Closed dan-diaz closed 1 year ago
@dan-diaz Thanks for your report. Please upgrade to the latest release v2.8.6 with the security patch.
samlify master ❯ npm ls -a | grep @xmldom
│ ├── @xmldom/xmldom@0.8.3 deduped
├── @xmldom/xmldom@0.8.3
│ ├── @xmldom/xmldom@0.8.3 deduped
thank you for such a fast response!
samlify is being flagged because of its vulnerable dependency.
"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom " https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
is an upgrade available with the safer, newer xmldom version 0.8.3?