Skip to content

chore(deps): bump @xmldom/xmldom from 0.8.11 to 0.8.12 in the npm_and_yarn group across 1 directory#4504

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-282a1442c2
Closed

chore(deps): bump @xmldom/xmldom from 0.8.11 to 0.8.12 in the npm_and_yarn group across 1 directory#4504
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-282a1442c2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the / directory: @xmldom/xmldom.

Updates @xmldom/xmldom from 0.8.11 to 0.8.12

Release notes

Sourced from @​xmldom/xmldom's releases.

0.8.12

Commits

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

xmldom/xmldom#357

Changelog

Sourced from @​xmldom/xmldom's changelog.

0.8.12

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

Commits
  • 189cb78 0.8.12
  • ed08df7 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#968)
  • a5b929b chore: clean up generated test artefacts before running ci-local
  • 4e37a20 ci: run format:check in lint job
  • ac0ac77 chore: ignore generated files when checking formatting
  • 968c893 chore: add local CI script and format:check script
  • ac40424 fix: preserve trailing whitespace in ProcessingInstruction data (#962)
  • cece752 chore: add .nvmrc pointing to node version 18
  • cbf44d9 docs: improve links to changes in most recent release
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by karfau, a new releaser for @​xmldom/xmldom since your current version.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 1, 2026 00:33
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 1, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 5df128b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@cla-assistant
Copy link
Copy Markdown

cla-assistant bot commented Apr 1, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-282a1442c2 branch 3 times, most recently from 537ed3f to 304ab66 Compare April 1, 2026 10:27
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 1, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-282a1442c2 branch from 304ab66 to 9b278ae Compare April 1, 2026 11:51
@dependabot
chore(deps): bump @xmldom/xmldom
5df128b 
Bumps the npm_and_yarn group with 1 update in the / directory: [@xmldom/xmldom](https://github.com/xmldom/xmldom).


Updates `@xmldom/xmldom` from 0.8.11 to 0.8.12
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](xmldom/xmldom@0.8.11...0.8.12)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.8.12
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-282a1442c2 branch from 9b278ae to 5df128b Compare April 1, 2026 14:02
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 1, 2026

Looks like @xmldom/xmldom is no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Apr 1, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-282a1442c2 branch April 1, 2026 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants