Closed frytg closed 1 month ago
Is there a reason, why this package relies on auth0/xml-crypto#v1.4.1-auth0.2 for the xml-crypto package?
auth0/xml-crypto#v1.4.1-auth0.2
xml-crypto
This fork seems 219 commits behind yaronn/xml-crypto and uses 0.1.27 for xmldom, which seems affected by CVE-2021-21366.
yaronn/xml-crypto
0.1.27
xmldom
Possible Solution: Test and Use "xml-crypto": "^2.1.2" (mocha returns 139 tests complete (847 ms))
"xml-crypto": "^2.1.2"
139 tests complete (847 ms)
Is there a reason, why this package relies on
auth0/xml-crypto#v1.4.1-auth0.2for thexml-cryptopackage?This fork seems 219 commits behind
yaronn/xml-cryptoand uses0.1.27forxmldom, which seems affected by CVE-2021-21366.Possible Solution: Test and Use
"xml-crypto": "^2.1.2"(mocha returns139 tests complete (847 ms))