From a1c1ca21c1be9848484597833801677d1f12a117 Mon Sep 17 00:00:00 2001 From: Mark Fulton Date: Wed, 19 Oct 2022 17:44:01 +0000 Subject: [PATCH] [plist] Update xmldom for security reasons MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom · CVE-2022-37616 · GitHub Advisory Database](https://github.com/advisories/GHSA-9pgh-qqpf-7wqj) `@xmldom/xmldom` has already been patched: [fix: Avoid iterating over prototype properties by karfau · Pull Request #437 · xmldom/xmldom](https://github.com/xmldom/xmldom/pull/437) newer versions exist but this is the latest patch version and there shoudln't be any breaking changes `yarn build` and `yarn test` --- packages/plist/package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/plist/package.json b/packages/plist/package.json index beba880dfc..00df35d2a4 100644 --- a/packages/plist/package.json +++ b/packages/plist/package.json @@ -26,7 +26,7 @@ "build" ], "dependencies": { - "@xmldom/xmldom": "~0.7.0", + "@xmldom/xmldom": "~0.7.6", "base64-js": "^1.2.3", "xmlbuilder": "^14.0.0" }, diff --git a/yarn.lock b/yarn.lock index cf7ea6d11c..c20c364121 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4308,10 +4308,10 @@ dependencies: tslib "^1.9.3" -"@xmldom/xmldom@~0.7.0": - version "0.7.2" - resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.7.2.tgz#d920079e66806b2626b5311955f6a7c4bed1cba8" - integrity sha512-t/Zqo0ewes3iq6zGqEqJNUWI27Acr3jkmSUNp6E3nl0Z2XbtqAG5XYqPNLdYonILmhcxANsIidh69tHzjXtuRg== +"@xmldom/xmldom@~0.7.6": + version "0.7.6" + resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.7.6.tgz#6f55073fa73e65776bd85826958b98c8cd1457b5" + integrity sha512-HHXP9hskkFQHy8QxxUXkS7946FFIhYVfGqsk0WLwllmexN9x/+R4UBLvurHEuyXRfVEObVR8APuQehykLviwSQ== "@xtuc/ieee754@^1.2.0": version "1.2.0"