Open tyrasd opened 1 year ago
Is there any chance this PR gets merged soon? 🙏
@kachkaev or @tahini any updates here? anything I could help with to get this merged?
@tyrasd Any chance this could be merged and deployed to NPM anytime soon? It would be great to resolve this vulnerability
I opened a new more recent PR to fix this issue (#146). We are trying to get rid of the critical security issues in our project and that would be really helpful
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=@xmldom/xmldom&from_version=0.8.3&to_version=0.8.4&pr_id=466f00f9-5c94-4c63-ac5b-bb9f26152a05&visibility=true&has_feature_flag=false) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **823/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 | Improper Input Validation
[SNYK-JS-XMLDOMXMLDOM-3092934](https://snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3092934) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @xmldom/xmldom
The new version differs by 3 commits.