From d47b4f3bb05e7ef3052eb3efab23b91cf4a470a8 Mon Sep 17 00:00:00 2001
From: Nathan Walker <walkerrunpdx@gmail.com>
Date: Sat, 26 Jul 2025 18:13:10 -0700
Subject: [PATCH] fix(security): xml2js and braces

closes https://github.com/NativeScript/nativescript-cli/security/dependabot/234
closes https://github.com/NativeScript/nativescript-cli/security/dependabot/207
---
 package-lock.json | 4 +++-
 package.json      | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8a0235a463..40a16f7da7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -106,6 +106,7 @@
         "@types/ws": "8.5.14",
         "@types/xml2js": "0.4.14",
         "@types/yargs": "17.0.33",
+        "braces": ">=3.0.3",
         "chai": "5.2.0",
         "chai-as-promised": "8.0.1",
         "conventional-changelog-cli": "^5.0.0",
@@ -122,7 +123,8 @@
         "lint-staged": "~15.4.3",
         "mocha": "11.1.0",
         "sinon": "19.0.2",
-        "source-map-support": "0.5.21"
+        "source-map-support": "0.5.21",
+        "xml2js": ">=0.5.0"
       },
       "engines": {
         "node": ">=20.0.0"
diff --git a/package.json b/package.json
index 002823db4e..8b38c82ca1 100644
--- a/package.json
+++ b/package.json
@@ -144,6 +144,7 @@
     "@types/ws": "8.5.14",
     "@types/xml2js": "0.4.14",
     "@types/yargs": "17.0.33",
+    "braces": ">=3.0.3",
     "chai": "5.2.0",
     "chai-as-promised": "8.0.1",
     "conventional-changelog-cli": "^5.0.0",
@@ -160,7 +161,8 @@
     "lint-staged": "~15.4.3",
     "mocha": "11.1.0",
     "sinon": "19.0.2",
-    "source-map-support": "0.5.21"
+    "source-map-support": "0.5.21",
+    "xml2js": ">=0.5.0"
   },
   "optionalDependencies": {
     "fsevents": "*"
@@ -181,4 +183,4 @@
   "lint-staged": {
     "*.ts": "prettier --write"
   }
-}
+}
\ No newline at end of file