Misinterpretation of malicious XML input error

[kpotter-m2]

npm audit reveals the following error:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Misinterpretation of malicious XML input                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ xmldom                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.5.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ lighthouse [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ lighthouse > jsonld > xmldom                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1650                            |
└───────────────┴──────────────────────────────────────────────────────────────┘

Any advice to fix is appreciated.

[kpotter-m2]

linked to this issue: https://github.com/GoogleChrome/lighthouse/issues/12244. closing

[davidlehn]

I'll comment in that other issue. Was this issue filed due to that warning from a lighthouse install? We can do dependency updates for older major jsonld.js releases if they are really needed. But in this case I think there was a particular reason xmldom wasn't updated (for a long time). The details escape me at the moment. Splitting off jsonld-rdfa and a core refactoring to allow a better documentloader that handles JSON-LD 1.1 HTML support better is the way forward.