Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM audit security issue #417

Closed
ghost opened this issue Mar 26, 2021 · 3 comments
Closed

NPM audit security issue #417

ghost opened this issue Mar 26, 2021 · 3 comments

Comments

@ghost
Copy link

ghost commented Mar 26, 2021

Running the npm audit gives the following error. Requires xmldom v0.5.0+

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Misinterpretation of malicious XML input                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ xmldom                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.5.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ html2pdf.js                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ html2pdf.js > jspdf > canvg > xmldom                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1650                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 2316 scanned packages
  1 vulnerability requires manual review. See the full report for details.
@ghost
Copy link
Author

ghost commented Apr 1, 2021

added a PR for this fix: #419

@ghost
Copy link
Author

ghost commented Apr 9, 2021

@eKoopmans @oschwede @drbeat @ovvn Could anyone of you please help prioritize this?

@eKoopmans
Copy link
Owner

Let's track this in #419.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eKoopmans