xml2js security vulnerability. Needs to be updated to 0.5.0 manually

[viswanr]

For latest features support, please switch to Azure Storage JavaScript SDK V10.

Which service(blob, file, queue, table) does this issue concern?

Which version of the SDK was used?

What's the Node.js/Browser version?

What problem was encountered?

Steps to reproduce the issue?

Have you found a mitigation/solution?

[burtonbullet31]

I'm seeing this same thing with botbuilder-azure 4.19.3 using the current azure-storage as its dependency

Locally, Node 18. Server is running Node 16. The problem is xml2js for this package is set to 0.2.8 and causes security red flags with GitHub dependabot and our security team. The workaround is to manually update package-lock.json. I guess the best question to ask is if #736 can be merged to resolve this?