New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch dependency from xmldom to @xmldom/xmldom #262
Comments
Thanks. Will do together with electron 23 rls. Would this work for you? |
Makes sense. Thanks! |
This is exactly what I was looking for! 👏 .. we have npm security checks to deploy our services and I was moving away from phantomJS and trying to implement this library and it is a blocker for me. Awesome you have this in your roadmap, Thanks! |
If you send a PR I can release a 3.6.1 by tomorrow |
I'm just confused that GitHub security does not inform me here. Or did o overlook it? |
Not as easy as i thought, because the added muhammara / hummus recipe depends on an old xmldom. |
I just had another look at the security warnings and i must have overlooked it, i got a warning a week ago which i was totally unaware of. Once again, thanks for reporting. |
Thanks so much for look into the update. I would have struggled to find that problem myself as I've never used the muhammara / hummus recipe component before |
the recipe component is new, as the libs did not update / evolve anymore. So i decided to integrate it. |
Still has a pending run, but overall all action steps worked. So, in the end this means it will take another day, because all the actions take a serious amount of time to finish. |
3.7.0 will be released today. sorry for the delay but every issue introduced a new one while fixing the other. |
thank you for your patience. there was another issue which needed to be resolved, which it is now, somehow. |
The recently published version 3.6.0 introduced a dependency on xmldom (v0.6.0). This package however was migrated from v0.7.0 to be published under @xmldom/xmldom
the reasons this had to be done explained here: xmldom/xmldom#271
xmldom has several security vulnerabilities that are only fixed in version published under @xmldom/xmldom so ideally the dependency would be switched to @xmldom/xmldom
The text was updated successfully, but these errors were encountered: