Pin to specific `xmldom` commit

Question

Pin to specific `xmldom` commit

azasypkin opened this issue 7 years ago · 2 comments

Currently node-samlp has the following dependency:

"xmldom": "https://github.com/auth0/xmldom/tarball/master",

It doesn't look good to not pin to a specific commit. Today auth0/xmldom merged a commit and obviously https://github.com/auth0/xmldom/tarball/master points to a new code now without any change in node-samlp version (+ yarn/npm lock files aren't happy either).

Answer 1 · 2018-02-21T22:45:11.000Z

Hi @azasypkin. Sorry for any issues that this caused you.

We've published a new version (3.3.3) that has xmldom commit pinned to a release tag. https://github.com/auth0/node-samlp/releases/tag/v3.3.3

Answer 2 · 2018-02-23T17:10:09.000Z

Closing this issue as the change has been made.