Is there a reason, why this package relies on auth0/xml-crypto#v1.4.1-auth0.2 for the xml-crypto package?

This fork seems 219 commits behind yaronn/xml-crypto and uses 0.1.27 for xmldom, which seems affected by CVE-2021-21366.

Possible Solution: Test and Use "xml-crypto": "^2.1.2" (mocha returns 139 tests complete (847 ms))