You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(last version of "jsonld" is "version": "5.2.1-0")
xmldom <0.5.0
Misinterpretation of malicious XML input - https://npmjs.com/advisories/1650
No fix available
node_modules/jsonld/node_modules/xmldom
node_modules/rdflib/node_modules/xmldom
jsonld 0.0.59 - 3.3.2
Depends on vulnerable versions of xmldom
node_modules/jsonld
rdflib >=0.2.1
Depends on vulnerable versions of jsonld
Depends on vulnerable versions of xmldom
node_modules/rdflib
@ldflex/rdflib *
Depends on vulnerable versions of rdflib
node_modules/@ldflex/rdflib
The text was updated successfully, but these errors were encountered:
I'm not sure if I'm reading this "stacktrace" properly, but at least some part of it is beause of the xmldom dependency of this project.
And there is actually a fix avaliable: switching to the new scoped package name @xmldom/xmldom which the maintainers were forced to use since 0.7.0 (which fixes the mentioned vulnerability.
I'm one of the maintainers and I'm going to provide a PR for that upgrade.
hi, my last npm update show me a dependency vulnerability on jsonld
"@ldflex/rdflib": "^1.0.0",
"@solid/query-ldflex": "^2.11.3",
(last version of "jsonld" is "version": "5.2.1-0")
The text was updated successfully, but these errors were encountered: