-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update xmlDom dependency to fix security issues #141
Conversation
@@ -229,7 +229,282 @@ function parsePlistXML (node) { | |||
} | |||
|
|||
}).call(this)}).call(this,require("buffer").Buffer) | |||
},{"./xmldom/dom-parser":2,"buffer":7}],2:[function(require,module,exports){ | |||
},{"@xmldom/xmldom":6,"buffer":9}],2:[function(require,module,exports){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why all this changed, I just ran 'make' and this updated. Can revert if necessary.
package.json
Outdated
@@ -1,7 +1,7 @@ | |||
{ | |||
"name": "plist", | |||
"description": "Apple's property list parser/builder for Node.js and browsers", | |||
"version": "3.0.6", | |||
"version": "3.0.7", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't bump the version number in this PR please, that'll be done separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted. Ready for another look!
Thanks for the PR! |
@mreinstein ty for merging this change so quickly. When will a new release with this change come out? |
Done. Published as 3.1.0. Thanks again for the PR! ❤️ |
This PR changes the xmlDom library dependency to not be embedded and to use the @xmldom/xmldom library. This resolves security issues with plist library
#136