Security Issues on Dependency xmldom 0.7.5 #111
Comments
mlynch
added
bug
mlynch
added a commit
that referenced
this issue
Oct 14, 2022
|
Reverted the change for now as it broke their API. Will need to investigate later https://github.com/ionic-team/trapeze/actions/runs/3250541946/jobs/5334353927 |
@mlynch |
|
Not sure what's going on but they seem to be retracting their CVE https://www.tenable.com/cve/CVE-2022-37616
|
|
Closing as invalid per discussion here xmldom/xmldom#436 |
|
@mlynch The dispute was reported, however the vulnerability was later reconfirmed as discussed in the same thread you shared: xmldom/xmldom#436 This is still an issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm using this version on my ionic project:
"@trapezedev/configure": "3.0.6",
This has installed a dependency for xmldom 0.7.5, this version requires an updated to fix a security issue listed below
https://www.tenable.com/cve/CVE-2022-37616
Is required to upgrade to version 0.8.3
When could you schedule this upgrade on your package's dependency?
The text was updated successfully, but these errors were encountered: