search

tngan / samlify

Node.js library for SAML SSO
https://samlify.js.org
MIT License
601 stars 214 forks source link

vulnerable dependency @xmldom/xmldom #492

Closed dan-diaz closed 1 year ago

dan-diaz commented 1 year ago

samlify is being flagged because of its vulnerable dependency.

"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom " https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj

is an upgrade available with the safer, newer xmldom version 0.8.3?

tngan commented 1 year ago

@dan-diaz Thanks for your report. Please upgrade to the latest release v2.8.6 with the security patch.

samlify master ❯ npm ls -a | grep @xmldom  
│ ├── @xmldom/xmldom@0.8.3 deduped
├── @xmldom/xmldom@0.8.3
│ ├── @xmldom/xmldom@0.8.3 deduped
dan-diaz commented 1 year ago

thank you for such a fast response!