From 497bcc80945b55ffacb3f6a7818ea203daf38085 Mon Sep 17 00:00:00 2001 From: Pawel Przysucha Date: Mon, 29 Jun 2026 13:44:02 +0200 Subject: [PATCH] chore(deps): bump @xmldom/xmldom from 0.9.8 to 0.9.10 Fixes XML injection vulnerability via createProcessingInstruction (CVE-2026-41675, GHSA-x6wf-f3px-wcqx), which affected versions >= 0.9.0 < 0.9.10. https://github.com/advisories/GHSA-x6wf-f3px-wcqx Co-Authored-By: Claude Opus 4.8 --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 57310d58b..55132f876 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "@cucumber/gherkin": "38.0.0", "@cucumber/messages": "32.3.1", "@modelcontextprotocol/sdk": "^1.26.0", - "@xmldom/xmldom": "0.9.8", + "@xmldom/xmldom": "0.9.10", "acorn": "8.15.0", "ai": "^6.0.43", "arrify": "3.0.0", @@ -155,7 +155,7 @@ "@wdio/sauce-service": "9.12.5", "@wdio/selenium-standalone-service": "8.15.0", "@wdio/utils": "9.23.3", - "@xmldom/xmldom": "0.9.8", + "@xmldom/xmldom": "0.9.10", "bunosh": "latest", "chai": "^6.2.1", "chai-as-promised": "^8.0.2",