search

cappuccino / cappuccino

Web Application Framework in JavaScript and Objective-J
https://cappuccino.dev/
GNU Lesser General Public License v2.1
2.2k stars 333 forks source link

Using `xmldom` with critical security vulnerability #3049

Closed enquora closed 1 month ago

enquora commented 1 year ago

The node branch depends on xmldom version >- 0.7.5 This is outdated and all versions earlier than 0.7.7 are flagged during npm update as creating a critical security risk.

Latest version is is 0.8.6.

Note: this is for the published Objective-J runtime npm package rather than Cappuccino itself.

cappbot commented 1 year ago

Milestone: Someday. Label: #new. What's next? A reviewer should examine this issue.