Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Bump xmldom to 0.8.0 #660

Merged
merged 2 commits into from Feb 20, 2022
Merged

chore: Bump xmldom to 0.8.0 #660

merged 2 commits into from Feb 20, 2022

Commits on Dec 25, 2021

  1. chore: Bump xmldom to 0.8.0 

    Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0:
GHSA-5fg8-2547-mr8q

The reason is that the maintainers were forced to switch to a scoped package since 0.7.0:
 xmldom/xmldom#271

No matter what version of node I used to try and run the normal `npm install`, I always received a warning about either old package lock file format or newer lock file version format.
So to avoid to many unrelated changes, I disabled the `postinstall` step locally and installed the root level using node v12 and the `mbTest` folder using node v16.
- When running the `npm run test` on the root level using node v12, there is a single failing test, but running them with node v16 works.So let's see what happens on CircleCI.

I'm happy to fix any regression we introduced, I just need help to understand how exactly the xmldom upgrade influences the failing test.

I'm one of the xmldom maintainers. Don't hesitate to ask me questions.
    @karfau
    karfau committed Dec 25, 2021
    Configuration menu
    Copy the full SHA
    91b8e2e View commit details
    Browse the repository at this point in the history

Commits on Feb 20, 2022

  1. Merge branch 'master' into upgrade-xmldom

    @bbyars
    bbyars committed Feb 20, 2022
    Configuration menu
    Copy the full SHA
    3c4fe06 View commit details
    Browse the repository at this point in the history