Apply override to xml2js for chai-xml

cucumber / cucumber-js

Cucumber for JavaScript

https://cucumber.io

MIT License

5.04k stars 1.09k forks source link

Apply override to xml2js for chai-xml #2275

Closed michael-lloyd-morris closed 1 year ago

michael-lloyd-morris commented 1 year ago

🤔 What's changed?

Security vulnerability found in xml2js

⚡️ What's your motivation?

Security bugfix.

🏷️ What kind of change is this?

:bug: Bug fix (non-breaking change which fixes a defect)

📋 Checklist:

[x] I agree to respect and uphold the Cucumber Community Code of Conduct

This text was originally generated from a template, then edited by hand. You can modify the template here.

coveralls commented 1 year ago

Coverage: 98.489%. Remained the same when pulling 0db6410bc97d98f8ec5d1eb033e5130b1087af73 on michael-lloyd-morris:fixSecurity into 764b7b6be4ccaa235954acb6424fb9725df6a643 on cucumber:main.

michael-lloyd-morris commented 1 year ago

chai-xml will be applying this change themselves on next patch version, so shall we wait on that or push this out? Since cucumber is typically a dev-dependency it isn't likely urgent

https://github.com/krampstudio/chai-xml/issues/18

davidjgoss commented 1 year ago

Looks to have been released now https://github.com/krampstudio/chai-xml/releases/tag/0.4.1

michael-lloyd-morris commented 1 year ago

I have removed the override then uninstalled and reinstalled chai-xml to get npm to recalculate the version number in the package.json file, so this should be good to go provided nothing breaks.