From c258b9d831224df0c5e755f18831f5eabd79cb31 Mon Sep 17 00:00:00 2001
From: avinash-bharti <avinash.b@browserstack.com>
Date: Fri, 17 Apr 2026 14:49:49 +0530
Subject: [PATCH] fix: add @xmldom/xmldom override to patch XML injection
 vulnerability (APS-18524)

Adds npm override for @xmldom/xmldom >=0.9.9 to fix GHSA-wh4c-j3r5-mjhp
(XML injection via unsafe CDATA serialization, CVSS 7.5).
The package is a transitive dev dependency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 4fa3ff7..b6eb993 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,7 @@
     "dotenv": "^16.0.0"
   },
   "overrides": {
-    "serialize-javascript": ">=7.0.3"
+    "serialize-javascript": ">=7.0.3",
+    "@xmldom/xmldom": ">=0.9.9"
   }
 }