Skip to content

Commit 497bcc8

Browse files
ElVisPLclaude
andcommitted
chore(deps): bump @xmldom/xmldom from 0.9.8 to 0.9.10
Fixes XML injection vulnerability via createProcessingInstruction (CVE-2026-41675, GHSA-x6wf-f3px-wcqx), which affected versions >= 0.9.0 < 0.9.10. GHSA-x6wf-f3px-wcqx Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 7cb68de commit 497bcc8

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@
9797
"@cucumber/gherkin": "38.0.0",
9898
"@cucumber/messages": "32.3.1",
9999
"@modelcontextprotocol/sdk": "^1.26.0",
100-
"@xmldom/xmldom": "0.9.8",
100+
"@xmldom/xmldom": "0.9.10",
101101
"acorn": "8.15.0",
102102
"ai": "^6.0.43",
103103
"arrify": "3.0.0",
@@ -155,7 +155,7 @@
155155
"@wdio/sauce-service": "9.12.5",
156156
"@wdio/selenium-standalone-service": "8.15.0",
157157
"@wdio/utils": "9.23.3",
158-
"@xmldom/xmldom": "0.9.8",
158+
"@xmldom/xmldom": "0.9.10",
159159
"bunosh": "latest",
160160
"chai": "^6.2.1",
161161
"chai-as-promised": "^8.0.2",

0 commit comments

Comments
 (0)