mirror of
https://github.com/moodle/moodle.git
synced 2025-08-04 16:36:37 +02:00
5d9eae8042
The main goal of this issue is to avoid scanners (Dependabot and friends), reporting about security issues with the current xmldom 0.6.0 package. Note that this doesn't affect prod at all, because it's a dev dependency, hardly exploitable. So it's not a security fix, just a security_benefit, if something. So here, we are updating from xmldom 0.6.0 to @xmldom/xmldom 0.8.7 (note that the package was renamed in 0.7.0, so it's the very same) Also, when proceeding with the changes, it was detected that we are incorrectly declaring @babel/eslint-parser as a normal dependency instead of a development one, so we are also fixing that little detail. The commands executed to get the changes above applied have been: - nvm use - npm install @xmldom/xmldom@^0.8.7 --save-dev - npm uninstall xmldom - npm install @babel/eslint-parser@^7.17.0 --save-dev (we haven't run a complete re-install because we only want to modify the minimum possible at this stage). |
||
|---|---|---|
| .. | ||
| jsdoc | ||
| tasks | ||
| babel-plugin-add-module-to-define.js | ||
| components.js | ||