fix: resolve CVE-2026-34601 in @xmldom/xmldom

related to https://github.com/advisories/GHSA-wh4c-j3r5-mjhp Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Florent Benoit <fbenoit@redhat.com>
2026-04-21 17:47:22 +00:00 · 2026-04-20 10:24:07 +02:00 · 2026-04-20 10:24:07 +02:00 · e245f3cfe7
commit e245f3cfe7
parent c221c3d1f0
2 changed files with 6 additions and 5 deletions
--- a/package.json
+++ b/package.json
@ -197,6 +197,7 @@
  },
  "pnpm": {
    "overrides": {
+      "@xmldom/xmldom": "^0.8.12",
      "rollup": "^4.59.0",
      "react-router>path-to-regexp": "^1.9.0",
      "serve-handler>path-to-regexp": "^3.3.0",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -5,6 +5,7 @@ settings:
  excludeLinksFromLockfile: false

 overrides:
+  '@xmldom/xmldom': ^0.8.12
  rollup: ^4.59.0
  react-router>path-to-regexp: ^1.9.0
  serve-handler>path-to-regexp: ^3.3.0
@ -4924,10 +4925,9 @@ packages:
  '@webassemblyjs/wast-printer@1.14.1':
    resolution: {integrity: sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw==}

-  '@xmldom/xmldom@0.8.10':
-    resolution: {integrity: sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==}
+  '@xmldom/xmldom@0.8.13':
+    resolution: {integrity: sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==}
    engines: {node: '>=10.0.0'}
-    deprecated: this version has critical issues, please update to the latest version

  '@xterm/addon-fit@0.11.0':
    resolution: {integrity: sha512-jYcgT6xtVYhnhgxh3QgYDnnNMYTcf8ElbxxFzX0IZo+vabQqSPAjC3c1wJrKB5E19VwQei89QCiZZP86DCPF7g==}
@ -17258,7 +17258,7 @@ snapshots:
      '@webassemblyjs/ast': 1.14.1
      '@xtuc/long': 4.2.2

-  '@xmldom/xmldom@0.8.10': {}
+  '@xmldom/xmldom@0.8.13': {}

  '@xterm/addon-fit@0.11.0': {}

@ -22806,7 +22806,7 @@ snapshots:

  plist@3.1.0:
    dependencies:
-      '@xmldom/xmldom': 0.8.10
+      '@xmldom/xmldom': 0.8.13
      base64-js: 1.5.1
      xmlbuilder: 15.1.1