-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update xmldom to 0.7.x #112
Conversation
Didn't notice the whitespace changes (thanks Prettier) - I'll remove this in the morning if nobody else gets to it first |
Why title is saying update xmldom to 0.7.1, when it is 0.7.0. It is creating confusion as it seems it is updating to some beta version |
Apologies @SudiptaAtWork, this has been corrected |
/cc @mreinstein |
Any update when will this PR be closed and a new version released for plist? |
xmldom ( Apache Cordova has been using this wonderful package as well. |
Where to begin with this whole clusterfuck....
|
Hey Mike, thanks for checking in on this. Sorry for the bother! This is going to be a bit long, sorry. The TL;DR is:
Here's my understanding of the timeline:
✨ magic ✨
Dev A hasn't got any public activity on their GitHub or NPM. The other contributor has published stuff on GitHub since Dev B & co reached out to Dev A. I don't know if they reached out to the other contributor. I fully understand how busy you are - hopefully this PR helps and we can get more community support. Also would love input from Nate if possible.
XMLDom's DOMParser is used in the Hope this helps! |
I have just added some quick background to xmldom/xmldom#271, with quick post-mortem in this comment: xmldom/xmldom#271 (comment) I would highly recommend asking any questions for clarification in xmldom/xmldom#271. |
@dylmye thanks for taking the time to write up more details. Here are my current thoughts on potential solutions:
Open for suggestions/thoughts/ideas on this. |
Any ETA on when this PR will be complete? Our app is showing security vulnerability because of xmldom 0.6.0, and we do not use xmldom directly it is plist which is injecting xmldom in our package.lock file. Without plist fixing this we can not get through this vulnerability checkpoint. Please any update sooner will be helpful. At least if a temporary solution of using xmldom 0.7.2 can be checked in and a version can be created and you take other issues in a separate version, then it will be helpful for us who has indirect dependency on xmldom for plist. |
The codebase of ( Of course you have the right to inline the sources into you project, I hope it also makes it easier for you to manage/own the contained bugs. As you can see from the issues that are already filed, there are also some that impact xml parsing: https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Abug%2Cspec%3AXML+ , xmldom/xmldom#69 being one that might be relevant for you which was fixed in 0.7.0 PS: I did see your plan to switch to another library, curious which one you will pick and be more confident about the level of maturity regarding parsing. I'm not claiming we are far ahead, just didn't look into alternatives since I joined the contriutors/maintainers. |
The name of the package changed due to the owner abandoning it. More info at xmldom/xmldom#271.
This fixes #110, fixes #111.