From 7a64772f44b63a576919aa3a596eb3bf0eac0bc5 Mon Sep 17 00:00:00 2001
From: Anthony Tarlao <anthony.tarlao@gmail.com>
Date: Thu, 28 Mar 2024 11:15:20 +0100
Subject: [PATCH] Fix vulnerable dependencies axios, xml2js and mocha to pass
 npm audit

---
 CHANGELOG.md | 4 ++++
 package.json | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f79f6f..d4dfc39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Unreleased
+
+- Fix vulnerable dependencies axios, xml2js and mocha to pass npm audit.
+
 ## 1.0.0 (2022-08-18)
 
 - Initial stable release. This supports importing sprite map files into Apostrophe to create individual SVG sprite pieces.
diff --git a/package.json b/package.json
index 471673e..6d544ee 100644
--- a/package.json
+++ b/package.json
@@ -24,15 +24,15 @@
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^4.0.1",
-    "mocha": "^7.2.0"
+    "mocha": "^10.4.0"
   },
   "publishConfig": {
     "access": "public"
   },
   "dependencies": {
-    "axios": "^0.24.0",
+    "axios": "^1.6.8",
     "glob": "^7.2.0",
     "lodash": "^4.17.21",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.6.2"
   }
 }