Bump @xmldom/xmldom from 0.8.10 to 0.8.12 in /client by dependabot[bot] · Pull Request #1616

Bump @xmldom/xmldom from 0.8.10 to 0.8.12 in /client by dependabot[bot] · Pull Request #1616 · Kitware/dive

Bumps @xmldom/xmldom from 0.8.10 to 0.8.12.

Release notes

Sourced from @xmldom/xmldom's releases.

0.8.12

Commits

Fixed

preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @thesmartshadow, @stevenobiajulu, for your contributions

xmldom/xmldom#357

0.8.11

0.8.11

Fixed

update ownerDocument when moving nodes between documents [#933](https://github.com/xmldom/xmldom/issues/933) / [#932](https://github.com/xmldom/xmldom/issues/932)

Thank you, @shunkica, for your contributions

Changelog

Sourced from @xmldom/xmldom's changelog.

0.8.12

Fixed

preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @thesmartshadow, @stevenobiajulu, for your contributions

0.8.11

Fixed

update ownerDocument when moving nodes between documents [#933](https://github.com/xmldom/xmldom/issues/933) / [#932](https://github.com/xmldom/xmldom/issues/932)

Thank you, @shunkica, for your contributions

0.9.8

Fixed

fix: replace \u2029 as part of normalizeLineEndings [#839](https://github.com/xmldom/xmldom/issues/839) / [#838](https://github.com/xmldom/xmldom/issues/838)

perf: speed up line detection [#847](https://github.com/xmldom/xmldom/issues/847) / [#838](https://github.com/xmldom/xmldom/issues/838)

Chore

updated dependencies

drop jazzer and rxjs devDependencies [#845](https://github.com/xmldom/xmldom/issues/845)

Thank you, @kboshold, @Ponynjaa, for your contributions.

0.9.7

Added

Implementation of hasAttributes [#804](https://github.com/xmldom/xmldom/issues/804)

Fixed

locator is now true even when other options are being used for the DOMParser [#802](https://github.com/xmldom/xmldom/issues/802) / [#803](https://github.com/xmldom/xmldom/issues/803)

... (truncated)

Commits

189cb78 0.8.12
ed08df7 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#968)
a5b929b chore: clean up generated test artefacts before running ci-local
4e37a20 ci: run format:check in lint job
ac0ac77 chore: ignore generated files when checking formatting
968c893 chore: add local CI script and format:check script
ac40424 fix: preserve trailing whitespace in ProcessingInstruction data (#962)
cece752 chore: add .nvmrc pointing to node version 18
cbf44d9 docs: improve links to changes in most recent release
c0f1401 0.8.11
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by karfau, a new releaser for @xmldom/xmldom since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.