Bug: xmldom Security risk, depreciated,

Question

Bug: xmldom Security risk, depreciated,

Closed this issue a year ago · 2 comments

# npm audit report
xmldom  *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
No fix available
node_modules/xmldom
  @mapcomponents/react-maplibre  *
  Depends on vulnerable versions of xmldom
  node_modules/@mapcomponents/react-maplibre

2 vulnerabilities (1 moderate, 1 critical)

xmldom is a deprecated, having been repalced by @xmldom/xmldom

See https://www.npmjs.com/package/@xmldom/xmldom

Answer 1 · 2023-08-22T18:19:37.000Z

Thanks, we will look into this.

Answer 2 · 2023-09-01T12:37:49.000Z

PR #130 solves this issue and is merged now.
With the next release the xmldom dependency will be gone.