SNOW-1621414: Update fast-xml-parser package to v4.4.1 to Fix ReDOS Vulnerability

[GOPIKRISHNA11596]

What is the current behavior?

Currently Snowflake-SDK using the "fast-xml-parser" version of "^4.2.5", But version below 4.4.1 is having ReDOS vulnerability. GHSA-mpg4-rc92-vx8v

What is the desired behavior?

To fix ReDOS vulnerability, need to update "fast-xml-parser" to "^4.4.1"

How would this improve snowflake-connector-nodejs?

It fixes ReDOS vulnerability

References, Other Background

Please go through link for more info,
Vulnerability : GHSA-mpg4-rc92-vx8v

[sfc-gh-dszmolka]

thank you for keeping a keen eye for vulnerabilities ! fortunately this doesn't affect snowflake-sdk.
requirement of "fast-xml-parser": "^4.2.5", means 'install the latest which is at least 4.2.5, but no greater or equal to 5.0.0' (docs)

so fixed fast-xml-parses is automatically installed when you (re)install snowflake-sdk. simple test:

# npm i snowflake-sdk
..gets installed
# npm list fast-xml-parser
test@ /test
`-- [email protected]
  +-- @aws-sdk/[email protected]
  | `-- @aws-sdk/[email protected]
  |   `-- [email protected] deduped
  +-- @google-cloud/[email protected]
  | `-- [email protected] deduped
  `-- [email protected].  <<<<< this is the fixed version which is installed automatically

closing this issue for now but if you found something different and have evidence that upon install, a vulnerable version of fast-xml-parser is installed, comment here please and i'll look.