[Security Upgrade]: pin @xmldom/xmldom to 0.8.13 (#33373)

Adds a resolution in root package.json to force all consumers to @xmldom/xmldom@0.8.13, fixing GHSA-wh4c-j3r5-mjhp, GHSA-j759-j44w-7fr8, GHSA-x6wf-f3px-wcqx, GHSA-f6ww-3ggp-fr8h, and GHSA-2v35-w6hq-6mfw. The vulnerable 0.7.13 entry in yarn.lock is replaced by 0.8.13 (minimum safe version across all five advisories). Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> GitOrigin-RevId: e1a301e3a1d637894284f35238ca0e8c23534276
2026-05-22 10:11:59 +02:00
parent 6fa708982b
commit ae00bcbeca
2 changed files with 5 additions and 11 deletions
@@ -32,6 +32,7 @@
    "node": ">=20.0.0"
  },
  "resolutions": {
+    "@xmldom/xmldom": "0.8.13",
    "argparse/underscore": "1.13.8",
    "sandboxed-module": "patch:sandboxed-module@npm%3A2.0.4#~/.yarn/patches/sandboxed-module-npm-2.0.4-f8b45aacc9.patch",
    "request/tough-cookie": "5.1.2",
@@ -12485,17 +12485,10 @@ __metadata:
  languageName: node
  linkType: hard

-"@xmldom/xmldom@npm:^0.7.0, @xmldom/xmldom@npm:^0.7.13, @xmldom/xmldom@npm:^0.7.4, @xmldom/xmldom@npm:^0.7.9":
-  version: 0.7.13
-  resolution: "@xmldom/xmldom@npm:0.7.13"
-  checksum: 10c0/cb02e4e8d986acf18578a5f25d1bce5e18d08718f40d8a0cdd922a4c112c8e00daf94de4e43f9556ed147c696b135f2ab81fa9a2a8a0416f60af15d156b60e40
-  languageName: node
-  linkType: hard
-
-"@xmldom/xmldom@npm:^0.8.10, @xmldom/xmldom@npm:^0.8.5":
-  version: 0.8.12
-  resolution: "@xmldom/xmldom@npm:0.8.12"
-  checksum: 10c0/b733c84292d1bee32ef21a05aba8f9063456b51a54068d0b4a1abf5545156ee0b9894b7ae23775b5881b11c35a8a03871d1b514fb7e1b11654cdbee57e1c2707
+"@xmldom/xmldom@npm:0.8.13":
+  version: 0.8.13
+  resolution: "@xmldom/xmldom@npm:0.8.13"
+  checksum: 10c0/06405ee6fffba631abf715a305ace338420ebcea8baf1317f19f2752f5c505952b7df45159908e7be8451a42faa54326b780616ab4d08242b20477b2973da24b
  languageName: node
  linkType: hard