Skip to content

Commit

Permalink
chore: Bump xmldom to 0.8.0
Browse files Browse the repository at this point in the history 
Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0:
GHSA-5fg8-2547-mr8q

The reason is that the maintainers were forced to switch to a scoped package since 0.7.0:
 xmldom/xmldom#271

No matter what version of node I used to try and run the normal `npm install`, I always received a warning about either old package lock file format or newer lock file version format.
So to avoid to many unrelated changes, I disabled the `postinstall` step locally and installed the root level using node v12 and the `mbTest` folder using node v16.
- When running the `npm run test` on the root level using node v12, there is a single failing test, but running them with node v16 works.So let's see what happens on CircleCI.

I'm happy to fix any regression we introduced, I just need help to understand how exactly the xmldom upgrade influences the failing test.

I'm one of the xmldom maintainers. Don't hesitate to ask me questions.
  • Loading branch information
@karfau
karfau committed Dec 25, 2021
1 parent 7bc7fd5 commit 91b8e2e
Show file tree
Hide file tree
Showing 6 changed files with 26 additions and 39 deletions.
47 changes: 17 additions & 30 deletions mbTest/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion mbTest/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
"airplane": "MB_AIRPLANE_MODE=true npm test"
},
"dependencies": {
"@xmldom/xmldom": "0.8.0",
"express": "4.17.1",
"fs-extra": "10.0.0",
"hpagent": "0.1.1",
Expand All @@ -34,7 +35,6 @@
"nodemailer": "6.6.3",
"safe-stable-stringify": "1.1.1",
"w3cjs": "0.4.0",
"xmldom": "0.6.0",
"xpath": "0.0.32"
},
"engines": {
Expand Down
2 changes: 1 addition & 1 deletion mbTest/web/feedTest.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const assert = require('assert'),
api = require('../api').create(),
httpClient = require('../baseHttpClient').create('http'),
xpath = require('xpath'),
DOMParser = require('xmldom').DOMParser,
DOMParser = require('@xmldom/xmldom').DOMParser,
timeout = parseInt(process.env.MB_SLOW_TEST_TIMEOUT || 3000);

function entryCount (body) {
Expand Down
10 changes: 5 additions & 5 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
"service virtualization"
],
"dependencies": {
"@xmldom/xmldom": "0.8.0",
"cors": "2.8.5",
"csv-parse": "4.16.3",
"ejs": "3.1.6",
Expand All @@ -71,7 +72,6 @@
"safe-stable-stringify": "1.1.1",
"smtp-server": "3.9.0",
"winston": "3.3.3",
"xmldom": "0.6.0",
"xpath": "0.0.32",
"yargs": "17.1.1"
},
Expand Down
2 changes: 1 addition & 1 deletion src/models/xpath.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ function nodeValue (node) {
*/
function select (selector, ns, possibleXML, logger) {
const xpath = require('xpath'),
DOMParser = require('xmldom').DOMParser,
DOMParser = require('@xmldom/xmldom').DOMParser,
parser = new DOMParser({
errorHandler: (level, message) => {
const warn = (logger || {}).warn || (() => {});
Expand Down

0 comments on commit 91b8e2e

Please sign in to comment.