build(deps): bump @xmldom/xmldom from 0.8.10 to 0.8.12 in the npm_and_yarn group across 1 directory
Type: Pull Request
State: Open
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: Unknown
Comments: 2
(2 months ago)
(2 months ago)
dependencies dependabot-semver-unknown alert-severity-HIGH team-messenger javascript
Bumps the npm_and_yarn group with 1 update in the /examples/example/e2e directory: @xmldom/xmldom.
Updates @xmldom/xmldom from 0.8.10 to 0.8.12
Release notes
Sourced from @xmldom/xmldom's releases.
0.8.12
Fixed
- preserve trailing whitespace in ProcessingInstruction data
[#962](https://github.com/xmldom/xmldom/issues/962)/[#42](https://github.com/xmldom/xmldom/issues/42)- Security:
createCDATASectionnow throwsInvalidCharacterErrorwhendatacontains"]]>", as required by the WHATWG DOM spec.GHSA-wh4c-j3r5-mjhp- Security:
XMLSerializernow splits CDATASection nodes whose data contains"]]>"into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData,replaceData,.data =,.textContent =).GHSA-wh4c-j3r5-mjhpCode that passes a string containing
"]]>"tocreateCDATASectionand relied on the previously unsafe behavior will now receiveInvalidCharacterError. Use a mutation method such asappendDataif you intentionally need"]]>"in a CDATASection node's data.Thank you,
@thesmartshadow,@stevenobiajulu, for your contributionshttps://github.com/xmldom/xmldom/discussions/357
0.8.11
0.8.11
Fixed
- update
ownerDocumentwhen moving nodes between documents[#933](https://github.com/xmldom/xmldom/issues/933)/[#932](https://github.com/xmldom/xmldom/issues/932)Thank you,
@shunkica, for your contributions
Changelog
Sourced from @xmldom/xmldom's changelog.
0.8.12
Fixed
- preserve trailing whitespace in ProcessingInstruction data
[#962](https://github.com/xmldom/xmldom/issues/962)/[#42](https://github.com/xmldom/xmldom/issues/42)- Security:
createCDATASectionnow throwsInvalidCharacterErrorwhendatacontains"]]>", as required by the WHATWG DOM spec.GHSA-wh4c-j3r5-mjhp- Security:
XMLSerializernow splits CDATASection nodes whose data contains"]]>"into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData,replaceData,.data =,.textContent =).GHSA-wh4c-j3r5-mjhpCode that passes a string containing
"]]>"tocreateCDATASectionand relied on the previously unsafe behavior will now receiveInvalidCharacterError. Use a mutation method such asappendDataif you intentionally need"]]>"in a CDATASection node's data.Thank you,
@thesmartshadow,@stevenobiajulu, for your contributions0.8.11
Fixed
- update
ownerDocumentwhen moving nodes between documents[#933](https://github.com/xmldom/xmldom/issues/933)/[#932](https://github.com/xmldom/xmldom/issues/932)Thank you,
@shunkica, for your contributions0.9.8
Fixed
- fix: replace \u2029 as part of normalizeLineEndings
[#839](https://github.com/xmldom/xmldom/issues/839)/[#838](https://github.com/xmldom/xmldom/issues/838)- perf: speed up line detection
[#847](https://github.com/xmldom/xmldom/issues/847)/[#838](https://github.com/xmldom/xmldom/issues/838)Chore
- updated dependencies
- drop jazzer and rxjs devDependencies
[#845](https://github.com/xmldom/xmldom/issues/845)Thank you,
@kboshold,@Ponynjaa, for your contributions.0.9.7
Added
- Implementation of
hasAttributes[#804](https://github.com/xmldom/xmldom/issues/804)Fixed
- locator is now true even when other options are being used for the DOMParser
[#802](https://github.com/xmldom/xmldom/issues/802)/[#803](https://github.com/xmldom/xmldom/issues/803)
... (truncated)
Commits
189cb780.8.12ed08df7fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#968)a5b929bchore: clean up generated test artefacts before running ci-local4e37a20ci: run format:check in lint jobac0ac77chore: ignore generated files when checking formatting968c893chore: add local CI script and format:check scriptac40424fix: preserve trailing whitespace in ProcessingInstruction data (#962)cece752chore: add .nvmrc pointing to node version 18cbf44d9docs: improve links to changes in most recent releasec0f14010.8.11- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by karfau, a new releaser for @xmldom/xmldom since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
@xmldom/xmldom
npm
0.8.10 → 0.8.12
Patch
the npm_and_yarn group across 1 directory
Technical Details
| ID: | 14934265 |
| UUID: | 4183209157 |
| Node ID: | PR_kwDOFfymO87PGqjn |
| Host: | GitHub |
| Repository: | intercom/intercom-react-native |