[BUG]: Installation raises vulnerability warning flags for xmldom and jxon - no fix available? #446
Description
Issue description
I'm a JavaScript NOOOB. Python hacking and application expert, but JavaScript-severly-challenged !!
I want to try out jsoncrack for its cool visualization and data conversion capabilities.
Has anyone created a python wrapper for it yet? That would it more accessible to many more people.
############################################################################
When I ran the installer I got the following errors. I am not sure what are good 100% compatible replacements for xmldom and jxon.
Any suggestions? I will need explicit instructions to do the replacements. I will consult with Copolit also.
(ThePhysicsHub) C:\Users\PowerUser\Documents\Github_RSL_Utils\JsonCrack>npm install
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated coverup@0.1.1: No longer maintained
npm warn deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm warn deprecated xmldom@0.1.31: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm warn deprecated react-use-gesture@8.0.1: This package is no longer maintained. Please use @use-gesture/react instead
npm warn deprecated json-schema-ref-parser@6.1.0: Please switch to @apidevtools/json-schema-ref-parser
npm warn deprecated eslint@8.56.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
added 671 packages, and audited 672 packages in 2m
166 packages are looking for funding
run npm fund for details
2 vulnerabilities (1 moderate, 1 critical)
Some issues need review, and may require choosing
a different dependency.
Run npm audit for details.
######################################################
Then I ran "npm audit" as suggested, which gave me the following messages.
npm audit --audit-level info
npm audit report
xmldom *
Severity: critical
Misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom
jxon *
Depends on vulnerable versions of xmldom
node_modules/jxon
2 vulnerabilities (1 moderate, 1 critical)
Some issues need review, and may require choosing a different dependency.
Operating system
- OS: [e.g. iOS]: Windows 10 Professional
installed nodejs and jsoncrack in conda environment to isolate it from the rest of my Windows runtime environment.
- Browser [e.g. chrome, safari]:
FireFox, Edge, and Chrome
Priority this issue should have
High