[Snyk] Security upgrade @xmldom/xmldom from 0.8.2 to 0.8.4 - Githubissues

PeculiarVentures / xml-core

xml-core is a set of classes that make it easier to work with XML within the browser and node.

MIT License

19 stars 11 forks source link

[Snyk] Security upgrade @xmldom/xmldom from 0.8.2 to 0.8.4 #29

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JS-XMLDOMXMLDOM-3092934	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @xmldom/xmldom

The new version differs by 21 commits.

27fec1f 0.8.4
a14687a docs: Prepare CHANGELOG for 0.8.4
7ff7c10 Merge pull request from GHSA-crh6-fp67-6883
c9df7a2 0.8.3
1c57b5e docs: Prepare CHANGELOG for 0.8.3
7c0d4b7 fix: Avoid iterating over prototype properties
a701915 chore(deps): update dependency eslint to v8.25.0 (#433)
2aef5ef chore(deps): update actions/setup-node action to v3 (#431)
0842586 chore(deps): update dependency eslint-plugin-prettier to v4.2.1 (#418)
8f1ee5e chore(deps): update dependency eslint to v8.24.0 (#430)
8a34f29 chore(deps): update dependency nodemon to v2.0.20 (#429)
ac8012f chore(deps): update dependency eslint to v8.23.1 (#419)
7efca8c chore(deps): update dependency nodemon to v2.0.19 (#420)
5eb649e chore(deps): update dependency eslint to v8.18.0 (#414)
dfe41f3 chore(deps): update dependency np to v7.6.2 (#415)
d9b9928 chore(deps): update dependency prettier to v2.7.1 (#413)
e5f58fe chore(deps): update dependency nodemon to v2.0.18 (#417)
45c8830 chore(deps): update dependency eslint to v8.17.0 (#408)
f6a821f chore(deps): update dependency nodemon to v2.0.16 (#405)
1d101d8 chore(deps): update dependency eslint to v8.14.0 (#400)
330d3b7 chore(deps): update dependency eslint to v8.13.0 (#399)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

coveralls commented 1 year ago

Coverage remained the same at 93.994% when pulling c589a894c85edfa8eb50ef3878e49bd430661dcb on snyk-fix-1388660d64496b818a10dc66bd424bbc into 13c397a91ec41671a0b2c869b502ed59e54fe657 on master.