Replace xmldom with @xmldom/xmldom to fix critical vulnerability #1710
Comments
sbourouis
added a commit
to sbourouis/canvg
that referenced
this issue
Aug 31, 2023
|
I have completed the changes in #1711 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Would you like to work on this feature?
What problem are you trying to solve?
There is a critical vulnerability in the xmldom package (See GHSA-crh6-fp67-6883)
And the xmldom package won't be updated (see xmldom/xmldom#271), only @xmldom/xmldom is maintained so for future security patches, it would also be better to use @xmldom/xmldom
Describe the solution you'd like
Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next).
A PR is currently opened here #1698 but it seems like no one took a look at it and a lot of tests are failing. I have completed the changes in #1711
Describe alternatives you've considered
No response
Documentation, Adoption, Migration Strategy
No response
The text was updated successfully, but these errors were encountered: