[Snyk] Upgrade xmldom from 0.1.31 to 0.6.0

[snyk-bot]

Snyk has created this PR to upgrade xmldom from 0.1.31 to 0.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 7 months ago, on 2021-04-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	484/1000 Why? Has a fix available, CVSS 5.4	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: xmldom

• 0.6.0 - 2021-04-17
  

  0.6.0

  Fixes

  • Stop serializing empty namespace values like xmlns:ds="" #168
    BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
    Thank you @ pdecat and @ FranckDepoortere
  • Escape < to < when serializing attribute values #198 / #199
• 0.5.0 - 2021-03-09
• 0.4.0 - 2020-10-27
• 0.3.0 - 2020-03-04
• 0.2.1 - 2019-12-20
• 0.2.0 - 2019-12-20
• 0.1.31 - 2019-12-19

from xmldom GitHub release notes

Commit messages

Package name: xmldom

• c80a161 xmldon version 0.6.0
• bc36efd chore: regenerate package-lock.json
• 8a92704 Update eslint -> ^7.23.0 - devDependencies (TopCoder NodeJS Auth0 Callback API v1.0 #202)
• b12106e Update @ stryker-mutator/core -> ^4.5.1 - devDependencies (Reset Password API #192)
• af4642e docs: Update Changelog (Update test.register_member.js #197)
• 5869d76 test(stryker): Replace line numbers by error index (Payment List API #201)
• a681852 fix: Escape `<` when serializing attribute values (Performanc improvement #199)
• bb12247 Update eslint-config-prettier -> 8 - devDependencies (Fix sortcolumn error. #187)
• 48c51b3 Update eslint -> ^7.22.0 - devDependencies (performance fix for challenges api. #185)
• 82b0481 refactor!: Avoid empty namespace value like xmlns:ds="" (revert #168)
• fa67fcf chore: set version to 0.5.1-dev in package*.json
• f763b00 xmldom version 0.5.0
• d4201b9 Merge pull request from GHSA-h6q6-9hqw-rwfv
• a4d717c Update MDN links in readme.md (Performance improvement #188)
• e984b3f Update @ stryker-mutator/core -> ^4.4.1 - devDependencies (Fix jslint error. #184)
• c762161 Update stryker monorepo (major) (Fix for the challengeName column in member marathon statistics API. #140)
• fd47c51 Fix breaking preprocessors' directives when parsing attributes (Get Marathon Match Challenge Reg Info API #171)
• baa67f5 Update xmltest -> ^1.5.0 - devDependencies (Apply Develop Review Opportunity API #182)
• 64c7388 fix(dom): Escape `]]>` when serializing CharData (Module Assembly - TopCoder NodeJS Unregister Challenge API #181)
• b73a965 Update eslint-config-prettier -> ^7.2.0 - devDependencies (Generate Reset Token #179)
• 21bc17e Switch to (only) MIT license (Fix undefined error in challenges.js #178)
• ad773c9 test: Use toBe/toStrictEqual instead of toEqual (Merge get challenge API. #175)
• 23608d9 chore: Add karfau as contributor (change the parameter name of getChallenge API. #177)
• dbd2171 Export DOMException; remove custom assertions; etc. (Challenge API update #174)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs