Closed andrewspinks closed 3 years ago
gkatsev
commented
3 years ago It's worth noting that xmldom isn't used by mpd-parser in the built files that run on a webpage. It's only used by mpd-parser if you use it via the CLI or via node.js directly.
dj-documentation
commented
3 years ago videojs/video.js#7389
dj-documentation
commented
3 years ago Leaving video.js and mpd-parser unpatched trains users to ignore npm audit, yarn audit, and GitHub warnings.
dj-documentation
commented
3 years ago xmldom is now @xmldom/xmldom
npm is reporting a security vulnerability in a xmldom which is causing npm audit to fail for users of video.js and mpd-parser. https://www.npmjs.com/advisories/1769
Unfortunately, a fix has not yet been published, so I cannot open a PR to address this yet. https://github.com/xmldom/xmldom/issues/271