bug: dependency installation with 2 high severity vulnerabilities

[caeduInformaticas]

Bug Report

Capacitor Version

@capacitor/core: 4.7.3
@capacitor/cli: 4.7.3
@capacitor/android: not installed
@capacitor/ios: not installed

Platform(s)

none

Current Behavior

when creating a project and installing the dependencies as output 2 high severity vulnerabilities:

npm audit report

xml2js < 0.5.0
Severity: high
xml2js is vulnerable to prototype pollution - GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
@capacitor/cli *
Depends on vulnerable versions of xml2js
node_modules/@capacitor/cli

2 high severity vulnerabilities

Expected Behavior

clean install

Code Reproduction

Other Technical Details

npm --version output:
9.5.0
node --version output:
18.15.0

pod --version output (iOS issues only):

Additional Context

1 create a project = ionic start app_name
2 start app successfully
3 rm -r node_modules; rm package-lock.json
4 npm install
5 output with 2 high severity vulnerabilities

// It is not blocking but it should be fixed

Thanks

[pmarkoulidakis]

The security issue has been discussed here:
Leonidas-from-XIV/node-xml2js#663
And the PR comments
Leonidas-from-XIV/node-xml2js#603

[caeduInformaticas]

Thanks friend

[ionitron-bot]

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.