qiaozha
commented
2 years ago close this issue as PR merged. @WilliamRADFunk feel free to let me know if you still find issues. Thanks
Closed WilliamRADFunk closed 2 years ago
qiaozha
commented
2 years ago close this issue as PR merged. @WilliamRADFunk feel free to let me know if you still find issues. Thanks
I'm with the Azure Portal team.
We have a S360 code security bug in relation to a dependency (xmldom) that is being referenced by adal-node (prior to 0.2.x), which in turn is being referenced by ms-rest-azure (latest adal-node version reference is ^0.1.28). The bug wants the version of xmldom to be upgraded from 0.6.0 to 0.7.0, but the problem is that xmldom transitioned from xmldom to @xmldom/xmldom prior to versioning up from 0.6.0. Since adal-node referenced the old way "xmldom" (pre 0.2.x), it's not getting the "@xmldom/xmldom" version. They are now referencing it properly in 0.2.2.
Ultimately, we need the "adal-node": "^0.1.28" to be changed to something like so "adal-node": "^0.2.2" in ms-rest-azure's package.json dependencies list.