Open
Conversation
Snyk has created this PR to upgrade xmldom from 0.1.17 to 0.6.0. See this package in npm: https://www.npmjs.com/package/xmldom See this project in Snyk: https://app.snyk.io/org/rugk/project/bc64773c-29a4-4b17-9365-22392e546c8b?utm_source=github&utm_medium=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade xmldom from 0.1.17 to 0.6.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-XMLDOM-1084960
Why? Has a fix available, CVSS 5.4
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: xmldom
-
0.6.0 - 2021-04-17
- Stop serializing empty namespace values like
- Escape
-
0.5.0 - 2021-03-09
- Avoid misinterpretation of malicious XML input -
-
- create a new
- Throw
- export
-
- Fix breaking preprocessors' directives when parsing attributes
- fix(dom): Escape
- Switch to (only) MIT license (drop problematic LGPL license option)
- Export DOMException; remove custom assertions; etc.
- Update MDN links in
-
0.4.0 - 2020-10-27
- BREAKING Restore
- BREAKING Typecheck source param before parsing
- Include documents in package files list
- Preserve doctype with sysid
- Remove ES6 syntax from getElementsByClassName
- Revert "Add lowercase of åäö in entityMap" due to duplicate entries
- fix: Convert all line separators to LF
- Update CHANGELOG.md through version 0.3.0
- Update badges
- Add .editorconfig file
- Add note about import
- Modernize & improve the example in readme.md
- Add Stryker Mutator
- Add Stryker action to update dashboard
- Add Node GitHub action workflow
- add & enable eslint
- Use eslint-plugin-es5 to enforce ES5 syntax
- Recover
- Add jest tessuite and first tests
- Add jest testsuite with
- Configure Renovate
- Test European HTML entities
- Updated devDependencies
- Remove files that are not of any use
-
0.3.0 - 2020-03-04
- BREAKING Node >=10.x is now required.
- BREAKING Remove
- BREAKING Move existing sources into
- POSSIBLY BREAKING Introduce
- Add
- Add
- Add lowercase of åäö in
- Move CHANGELOG to markdown file.
- Move LICENSE to markdown file.
-
0.2.1 - 2019-12-20
-
0.2.0 - 2019-12-20
-
0.1.31 - 2019-12-19
-
0.1.30 - 2019-12-19
-
0.1.29 - 2019-12-19
-
0.1.27 - 2016-11-28
-
0.1.26 - 2016-11-28
-
0.1.25 - 2016-11-28
-
0.1.24 - 2016-11-27
-
0.1.22 - 2016-01-30
-
0.1.21 - 2016-01-13
-
0.1.20 - 2016-01-10
-
0.1.19 - 2014-01-28
-
0.1.18 - 2014-01-17
-
0.1.17 - 2013-12-16
from xmldom GitHub release notes0.6.0
Fixes
xmlns:ds=""#168BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
Thank you @ pdecat and @ FranckDepoortere
<to<when serializing attribute values#198/#199Fixes
GHSA-h6q6-9hqw-rwfv(CVE-2021-21366)Improve error reporting; throw on duplicate attribute
BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them.
It's possible to configure the
DOMParser.errorHandlerbefore parsing, to handle those errors differently.To accomplish this and also be able to verify it in tests I needed to
ErrortypeParseErrorand export itParseErrorfromerrorHandler.fatalErrorand prevent those from being caught inXMLReader.DOMHandlerconstructor as__DOMHandlerPreserve quotes in DOCTYPE declaration
Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed
publicIdandsystemIdas is, including any quotes.BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping.
(Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)
https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd
https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)
#171]]>when serializing CharData#181#178#174Docs
readme.md#188Fixes
behavior from v0.1.27#67#113#156#144#91#84#66Docs
#63#78#104#79#81CI
#70#77#64#106#107vowstests, dropprooftests#59#114xmltestcases#112#108#86Other
#131,#65,#330.3.0
component.json(deprecated package manager https://github.com/componentjs/guide)libsubdirectory.filesentry inpackage.jsonand remove use of.npmignore.Document.getElementsByClassName.Nodeto the list of exportsentityMap.xmldom version 0.2.1
xmldom version 0.2.0
xmldom v0.1.31 - fix homepage url
xmldom v0.1.30 - fix git url
the only change from version 0.1.27 is to update the license field
in package.json
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs