[Snyk] Upgrade xmldom from 0.5.0 to 0.6.0

[snyk-bot]

Snyk has created this PR to upgrade xmldom from 0.5.0 to 0.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 22 days ago, on 2021-04-17.

Release notes

Package name: xmldom

• 0.6.0 - 2021-04-17
  

  0.6.0

  Fixes

  • Stop serializing empty namespace values like xmlns:ds="" #168
    BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
    Thank you @ pdecat and @ FranckDepoortere
  • Escape < to < when serializing attribute values #198 / #199
• 0.5.0 - 2021-03-09
  

  Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute
      BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them.
      It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler

    • Preserve quotes in DOCTYPE declaration
      Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes.
      BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping.
      (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd
      https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes #171
  • fix(dom): Escape ]]> when serializing CharData #181
  • Switch to (only) MIT license (drop problematic LGPL license option) #178
  • Export DOMException; remove custom assertions; etc. #174

  Docs

  • Update MDN links in readme.md #188

from xmldom GitHub release notes

Commit messages

Package name: xmldom

• c80a161 xmldon version 0.6.0
• bc36efd chore: regenerate package-lock.json
• 8a92704 Update eslint -> ^7.23.0 - devDependencies (#202)
• b12106e Update @ stryker-mutator/core -> ^4.5.1 - devDependencies (#192)
• af4642e docs: Update Changelog (#197)
• 5869d76 test(stryker): Replace line numbers by error index (#201)
• a681852 fix: Escape `<` when serializing attribute values (#199)
• bb12247 Update eslint-config-prettier -> 8 - devDependencies (#187)
• 48c51b3 Update eslint -> ^7.22.0 - devDependencies (#185)
• 82b0481 refactor!: Avoid empty namespace value like xmlns:ds="" (#168)
• fa67fcf chore: set version to 0.5.1-dev in package*.json

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs