xml2js security issue for version 0.2.8 in azure-storage

[saileerane]

For latest features support, please switch to Azure Storage JavaScript SDK V10.

Which service(blob, file, queue, table) does this issue concern?

The issue is caused by the xml2js@0.2.8 version. This needs to be updated to xml2js@0.5.0 in azure-storage@2.10.7

Which version of the SDK was used?

azure-storage@2.10.7

What's the Node.js/Browser version?

node 18

What problem was encountered?

xml2js@0.2.8 introduces security vulnerabilities which can be fixed by upgrading to xml2js@0.5.0

Steps to reproduce the issue?

Install azure-storage@2.10.7 and check dependencies for xml2js

Have you found a mitigation/solution?

Upgrade xml2js to 0.5.0 version

[rjumatov]

You should not use this library as there won't be any updates.

If there is a severe security issue take a look into SECURITY.md as it states:

Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them to the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report.