Upgrade XML Crypto #1199

AdrianHL · 2022-10-14T09:16:01Z

This fixes the following issue in a nested dependency GHSA-9pgh-qqpf-7wqj
The fix in xml/crypto has only been pushed in a major version release based on a breaking change; see https://github.com/yaronn/xml-crypto/releases

peterjdrb · 2022-10-17T07:09:47Z

+1

warteruzannan · 2022-10-17T12:21:31Z

+1

RopoMen · 2022-10-20T08:57:53Z

This xml-encryption update may potentially contain BREAKING CHANGES because

they self update major version
@xmldom/xmldom states that 0.8.x has BREAKING CHANGES https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#fixed-6

AdrianHL · 2022-10-20T09:51:35Z

@RopoMen I'd assume the pipeline will tell us any errors or incompatibilities once it has run, but it has a green light in #1200

AdrianHL · 2022-11-02T11:20:16Z

Any chance of getting this tested and merged? Otherwise we will have to fork and use the fork until this is merged.

deathstar1708 · 2022-11-08T01:53:16Z

Please help approve and merge this pr , so that the peer dependency of xml-crypto can be upgraded that is currently a vulnerability .

SnathanP · 2022-11-16T09:41:56Z

Hello there, any update on the approval of this PR ?

ellisium · 2022-11-16T16:08:51Z

+1 any update? we can't stuck on this for 1 month. If no plan to fix it, please communicate it.

jsdevel · 2022-12-09T17:36:42Z

for some reason the build isn't running. can you rebase or --amend --allow-empty to trigger a build?

AdrianHL · 2023-01-05T08:43:46Z

Will close as this was done and merged in #1200

Upgrade XML Crypto

b47ef0d

benasher44 mentioned this pull request Oct 17, 2022

Bump xml-crypto #1200

Merged

AdrianHL closed this Jan 5, 2023

Provide feedback