5U6R55qn9x2F3lHUxusOD0QtYlLSDGxyXjHfn0c508eXG1D7s8qqj54SiU5HsPEfhDIpg==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/x2js/-/x2js-3.4.1.tgz",
+      "integrity": "sha512-RCMEmHNsyeyzF5NyGHbmCCZU9N8uMiz9FluAj3CpfVREHpgm3JB9Wr/dEWdPqGHmK3lRd2fm0ccOWtuJ2YUowQ==",
       "requires": {
-        "xmldom": "^0.1.19"
-      },
-      "dependencies": {
-        "xmldom": {
-          "version": "0.1.31",
-          "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.31.tgz",
-          "integrity": "sha512-yS2uJflVQs6n+CyjHoaBmVSqIDevTAWrzMmjG1Gc7h1qQ7uVozNhEPJAwZXWyGQ/Gafo3fCwrcaokezLPupVyQ=="
-        }
+        "xmldom": "^0.5.0"
       }
     },
     "xmldom": {
diff --git a/BuildTasks/PublishExtension/package.json b/BuildTasks/PublishExtension/package.json
index 5e6b7b54..fe3d1373 100644
--- a/BuildTasks/PublishExtension/package.json
+++ b/BuildTasks/PublishExtension/package.json
@@ -13,7 +13,7 @@
     "fs-extra": "^5.0.0",
     "temp": "^0.8.3",
     "uuidv5": "^1.0.0",
-    "x2js": "^3.4.0",
+    "x2js": "^3.4.1",
     "xmldom": "^0.5.0"
   },
   "devDependencies": {