Update dependency xmldom

Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0: GHSA-5fg8-2547-mr8q The reason is that the maintainers were forced to switch to a scoped package since 0.7.0: xmldom/xmldom#271 - I used node 12 to run `npm install`. - I executed `npm run test` on my machine without failure - I tried to run `npm run prepublishOnly` but it failed in `make test` with one test timing out. After running `make force-install-libs` it fails in the step `make dist` (Makefile line 39), but from the error message it doesn't look like it's an issue related to this PR - This makes phihag#35 obsolete I'm one of the xmldom maintainers. Don't hesitate to ask me questions. https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md
betterup · Aug 16, 2023 · 23b9bdc · 23b9bdc
1 parent b7b282c
commit 23b9bdc
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,7 +14,7 @@
     "prepublishOnly": "make clean_dist && make lint && make test && make dist"
   },
   "dependencies": {
-    "xmldom": "*",
+    "@xmldom/xmldom": "*",
     "text-encoding": "*",
     "pako": "*"
   },

diff --git a/pdfform.js b/pdfform.js
@@ -2,8 +2,8 @@
 
 if (typeof window == 'undefined') {
 	// node.js, load compat libraries
-	var DOMParser = require('xmldom').DOMParser;
-	var XMLSerializer = require('xmldom').XMLSerializer;
+	var DOMParser = require('@xmldom/xmldom').DOMParser;
+	var XMLSerializer = require('@xmldom/xmldom').XMLSerializer;
 	var text_encoding = require('text-encoding');
 	var TextEncoder = text_encoding.TextEncoder;
 	var TextDecoder = text_encoding.TextDecoder;
@@ -558,4 +558,4 @@ pdfform.transform = function(buf, fields) {return pdfform().transform(buf, field
 
 if (typeof module != 'undefined') {
 	module.exports = pdfform;
-}
+}