Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(xmldom): removed unused xmldom dependency due to security concern #1357

Merged
merged 2 commits into from Nov 8, 2022
Merged

fix(xmldom): removed unused xmldom dependency due to security concern #1357

merged 2 commits into from Nov 8, 2022

Conversation

dvoegelin
Copy link
Collaborator

@dvoegelin dvoegelin commented Nov 1, 2022
edited

Description

Removed unused @xmldom dependency due to critical security flaw:
https://github.com/bullhorn/novo-elements/security/dependabot/60

Verify that...

  • Any related demos were added and npm start and npm run build still works
  • New demos work in Safari, Chrome and Firefox
  • npm run lint passes
  • npm test passes and code coverage is increased
  • npm run build still works

Bullhorn Internal Developers

  • Run Novo Automation
Screenshots

@dvoegelin dvoegelin self-assigned this Nov 1, 2022
@dvoegelin dvoegelin changed the base branch from master to next November 1, 2022 13:49
@github-actions
Copy link
Contributor

github-actions bot commented Nov 1, 2022
edited

Visit the preview URL for this PR (updated for commit 3ec7391):

https://novo-elements--pr1357-xmldom-update-78uidg01.web.app

(expires Thu, 10 Nov 2022 15:54:00 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: f1783e19c2444272095017dd8ba433fff0ee3f61

@bvkimball
Copy link
Contributor

Better, lets just remove it

@dvoegelin dvoegelin changed the title fix(xmldom): updated xmldom dependency to address security concern fix(xmldom): removed unused xmldom dependency due to security concern Nov 3, 2022
@bvkimball bvkimball self-requested a review November 8, 2022 18:55
@dvoegelin dvoegelin merged commit ace5a44 into next Nov 8, 2022
@dvoegelin dvoegelin deleted the xmldom-update branch November 8, 2022 19:27
@dvoegelin dvoegelin mentioned this pull request Nov 8, 2022
Merged
6 tasks
MichaelDill pushed a commit that referenced this pull request Nov 29, 2022
@dvoegelin @agkm10 @dependabot
feat(): next (#1360)
79e6d0a 
* feat(Field): adding data-auto-ids to the new novo-field elements (#1349)

* feat(Field): trying out a way to add data-auto-ids to the new novo-field elements

* adding/changing field auto ids

* using label instead of value

* feat(dateTimePicker): Added formatter for dateTimePicker (#1361)

* Added formatter for dateTimePicker

* Small fix

* exported date-time format

* Added military date-time picker

* Removed military time demo

* feat(QueryBuilder): adding isNull/isEmpty operators to query builder field definitions (#1358)

* feat(QueryBuilder): adding isEmpty operator to query builder field definitions

* fix: removing unused imports

* fix(): changing non-string isEmpty operatators to isNull

* fix(xmldom): removed unused xmldom dependency due to security concern (#1357)

* fix(xmldom): updated xmldom dependency to address security concern

* removing xmldom altogether since it is unused

* chore(deps): bump loader-utils from 1.4.0 to 1.4.1 (#1362)

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.1/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump loader-utils from 1.4.1 to 1.4.2 (#1366)

chore(deps): bump loader-utils from 1.4.0 to 1.4.2

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Voegelin <dvoegelin@bullhorn.com>

* fix(NovoDataTableSortButton): fixing ng14 warning caused by animating pointer-events (#1368)

* feat(date-time-condition): Added default date-time condition definition (#1364)

* Added date time picker to query builder

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Kurt McGallion <kurt.mcgallion@bullhorn.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bvkimball bvkimball bvkimball approved these changes

@monroepe monroepe monroepe approved these changes

Assignees

@dvoegelin dvoegelin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dvoegelin @bvkimball @monroepe