Update xmldom to 0.7.2

The package is now scoped under @xmldom. See xmldom/xmldom#278 This fixes security vulnerability CVE-2021-32796. Also update xml-crypto which depends on xmldom.
node-saml · Aug 24, 2021 · ca4435e · ca4435e
1 parent a3174b4
commit ca4435e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,13 +50,13 @@
     "watch": "concurrently --kill-others \"npm:*-watch\""
   },
   "dependencies": {
+    "@xmldom/xmldom": "^0.7.2",
     "debug": "^4.3.1",
     "passport-strategy": "^1.0.0",
-    "xml-crypto": "^2.1.2",
+    "xml-crypto": "^2.1.3",
     "xml-encryption": "^1.2.4",
     "xml2js": "^0.4.23",
-    "xmlbuilder": "^15.1.1",
-    "xmldom": "^0.6.0"
+    "xmlbuilder": "^15.1.1"
   },
   "devDependencies": {
     "@types/debug": "^4.1.5",

diff --git a/src/node-saml/xml.ts b/src/node-saml/xml.ts
@@ -1,7 +1,7 @@
 import * as util from "util";
 import * as xmlCrypto from "xml-crypto";
 import * as xmlenc from "xml-encryption";
-import * as xmldom from "xmldom";
+import * as xmldom from "@xmldom/xmldom";
 import * as xml2js from "xml2js";
 import * as xmlbuilder from "xmlbuilder";
 import { isValidSamlSigningOptions, SamlSigningOptions } from "./types";