Update xml-crypto dependency to solve npm audit issue 1769

Question

Update xml-crypto dependency to solve npm audit issue 1769

RopoMen opened this issue 3 years ago · 1 comments

Hi,
Latest xml-crypto:2.1.3 package contains @xmldom/xmldom:0.7.0 that will fix advisory id 1769.

https://www.npmjs.com/package/xml-crypto

Answer 1 · 2021-10-04T09:38:29.000Z

This is now resolved. We've released a new version of the node-saml dependency to update the xml-crypto subdependency: auth0/node-saml#77. The node-samlp package directly depends on xml-crypto@^2.0.0 which will allow picking up 2.1.3 (you may need to do a fresh re-install of node-samlp or clear your lockfile to pick this up).

Thanks for raising the issue!