search

mapcomponents / react-map-components-maplibre

A react component framework for declarative GIS application development.
MIT License
116 stars 18 forks source link

Bug: xmldom Security risk, depreciated, #126

Closed dBitech closed 1 year ago

dBitech commented 1 year ago 
# npm audit report
xmldom  *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
No fix available
node_modules/xmldom
  @mapcomponents/react-maplibre  *
  Depends on vulnerable versions of xmldom
  node_modules/@mapcomponents/react-maplibre

2 vulnerabilities (1 moderate, 1 critical)

xmldom is a deprecated, having been repalced by @xmldom/xmldom

See https://www.npmjs.com/package/@xmldom/xmldom

cioddi commented 1 year ago

Thanks, we will look into this.

cioddi commented 1 year ago

PR #130 solves this issue and is merged now. With the next release the xmldom dependency will be gone.