Skip to content

Commit c258b9d

Browse files
avinash-bharticlaude
avinash-bharti
and
claude
committed
fix: add @xmldom/xmldom override to patch XML injection vulnerability (APS-18524)
Adds npm override for @xmldom/xmldom >=0.9.9 to fix GHSA-wh4c-j3r5-mjhp (XML injection via unsafe CDATA serialization, CVSS 7.5). The package is a transitive dev dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 3584970 commit c258b9d

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
"dotenv": "^16.0.0"
3030
},
3131
"overrides": {
32-
"serialize-javascript": ">=7.0.3"
32+
"serialize-javascript": ">=7.0.3",
33+
"@xmldom/xmldom": ">=0.9.9"
3334
}
3435
}

0 commit comments

Comments
 (0)