Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update xmlDom dependency to fix security issues #141

Merged
merged 4 commits into from Jul 6, 2023
Merged

Update xmlDom dependency to fix security issues #141

merged 4 commits into from Jul 6, 2023

Conversation

pang0018
Copy link
Contributor

@pang0018 pang0018 commented Jul 5, 2023

This PR changes the xmlDom library dependency to not be embedded and to use the @xmldom/xmldom library. This resolves security issues with plist library

#136

pang0018
pang0018 commented Jul 5, 2023
View reviewed changes
dist/plist-parse.js
@@ -229,7 +229,282 @@ function parsePlistXML (node) {
}

}).call(this)}).call(this,require("buffer").Buffer)
},{"./xmldom/dom-parser":2,"buffer":7}],2:[function(require,module,exports){
},{"@xmldom/xmldom":6,"buffer":9}],2:[function(require,module,exports){
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why all this changed, I just ran 'make' and this updated. Can revert if necessary.

mreinstein
mreinstein requested changes Jul 5, 2023
View reviewed changes
package.json Outdated
@@ -1,7 +1,7 @@
{
"name": "plist",
"description": "Apple's property list parser/builder for Node.js and browsers",
"version": "3.0.6",
"version": "3.0.7",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't bump the version number in this PR please, that'll be done separately.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted. Ready for another look!

@mreinstein
Copy link
Collaborator

Thanks for the PR!

@mreinstein mreinstein merged commit 6ca1aa1 into TooTallNate:master Jul 6, 2023
3 checks passed
@pang0018 pang0018 deleted the xmldom_update branch July 6, 2023 15:01
@pang0018
Copy link
Contributor Author

pang0018 commented Jul 6, 2023

@mreinstein ty for merging this change so quickly. When will a new release with this change come out?

@mreinstein
Copy link
Collaborator

Done. Published as 3.1.0.

Thanks again for the PR! ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mreinstein mreinstein mreinstein approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pang0018 @mreinstein