Dependency <xmldom> 0.6.0 has security vulnerability
be5invis opened this issue · comments
https://www.npmjs.com/advisories/1769
Impact
xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications.
Patches
Update to 0.7.0
(see issue #271 for the status of publishing the version to npm or join for Q&A/discussion #270 until it's resolved)
It doesn't really matter, as xmldom is not used for serialization in this project.
Also, xmldom 0.7.0 has not been published, so it's not actionable right now.
@xmldom/xmldom
0.7.1 has been published.
Okay, fixed in 7.1.1.