[Backport 2.x] Bump xml2js from 0.4.23 to 0.5.0 (opensearch-project#3851

)

* Bump xml2js from 0.4.23 to 0.5.0 (opensearch-project#3842)

* Create 1.3.8 release notes

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unused tags

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove old changelog

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Fix typo

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Address comments

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Add PRs

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Bump xml2js from 0.4.22 to 0.5.0

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Add change log for CVE

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Bump version for osd-test package

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Modify PR link for changelog

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Fix changelog and dependency package version

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Fix aws sdk version

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

---------

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>
(cherry picked from commit c755b49)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md

* add changelog

Signed-off-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>

CHANGELOG.md

@@ -14,6 +14,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455))
 - [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))
 - [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533))
+- [CVE-2023-0842] Bump xml2js from 0.4.23 to 0.5.0 ([#3842](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3842))
 
 ### 📈 Features/Enhancements
 

package.json

@@ -98,7 +98,8 @@
     "**/unset-value": "^2.0.1",
     "**/minimatch": "^3.0.5",
     "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1",
-    "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1"
+    "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1",
+    "**/xml2js": "^0.5.0"
   },
   "workspaces": {
     "packages": [
@@ -466,7 +467,7 @@
     "vega-schema-url-parser": "^2.1.0",
     "vega-tooltip": "^0.30.0",
     "vinyl-fs": "^3.0.3",
-    "xml2js": "^0.4.22",
+    "xml2js": "^0.5.0",
     "xmlbuilder": "13.0.2",
     "zlib": "^1.0.5"
   },

packages/osd-test/package.json

@@ -37,7 +37,7 @@
     "rxjs": "^6.5.5",
     "strip-ansi": "^6.0.0",
     "tar-fs": "^2.1.0",
-    "xml2js": "^0.4.22",
+    "xml2js": "^0.5.0",
     "zlib": "^1.0.5"
   }
 }

yarn.lock

@@ -3746,9 +3746,9 @@
   integrity sha512-JRGsPEPCrYqTXU0Cr+Yu7esPBE2yvH7ucOHr+JuBy0F59kglPvO5gkmtyEvf3P6dASSkScvy/XQ6SC1QEBFDuA==
 
 "@types/xml2js@^0.4.5":
-  version "0.4.9"
-  resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.9.tgz#a38267d8c2fe121c96922b12ee3bd89a58a6e20e"
-  integrity sha512-CHiCKIihl1pychwR2RNX5mAYmJDACgFVCMT5OArMaO3erzwXVcBqPcusr+Vl8yeeXukxZqtF8mZioqX+mpjjdw==
+  version "0.4.11"
+  resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79"
+  integrity sha512-JdigeAKmCyoJUiQljjr7tQG3if9NkqGUgwEUqBvV0N7LM4HyQk7UXCnusRa1lnvXAEYJ8mw8GtZWioagNztOwA==
   dependencies:
     "@types/node" "*"
 
@@ -18857,18 +18857,10 @@ xml-parse-from-string@^1.0.0:
   resolved "https://registry.yarnpkg.com/xml-parse-from-string/-/xml-parse-from-string-1.0.1.tgz#a9029e929d3dbcded169f3c6e28238d95a5d5a28"
   integrity sha1-qQKekp09vN7RafPG4oI42VpdWig=
 
-xml2js@0.4.19:
-  version "0.4.19"
-  resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7"
-  integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==
-  dependencies:
-    sax ">=0.6.0"
-    xmlbuilder "~9.0.1"
-
-xml2js@^0.4.22, xml2js@^0.4.5:
-  version "0.4.23"
-  resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.23.tgz#a0c69516752421eb2ac758ee4d4ccf58843eac66"
-  integrity sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==
+xml2js@0.4.19, xml2js@^0.4.5, xml2js@^0.5.0:
+  version "0.5.0"
+  resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7"
+  integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==
   dependencies:
     sax ">=0.6.0"
     xmlbuilder "~11.0.0"
@@ -18883,11 +18875,6 @@ xmlbuilder@~11.0.0:
   resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3"
   integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==
 
-xmlbuilder@~9.0.1:
-  version "9.0.7"
-  resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d"
-  integrity sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ==
-
 xmlchars@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"