This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
@expo/plist latest version 0.0.18 is dependent on a potential security vulnerable version of xmldom #4569
Labels
Comments
chiragsoni81245
added
the
needs review
|
|
EvanBacon
added
🧹 chore
help wanted
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
@expo/plistversion0.0.18package which is by default being used inexpo-cliis dependent on a potential security-vulnerable version ofxmldomwhich is"@xmldom/xmldom" "~0.7.0"Environment
expo-env-info 1.0.5 environment info:
System:
OS: Windows 10 10.0.25217
Binaries:
Node: 16.13.2 - C:\Program Files\nodejs\node.EXE
Yarn: 1.22.19 - C:\Program Files\nodejs\yarn.CMD
npm: 8.19.1 - C:\Program Files\nodejs\npm.CMD
IDEs:
Android Studio: AI-212.5712.43.2112.8609683
npmPackages:
expo: ~45.0.0 => 45.0.6
react: 17.0.2 => 17.0.2
react-dom: 17.0.2 => 17.0.2
react-native: 0.68.2 => 0.68.2
react-native-web: 0.17.7 => 0.17.7
Expo Workflow: managed
Please specify your device/emulator/simulator platform, model and version
Android 10
Error output
No response
Reproducible demo or steps to reproduce from a blank project
We got a notification from GitHub that one of the packages which is
"@xmldom/xmldom" "~0.7.0"we are using is potentially vulnerable so as we checked its being used via@expo/plisthere is a patched version of@xmldom/xmldom@^0.8.3please update dependencies for@expo/plistThe text was updated successfully, but these errors were encountered: