search

freegroup / draw2d

Create Visio like drawings, diagrams or workflows with JavaScript and HTML5
https://freegroup.github.io/draw2d/#/examples
MIT License
734 stars 226 forks source link

npm audit report #225

Open j2l opened 1 year ago

j2l commented 1 year ago

Looks like it needs some version bump or a fix

# npm audit report

xmldom  *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
No fix available
node_modules/xmldom
  canvg-browser  *
  Depends on vulnerable versions of xmldom
  node_modules/canvg-browser
    draw2d  *
    Depends on vulnerable versions of canvg-browser
    node_modules/draw2d

3 vulnerabilities (2 low, 1 critical)

Some issues need review, and may require choosing
a different dependency.
Ttkrommendijk commented 1 year ago

I had the same warning, any idea on how serious this is?

j2l commented 1 year ago

I didn't get any reply so I wonder. No idea about the seriousness.