2.1.5: bump @xmldom/xmldom to 0.7.9

[szphie]

Hey - I'm not sure how you'd want to handle this, but the vuln fix that caused the @xmldom/xmldom breaking change was backported into 0.7.6 - https://github.com/xmldom/xmldom/releases/tag/0.7.6

Would you mind cutting a 2.x release for those of us not in a position to handle breaking changes?

[cjbarth]

I'm not inclined to cut release, but if you get a PR ready to go, I'll see if I can find some time to do it. This PR has merge conflicts and does not have any update to the change log. Please make those adjustments.

[szphie]

conflicts resolved but the PR should target a 2.x branch if you'd be so kind as to create one

where's the changelog?

[BadgerOps]

Howdy, I'm interested in this as well - looks like the changelog in releases is built off the PR title at this point - happy to help contribute to a changelog if we can get a 2.x branch from @cjbarth or another maintainer. We're unfortunately not in a position to deal with a breaking change in this package either.

[cjbarth]

Here is a 2.x branch: https://github.com/yaronn/xml-crypto/tree/2.x

[szphie]

Base changed

[cjbarth]

I don't think ci.yaml is in scope for this PR.

[LoneRifle]

@cjbarth any objections moving 2.x to 9307bb0? It's the last commit before the xmldom 0.8.x upgrade

[cjbarth]

It looks to me that the commit you suggest is after all the changes that resulted in the need for a semver-major bump, so it doesn't seem right to move the 2.x branch there.

[LoneRifle]

Most of those changes are safe; the only one that needed the semver major was the xmldom upgrade itself. On hindsight, I should have made one final 2.x release before upgrading xmldom, which I'll take as a learning point.

Either way, let's leave 2.x where you left it, we can always pick up all the missed dep upgrades later.

[LoneRifle]

lgtm. Will merge and publish when I have the means to do so