From bd049bfe584407996eebd58ea2b496564bbe5243 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Oct 2022 09:02:07 +0000
Subject: [PATCH 1/2] chore(deps): bump mocha from 10.0.0 to 10.1.0 (#401)

Bumps [mocha](https://github.com/mochajs/mocha) from 10.0.0 to 10.1.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v10.0.0...v10.1.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 13 +++----------
 package.json      |  2 +-
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1700584..0c2307d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -748,12 +748,6 @@
         }
       }
     },
-    "@ungap/promise-all-settled": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz",
-      "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==",
-      "dev": true
-    },
     "@xmldom/xmldom": {
       "version": "0.8.3",
       "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.3.tgz",
@@ -2753,12 +2747,11 @@
       "dev": true
     },
     "mocha": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.0.0.tgz",
-      "integrity": "sha512-0Wl+elVUD43Y0BqPZBzZt8Tnkw9CMUdNYnUsTfOM1vuhJVZL+kiesFYsqwBkEEuEixaiPe5ZQdqDgX2jddhmoA==",
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz",
+      "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==",
       "dev": true,
       "requires": {
-        "@ungap/promise-all-settled": "1.1.2",
         "ansi-colors": "4.1.1",
         "browser-stdout": "1.3.1",
         "chokidar": "3.5.3",
diff --git a/package.json b/package.json
index b62195a..9a93fec 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "eslint-plugin-node": "11.1.0",
     "eslint-plugin-promise": "5.2.0",
     "eslint-plugin-standard": "5.0.0",
-    "mocha": "10.0.0",
+    "mocha": "10.1.0",
     "mustache": "4.2.0",
     "nyc": "15.1.0",
     "sinon": "^14.0.1",

From f085124e6dcf9e1ff1480fef8858b4fd0ccae550 Mon Sep 17 00:00:00 2001
From: Yuan Ruo <yuanruo@data.gov.sg>
Date: Wed, 19 Oct 2022 17:01:07 +0800
Subject: [PATCH 2/2] fix: package.json & package-lock.json to reduce
 vulnerabilities (#403)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3042243

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 package-lock.json | 17 +++++------------
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0c2307d..74c24a5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1354,7 +1354,7 @@
     "escape-html": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
     },
     "escape-string-regexp": {
       "version": "4.0.0",
@@ -3973,20 +3973,13 @@
       }
     },
     "xml-encryption": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-2.0.0.tgz",
-      "integrity": "sha512-4Av83DdvAgUQQMfi/w8G01aJshbEZP9ewjmZMpS9t3H+OCZBDvyK4GJPnHGfWiXlArnPbYvR58JB9qF2x9Ds+Q==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-3.0.0.tgz",
+      "integrity": "sha512-Lf5bzosB3o6VPR9xHaomCbLGYbAUcpqP8UnKpnOwYwBbp2qz+L4YSMuaJsKtwoOfzV/xghX6Jlb5AXLEhjVhhw==",
       "requires": {
-        "@xmldom/xmldom": "^0.7.0",
+        "@xmldom/xmldom": "^0.8.3",
         "escape-html": "^1.0.3",
         "xpath": "0.0.32"
-      },
-      "dependencies": {
-        "@xmldom/xmldom": {
-          "version": "0.7.5",
-          "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.5.tgz",
-          "integrity": "sha512-V3BIhmY36fXZ1OtVcI9W+FxQqxVLsPKcNjWigIaa81dLC9IolJl5Mt4Cvhmr0flUnjSpTdrbMTSbXqYqV5dT6A=="
-        }
       }
     },
     "xml2json-light": {
diff --git a/package.json b/package.json
index 9a93fec..78f3bc4 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "jsonwebtoken": "^8.3.0",
     "lodash": "^4.17.21",
     "xml-crypto": "^3.0.0",
-    "xml-encryption": "^2.0.0",
+    "xml-encryption": "^3.0.0",
     "xml2json-light": "^1.0.6",
     "xpath": "0.0.32"
   },