-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in @xmldom/xmldom 0.8.3 #139
Comments
Using resolutions because of tyrasd/osmtogeojson#139
Hi, Thanks for developing such great software, @tyrasd ! Please allow me to share with you a link to the GitHub Advisory on xmldom: GitHub Advisory marked severity of this vulnerability is |
Hello everyone! As mentioned in previous comments, the Though my project never uses the XML portion of Cheers! :) |
Hello friends, I would like to share the temporary workaround I've used in my package here: It involves using the Snyk PR to resolve the CVE: #138 Essentially, you can change your dependency from NPM to the GitHub repository with the branch Snyk is making the PR from (https://github.com/tyrasd/osmtogeojson/tree/snyk-fix-65371a4c4920389f7e5127c141088511) Just run: yarn add "https://github.com/tyrasd/osmtogeojson#snyk-fix-65371a4c4920389f7e5127c141088511" |
@tyrasd 🙏 |
👋 @tyrasd! It’d be great to see this dependency upgraded, currently seeing:
This issue is fixable by #138, but you can bump min version further (0.8.4 → 0.8.6 at the time of writing).
The text was updated successfully, but these errors were encountered: