From 8817a147922428437d7e90f7e5b5653d503dce97 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 20:01:39 +0000
Subject: [PATCH] Bump xml2js and express-xml-bodyparser

Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) to 0.6.2 and updates ancestor dependency [express-xml-bodyparser](https://github.com/macedigital/express-xml-bodyparser). These dependencies need to be updated together.


Updates `xml2js` from 0.4.23 to 0.6.2
- [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.6.2)

Updates `express-xml-bodyparser` from 0.3.0 to 0.4.1
- [Release notes](https://github.com/macedigital/express-xml-bodyparser/releases)
- [Commits](https://github.com/macedigital/express-xml-bodyparser/compare/v0.3.0...v0.4.1)

---
updated-dependencies:
- dependency-name: xml2js
  dependency-version: 0.6.2
  dependency-type: indirect
- dependency-name: express-xml-bodyparser
  dependency-version: 0.4.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 25 +++++++------------------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bcf119f..4b6bfcd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,7 @@
         "cors": "2.8.4",
         "express": "4.21.2",
         "express-fileupload": "^1.1.9",
-        "express-xml-bodyparser": "0.3.0",
+        "express-xml-bodyparser": "0.4.1",
         "http-errors": "1.7.2",
         "jsonwebtoken": "^9.0.0",
         "lodash": "^4.17.15",
@@ -2339,26 +2339,15 @@
       }
     },
     "node_modules/express-xml-bodyparser": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/express-xml-bodyparser/-/express-xml-bodyparser-0.3.0.tgz",
-      "integrity": "sha512-biHFKaZsPZQaf6H+xB8f8aawqe4c671JIF2RN8f3k9iOtPe8TVBb4H8tQkURFWFpGic53TCD5+uno9u52hdYoA==",
-      "dependencies": {
-        "xml2js": "^0.4.11"
-      },
-      "engines": {
-        "node": ">=0.10"
-      }
-    },
-    "node_modules/express-xml-bodyparser/node_modules/xml2js": {
-      "version": "0.4.23",
-      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
-      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/express-xml-bodyparser/-/express-xml-bodyparser-0.4.1.tgz",
+      "integrity": "sha512-PlojEEQXdwc68ofPiAanknPf4QBTrFWXPZ+5jDhfrXP/CdLaqEQxQuuzrCqnvy1kETciTxz6OFnDZW/rIxtmlQ==",
+      "license": "MIT",
       "dependencies": {
-        "sax": ">=0.6.0",
-        "xmlbuilder": "~11.0.0"
+        "xml2js": "^0.6.2"
       },
       "engines": {
-        "node": ">=4.0.0"
+        "node": ">=18.0"
       }
     },
     "node_modules/express/node_modules/debug": {
diff --git a/package.json b/package.json
index f001e40..c547742 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
     "cors": "2.8.4",
     "express": "4.21.2",
     "express-fileupload": "^1.1.9",
-    "express-xml-bodyparser": "0.3.0",
+    "express-xml-bodyparser": "0.4.1",
     "http-errors": "1.7.2",
     "jsonwebtoken": "^9.0.0",
     "lodash": "^4.17.15",