Closed renovate[bot] closed 1 year ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Updated |
---|---|---|---|
ink | ✅ Ready (Inspect) | Visit Preview | Nov 1, 2022 at 10:27PM (UTC) |
lota-website | ✅ Ready (Inspect) | Visit Preview | Nov 1, 2022 at 10:27PM (UTC) |
This PR contains the following updates:
0.7.5
->0.7.7
GitHub Vulnerability Alerts
CVE-2022-39353
Impact
xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the
childNodes
collection of theDocument
, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to https://nvd.nist.gov/vuln/detail/CVE-2022-39299 and is a potential issue for dependents.Patches
Update to
@xmldom/xmldom@~0.7.7
,@xmldom/xmldom@~0.8.4
(dist-taglatest
) or@xmldom/xmldom@>=0.9.0-beta.4
(dist-tagnext
).Workarounds
One of the following approaches might help, depending on your use case:
documentElement
.childNode
.References
For more information
If you have any questions or comments about this advisory:
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.