simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). References https://nvd.nist.gov/vuln/detail/CVE-2022-26260 https://github.com/wollardj/simple-plist/issues/60 https://github.com/advisories/GHSA-gff7-g5r8-mg8m