search

elixir-soap / soap

SOAP client for Elixir programming language
MIT License
135 stars 75 forks source link

Support sweet_xml 0.7 #101

Closed 23Skidoo closed 1 year ago

23Skidoo commented 2 years ago

sweet_xml 0.7 was released in July 2021. There are already some libraries like ex_aws that specify sweet_xml ~> 0.7 in their dependencies, which results in an error when ex_aws and soap are used together.

eckmanca-caremore commented 2 years ago

This is an important change that needs to be done. There is a high vulnerability security flaw with older versions of sweet_xml. https://security.snyk.io/vuln/SNYK-HEX-SWEETXML-1088046. Even though SNYK says no fixed, it has been fixed with sweet_xml 7, see https://github.com/kbrw/sweet_xml/issues/71

eckmanca-caremore commented 2 years ago

FYI. Switching to use Hex instead of Github works for allowing the override to work. Change: {:soap, git: "https://github.com/potok-digital/soap", tag: "master"} to: {:soap, "~> 1.1.0"}

cgarvis commented 1 year ago

This shouldn't be an issue due to #97