Update xmldom to 0.7.2

The package is now scoped under @xmldom. See xmldom/xmldom#278 This fixes security vulnerability CVE-2021-32796. Also update xml-crypto and xml-encryption which depends on xmldom.
node-saml · Aug 25, 2021 · dde4b72 · dde4b72
1 parent a3174b4
commit dde4b72
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 25 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,13 +50,13 @@
     "watch": "concurrently --kill-others \"npm:*-watch\""
   },
   "dependencies": {
+    "@xmldom/xmldom": "^0.7.2",
     "debug": "^4.3.1",
     "passport-strategy": "^1.0.0",
-    "xml-crypto": "^2.1.2",
-    "xml-encryption": "^1.2.4",
+    "xml-crypto": "^2.1.3",
+    "xml-encryption": "^1.3.0",
     "xml2js": "^0.4.23",
-    "xmlbuilder": "^15.1.1",
-    "xmldom": "^0.6.0"
+    "xmlbuilder": "^15.1.1"
   },
   "devDependencies": {
     "@types/debug": "^4.1.5",
@@ -68,7 +68,6 @@
     "@types/xml-crypto": "^1.4.1",
     "@types/xml-encryption": "^1.2.0",
     "@types/xml2js": "^0.4.8",
-    "@types/xmldom": "^0.1.30",
     "@typescript-eslint/eslint-plugin": "^4.23.0",
     "@typescript-eslint/parser": "^4.23.0",
     "body-parser": "^1.19.0",

diff --git a/src/node-saml/xml.ts b/src/node-saml/xml.ts
@@ -1,7 +1,7 @@
 import * as util from "util";
 import * as xmlCrypto from "xml-crypto";
 import * as xmlenc from "xml-encryption";
-import * as xmldom from "xmldom";
+import * as xmldom from "@xmldom/xmldom";
 import * as xml2js from "xml2js";
 import * as xmlbuilder from "xmlbuilder";
 import { isValidSamlSigningOptions, SamlSigningOptions } from "./types";