From 35574e08675ef508cd3c5f6411dbda240e5c5210 Mon Sep 17 00:00:00 2001 From: Christian Bewernitz Date: Sat, 25 Dec 2021 23:22:38 +0100 Subject: [PATCH] build(deps): bump xmldom to 0.8.0 Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q The reason is that the maintainers were forced to switch to a scoped package since 0.7.0: https://github.com/xmldom/xmldom/issues/271 - I used node 12 to run `npm install`. - I executed `npm run test` on my machine but some tests complained about missing titanium config in my home directory. Since I don't know what that means we will have to see what CI checks complain about. I'm one of the xmldom maintainers. Don't hesitate to ask me questions. --- Alloy/commands/compile/compilerUtils.js | 2 +- Alloy/commands/extract-i18n/i18nHandler.js | 2 +- Alloy/tiapp.js | 2 +- Alloy/utils.js | 4 ++-- package-lock.json | 18 +++++++++--------- package.json | 4 ++-- test/specs/compilefile.js | 2 +- test/specs/generate.js | 2 +- test/specs/new.js | 2 +- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Alloy/commands/compile/compilerUtils.js b/Alloy/commands/compile/compilerUtils.js index edf132b8f..fa2579b33 100755 --- a/Alloy/commands/compile/compilerUtils.js +++ b/Alloy/commands/compile/compilerUtils.js @@ -9,7 +9,7 @@ var U = require('../../utils'), astController = require('./ast/controller'), _ = require('lodash'), styler = require('./styler'), - XMLSerializer = require('xmldom').XMLSerializer, + XMLSerializer = require('@xmldom/xmldom').XMLSerializer, CONST = require('../../common/constants'), sourceMapper = require('./sourceMapper'); diff --git a/Alloy/commands/extract-i18n/i18nHandler.js b/Alloy/commands/extract-i18n/i18nHandler.js index 811c56209..ec3a73b0e 100644 --- a/Alloy/commands/extract-i18n/i18nHandler.js +++ b/Alloy/commands/extract-i18n/i18nHandler.js @@ -2,7 +2,7 @@ var U = require('../../utils'), logger = require('../../logger'), path = require('path'), _ = require('lodash'), - XMLSerializer = require('xmldom').XMLSerializer, + XMLSerializer = require('@xmldom/xmldom').XMLSerializer, fs = require('fs-extra'), os = require('os'); diff --git a/Alloy/tiapp.js b/Alloy/tiapp.js index 8138eb4da..0f15181e6 100644 --- a/Alloy/tiapp.js +++ b/Alloy/tiapp.js @@ -1,6 +1,6 @@ var fs = require('fs'), path = require('path'), - XMLSerializer = require('xmldom').XMLSerializer, + XMLSerializer = require('@xmldom/xmldom').XMLSerializer, pkg = require('../package'), U = require('./utils'), CONST = require('./common/constants'), diff --git a/Alloy/utils.js b/Alloy/utils.js index f91c819b6..e01e4b2e3 100755 --- a/Alloy/utils.js +++ b/Alloy/utils.js @@ -11,8 +11,8 @@ var path = require('path'), paths = require('global-paths'), logger = require('./logger'), tiapp = require('./tiapp'), - XMLSerializer = require('xmldom').XMLSerializer, - DOMParser = require('xmldom').DOMParser, + XMLSerializer = require('@xmldom/xmldom').XMLSerializer, + DOMParser = require('@xmldom/xmldom').DOMParser, _ = require('lodash'), CONST = require('./common/constants'), sourceMapper = require('./commands/compile/sourceMapper'), diff --git a/package-lock.json b/package-lock.json index ec1cc7b83..58dd9562b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1435,6 +1435,12 @@ "glob": "^7.1.6" }, "dependencies": { + "@xmldom/xmldom": { + "version": "0.7.5", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.5.tgz", + "integrity": "sha512-V3BIhmY36fXZ1OtVcI9W+FxQqxVLsPKcNjWigIaa81dLC9IolJl5Mt4Cvhmr0flUnjSpTdrbMTSbXqYqV5dT6A==", + "dev": true + }, "fs-extra": { "version": "9.1.0", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", @@ -1990,10 +1996,9 @@ "dev": true }, "@xmldom/xmldom": { - "version": "0.7.3", - "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.3.tgz", - "integrity": "sha512-8XmJdPut2XGtfFcsNsqEsvMUmAwk7xLq7m+E/GcsU9b5qyFFIsiX4Fvnb5UoQ4wo12Wlm07YFJERoyWUYdbIpw==", - "dev": true + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.0.tgz", + "integrity": "sha512-7wVnF+rKrVDEo1xjzkkidTG0grclaVnX0vKa0z9JSXcEdtftUJjvU33jLGg6SHyvs3eeqEsI7jZ6NxYfRypEEg==" }, "JSONStream": { "version": "1.3.5", @@ -8142,11 +8147,6 @@ "xml2js": "~0.2.8" } }, - "xmldom": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz", - "integrity": "sha512-iAcin401y58LckRZ0TkI4k0VSM1Qg0KGSc3i8rU+xrxe19A/BN1zHyVSJY7uoutVlaTSzYyk/v5AmkewAP7jtg==" - }, "xtend": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", diff --git a/package.json b/package.json index 8afc65644..2676723ac 100644 --- a/package.json +++ b/package.json @@ -36,6 +36,7 @@ "@babel/traverse": "^7.4.5", "@babel/types": "^7.4.4", "@babel/template": "^7.4.4", + "@xmldom/xmldom": "^0.8.0", "async": "^3.2.0", "colors": "^1.1.2", "commander": "^8.0.0", @@ -50,8 +51,7 @@ "resolve": "^1.1.7", "source-map": "^0.7.3", "walk-sync": "^0.3.2", - "xml2tss": "0.0.5", - "xmldom": "^0.6.0" + "xml2tss": "0.0.5" }, "license": "Apache-2.0", "bin": { diff --git a/test/specs/compilefile.js b/test/specs/compilefile.js index 0c2033695..be9b30732 100644 --- a/test/specs/compilefile.js +++ b/test/specs/compilefile.js @@ -1,6 +1,6 @@ var fs = require('fs-extra'), path = require('path'), - DOMParser = require('xmldom').DOMParser, + DOMParser = require('@xmldom/xmldom').DOMParser, TU = require('../lib/testUtils'), CONST = require('../../Alloy/common/constants'), platforms = require('../../platforms/index'), diff --git a/test/specs/generate.js b/test/specs/generate.js index efbe74865..b56bb522d 100644 --- a/test/specs/generate.js +++ b/test/specs/generate.js @@ -2,7 +2,7 @@ var fs = require('fs'), path = require('path'), os = require('os'), exec = require('child_process').exec, - DOMParser = require('xmldom').DOMParser, + DOMParser = require('@xmldom/xmldom').DOMParser, TU = require('../lib/testUtils'), U = require('../../Alloy/utils'), CU = require('../../Alloy/commands/compile/compilerUtils'), diff --git a/test/specs/new.js b/test/specs/new.js index 928942a8f..bed8d7583 100644 --- a/test/specs/new.js +++ b/test/specs/new.js @@ -1,6 +1,6 @@ var fs = require('fs-extra'), path = require('path'), - DOMParser = require('xmldom').DOMParser, + DOMParser = require('@xmldom/xmldom').DOMParser, TU = require('../lib/testUtils'), CONST = require('../../Alloy/common/constants'), _ = require('lodash');