build(deps): bump xml2js and steamcommunity in /api

[dependabot]

Bumps xml2js to 0.6.2 and updates ancestor dependency steamcommunity. These dependencies need to be updated together.

Updates xml2js from 0.4.23 to 0.6.2

Commits

• See full diff in compare view

Updates steamcommunity from 3.46.1 to 3.48.2

Release notes

Sourced from steamcommunity's releases.

v3.48.2

• Fixed steamID property not being set when using cookies that have a domain attribute

Full Changelog: DoctorMcKay/node-steamcommunity@v3.48.1...v3.48.2

v3.48.1

• Fixed cookie issue caused by differing tokens across different Steam domains

Full Changelog: DoctorMcKay/node-steamcommunity@v3.48.0...v3.48.1

v3.48.0

• BREAKING STEAM CHANGE Mobile confirmation is now required to create a Web API key
  • It is now required to have a Steam Guard Mobile Authenticator in order to create a Web API key
  • getWebApiKey() no longer attempts to register an API key if your account doesn't yet have one
  • getWebApiKey() still works for retrieving your account's existing API key
  • createWebApiKey() has been added to handle creating a new Web API key   Full Changelog: DoctorMcKay/node-steamcommunity@v3.47.1...v3.48.0

Ramifications of This Change

• You now need to enable mobile 2FA to create a Web API key
• You can disable mobile 2FA after your key has been created, and it will keep working
• getWebApiKey() works as before if your account already has a key created, but does not attempt to register a key if you don't yet have one
• If you have a script that prepares new accounts for use (e.g. enables 2FA, sets up profile), then you should call createWebApiKey() as part of that script, after enabling 2FA.
• Any code which consumes getWebApiKey() will work as before, provided you create your API key before attempting to call it

v3.47.1

• Fixed SteamCommunity.login() method by having it internally use steam-session
  • BREAKING: Node.js 12.22.0 or later is required to use SteamCommunity.login() (4.0.0 is still working for the rest of the package)
  • BREAKING: You cannot use SteamCommunity.login() if you are also passing a custom request instance in to the SteamCommunity constructor due to incompatibility
  • BREAKING: You will no longer get a steamguard value when using SteamCommunity.login()

"It's not my fault there's a breaking change in a patch release if Valve already did the breaking!"℠   Full Changelog: DoctorMcKay/node-steamcommunity@v3.47.0...v3.47.1

v3.47.0

• Added user/workshop/curator follow & unfollow support (by @​3urobeat in DoctorMcKay/node-steamcommunity#320)
• Re-enabled primaryGroup profile setting (by @​3urobeat in DoctorMcKay/node-steamcommunity#307)
• Fixed currencies not being properly returned by getUserInventory (by @​fjexe in DoctorMcKay/node-steamcommunity#301)
• Updated vulnerable xml2js dependency

Full Changelog: DoctorMcKay/node-steamcommunity@v3.46.1...v3.47.0

Commits

• ba6e29c 3.48.2
• de95e25 Fixed steamID not being properly set when cookies have a domain attribute
• e1820ef 3.48.1
• 7cee241 Fixed login issue caused by differing tokens on different domains
• 90eb4d3 3.48.0
• b58745c Added createWebApiKey method
• 5315404 Use updated AddAuthenticator parameters
• 6c77c52 Updated enable and disable_twofactor examples to not use steam-session
• 7c564c1 3.47.1
• b854d6d Use custom user agent for logins
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.