Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated xmldom package to new namespace for vuln remediation #1752

Merged
merged 1 commit into from
Mar 29, 2024

Conversation

chriswhite199
Copy link
Contributor

Output from npm audit from current master shows critical severity for xmldom library:

xmldom  *
Severity: critical
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom

As per the package github page (https://github.com/xmldom/xmldom), they changed the namespace to @xmldom/xmldom so this PR updates that dependency in package.json and usage of the package in the source.

Copy link
Collaborator

@mattnotmitt mattnotmitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@a3957273
Copy link
Member

Notes: xmldom/xmldom#271

@a3957273
Copy link
Member

Thanks for the improvement! :)

@a3957273 a3957273 merged commit 77b7d7e into gchq:master Mar 29, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants