Skip to content
This repository was archived by the owner on Jan 18, 2024. It is now read-only.

[plist] Update xmldom for security reasons#4571

Merged
EvanBacon merged 1 commit into
expo:mainfrom
mfulton26:main
Oct 28, 2022
Merged

[plist] Update xmldom for security reasons#4571
EvanBacon merged 1 commit into
expo:mainfrom
mfulton26:main

Conversation

@mfulton26

@mfulton26 mfulton26 commented Oct 19, 2022

Copy link
Copy Markdown
Contributor

Why

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom · CVE-2022-37616 · GitHub Advisory Database

Fixes #4569

How

@xmldom/xmldom has already been patched:

fix: Avoid iterating over prototype properties by karfau · Pull Request #437 · xmldom/xmldom

newer versions exist but this is the latest patch version and there shouldn't be any breaking changes

Test Plan

yarn build and yarn test

[Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom · CVE-2022-37616 · GitHub Advisory Database](GHSA-9pgh-qqpf-7wqj)

`@xmldom/xmldom` has already been patched:

[fix: Avoid iterating over prototype properties by karfau · Pull Request expo#437 · xmldom/xmldom](xmldom/xmldom#437)

newer versions exist but this is the latest patch version and there shoudln't be any breaking changes

`yarn build` and `yarn test`
@EvanBacon EvanBacon merged commit 68fdef1 into expo:main Oct 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

@expo/plist latest version 0.0.18 is dependent on a potential security vulnerable version of xmldom

2 participants