Switch dependency from xmldom to @xmldom/xmldom #262
Comments
|
Thanks. Will do together with electron 23 rls. Would this work for you? |
|
Makes sense. Thanks! |
|
This is exactly what I was looking for! 👏 .. we have npm security checks to deploy our services and I was moving away from phantomJS and trying to implement this library and it is a blocker for me. Awesome you have this in your roadmap, Thanks! |
|
If you send a PR I can release a 3.6.1 by tomorrow |
|
I'm just confused that GitHub security does not inform me here. Or did o overlook it? |
|
Not sure why Github is not informing the issue, I agree.. |
|
Not as easy as i thought, because the added muhammara / hummus recipe depends on an old xmldom. |
|
I just had another look at the security warnings and i must have overlooked it, i got a warning a week ago which i was totally unaware of. Once again, thanks for reporting. |
Thanks so much for look into the update. I would have struggled to find that problem myself as I've never used the muhammara / hummus recipe component before |
|
the recipe component is new, as the libs did not update / evolve anymore. So i decided to integrate it. |
|
Still has a pending run, but overall all action steps worked. So, in the end this means it will take another day, because all the actions take a serious amount of time to finish. |
|
3.7.0 will be released today. sorry for the delay but every issue introduced a new one while fixing the other. |
|
thank you for your patience. there was another issue which needed to be resolved, which it is now, somehow. |
The recently published version 3.6.0 introduced a dependency on xmldom (v0.6.0). This package however was migrated from v0.7.0 to be published under @xmldom/xmldom
the reasons this had to be done explained here: xmldom/xmldom#271
xmldom has several security vulnerabilities that are only fixed in version published under @xmldom/xmldom so ideally the dependency would be switched to @xmldom/xmldom
The text was updated successfully, but these errors were encountered: