From ce982b1f05d4288aaf870f3a22608be8e92ed2a0 Mon Sep 17 00:00:00 2001 From: Christian Bewernitz Date: Mon, 27 Dec 2021 06:53:26 +0100 Subject: [PATCH] Update dependency xmldom Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q The reason is that the maintainers were forced to switch to a scoped package since 0.7.0: https://github.com/xmldom/xmldom/issues/271 - I used node 12 to run `npm install`. - I executed `npm run test` on my machine, but it failed because of some missing file: ``` [...] > seriate@4.0.0 test:only /run/media/karfau/hdd-data/dev/seriate > NODE_ENV=test mocha --exit -r spec/init -R spec 'spec/**/*.spec.js' Browserslist: caniuse-lite is outdated. Please run: npx browserslist@latest --update-db Why you should do it regularly: https://github.com/browserslist/browserslist#browsers-data-updating Error: Cannot find module './local-config.json' Require stack: - /run/media/karfau/hdd-data/dev/seriate/spec/integration/one-connection.spec.js [...] ``` - I executed `npm run test:ci` onmy machine without failure I'm one of the xmldom maintainers. Don't hesitate to ask me questions. --- package-lock.json | 10 +++++----- package.json | 4 ++-- src/asTable.js | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 353d308..f5a7821 100644 --- a/package-lock.json +++ b/package-lock.json @@ -910,6 +910,11 @@ "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", "dev": true }, + "@xmldom/xmldom": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.0.tgz", + "integrity": "sha512-7wVnF+rKrVDEo1xjzkkidTG0grclaVnX0vKa0z9JSXcEdtftUJjvU33jLGg6SHyvs3eeqEsI7jZ6NxYfRypEEg==" + }, "abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -5005,11 +5010,6 @@ "integrity": "sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==", "dev": true }, - "xmldom": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz", - "integrity": "sha512-iAcin401y58LckRZ0TkI4k0VSM1Qg0KGSc3i8rU+xrxe19A/BN1zHyVSJY7uoutVlaTSzYyk/v5AmkewAP7jtg==" - }, "y18n": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", diff --git a/package.json b/package.json index a1c0c16..bb2f454 100644 --- a/package.json +++ b/package.json @@ -51,13 +51,13 @@ } ], "dependencies": { + "@xmldom/xmldom": "^0.8.0", "callsite": "^1.0.0", "debug": "^4.3.1", "lodash": "^4.17.21", "machina": "^4.0.2", "mssql": "~2.3.2", - "tedious": "~1.13.2", - "xmldom": "^0.6.0" + "tedious": "~1.13.2" }, "devDependencies": { "chai": "^4.3.4", diff --git a/src/asTable.js b/src/asTable.js index b773aaa..1ae58f2 100644 --- a/src/asTable.js +++ b/src/asTable.js @@ -1,6 +1,6 @@ const _ = require( "lodash" ); const sql = require( "mssql" ); -const xmldom = require( "xmldom" ); +const xmldom = require( "@xmldom/xmldom" ); const domImplementation = new xmldom.DOMImplementation(); const xmlSerializer = new xmldom.XMLSerializer(); const buildTableVariableSql = require( "./build-table-variable-sql" );