Could you please release a version 1.2.3 with the lastest commit to NPM

auth0 / node-xml-encryption

W3C XML Encryption implementation for node.js (http://www.w3.org/TR/xmlenc-core/)

MIT License

37 stars 57 forks source link

Could you please release a version 1.2.3 with the lastest commit to NPM #82

Closed forty closed 3 years ago

forty commented 3 years ago

This fixes a vulnerability in the xmldom dependency. Thanks

jupenur commented 3 years ago

Just dropping in to say node-xml-encryption isn't affected. I discovered the original vulnerability and it only impacts fairly specific use-cases.

forty commented 3 years ago

Yes, that was my understanding as well, but npm audit will scream if you depend on a vulnerable package regardless of whether the vulnerability is actually impacting or not.

Looks like 1.2.3 has been released with the module update, closing :heavy_check_mark: