auth0 / node-samlp

SAML Protocol support for node (only IdP for now)
MIT License
136 stars 117 forks source link

Update xml-crypto dependency to solve npm audit issue 1769 #124

Closed RopoMen closed 3 years ago

RopoMen commented 3 years ago

Hi, Latest xml-crypto:2.1.3 package contains @xmldom/xmldom:0.7.0 that will fix advisory id 1769.

https://www.npmjs.com/package/xml-crypto

CharlesRea commented 3 years ago

Hi @RopoMen,

This is now resolved. We've released a new version of the node-saml dependency to update the xml-crypto subdependency: https://github.com/auth0/node-saml/pull/77. The node-samlp package directly depends on xml-crypto@^2.0.0 which will allow picking up 2.1.3 (you may need to do a fresh re-install of node-samlp or clear your lockfile to pick this up).

Thanks for raising the issue!