Merge pull request #364 from sf-pallavi-das/u/pallavi-das/security_scan_fixes

fix: @W-19244073 Updating packages after security scan

Author: snehaljha-sf

messages/assess.json

@@ -42,10 +42,10 @@
   "processingDataRaptor": "Processing DataMapper: %s",
   "processingOmniScript": "Processing OmniScript: %s",
   "processingGlobalAutoNumber": "Processing GlobalAutoNumber: %s",
-  "foundDataRaptorsToAssess": "Found %s DataRaptors to assess",
+  "foundDataRaptorsToAssess": "Found %s DataMappers to assess",
   "foundOmniScriptsToAssess": "Found %s %s to assess",
   "foundGlobalAutoNumbersToAssess": "Found %s GlobalAutoNumbers to assess",
-  "startingDataRaptorAssessment": "Starting DataRaptor assessment",
+  "startingDataRaptorAssessment": "Starting DataMapper assessment",
   "startingOmniScriptAssessment": "Starting %s assessment",
   "startingGlobalAutoNumberAssessment": "Starting GlobalAutoNumber assessment",
   "allVersionsInfo": "allVersions : %s",

package.json

@@ -15,6 +15,7 @@
     "@types/jsdom": "^21.1.7",
     "@types/lodash.chunk": "^4.2.9",
     "@types/shelljs": "^0.8.15",
+    "@xmldom/xmldom": "^0.9.8",
     "cli-progress": "^3.12.0",
     "diff": "^5.1.0",
     "jsdom": "^25.0.0",
@@ -23,8 +24,7 @@
     "shelljs": "^0.8.5",
     "tslib": "^2",
     "@babel/parser": "^7.25.6",
-    "@babel/traverse": "^7.25.6",
-    "xmldom": "^0.6.0"
+    "@babel/traverse": "^7.25.6"
   },
   "devDependencies": {
     "@oclif/dev-cli": "^1",
@@ -38,6 +38,7 @@
     "@salesforce/ts-sinon": "^1",
     "@types/babel__traverse": "^7.20.6",
     "@types/jsforce": "^1.11.5",
+    "@types/xmldom": "^0.1.34",
     "@typescript-eslint/eslint-plugin": "^4.2.0",
     "@typescript-eslint/parser": "^4.2.0",
     "chai": "^4.4.1",
@@ -63,6 +64,37 @@
     "ts-node": "^10.9.2",
     "typescript": "^4.9.5"
   },
+  "resolutions": {
+    "nanoid": "^3.3.8",
+    "marked": "^4.0.10",
+    "semver": "^7.5.2",
+    "jsonwebtoken": "^9.0.2",
+    "form-data": "^4.0.4",
+    "trim-newlines": "^3.0.1",
+    "minimatch": "^3.0.5",
+    "tough-cookie": "^4.1.3",
+    "ansi-regex": "^4.1.1",
+    "json5": "^2.2.2",
+    "braces": "^3.0.3",
+    "ejs": "^3.1.10",
+    "micromatch": "^4.0.8",
+    "path-to-regexp": "^1.9.0",
+    "@babel/runtime-corejs3": "^7.26.10",
+    "@babel/runtime": "^7.26.10",
+    "@babel/helpers": "^7.26.10",
+    "cross-spawn": "^7.0.5",
+    "tar-fs": "^2.1.3",
+    "brace-expansion": "^2.0.2",
+    "tmp": "^0.2.4",
+    "request": "^2.88.2",
+    "lodash.template": "^4.5.0",
+    "@babel/types": "^7.25.6",
+    "@babel/traverse": "^7.25.6",
+    "@babel/parser": "^7.25.6",
+    "@babel/core": "^7.25.6",
+    "@babel/template": "^7.25.6",
+    "xml2js": "^0.5.0"
+  },
   "engines": {
     "node": ">=12.0.0"
   },

src/utils/XMLUtil.ts

@@ -10,7 +10,7 @@
 /* eslint-disable @typescript-eslint/no-unsafe-assignment */
 /* eslint-disable @typescript-eslint/no-explicit-any */
 
-import { DOMParser, XMLSerializer } from 'xmldom';
+import { DOMParser, XMLSerializer } from '@xmldom/xmldom';
 
 /**
  * XMLUtil provides XML parsing and building functionality using the xmldom library.
@@ -51,14 +51,14 @@ export class XMLUtil {
   // Parse XML string to JSON
   public parse(xmlString: string): any {
     const doc = this.parser.parseFromString(xmlString, 'text/xml');
-    return this.xmlToJson(doc.documentElement);
+    return this.xmlToJson(doc.documentElement as any);
   }
 
   // Convert JSON object to XML
   public build(jsonObject: any, rootElement = 'root'): string {
     const doc = new DOMParser().parseFromString(`<${rootElement}></${rootElement}>`, 'text/xml');
     const rootNode = doc.documentElement;
-    this.jsonToXml(jsonObject, rootNode);
+    this.jsonToXml(jsonObject, rootNode as unknown as Node);
     return this.xmlHeader + this.prettyPrintXml(this.serializer.serializeToString(doc));
   }
 

src/utils/lwcparser/xmlParser/XmlParser.ts

@@ -6,7 +6,7 @@
 /* eslint-disable @typescript-eslint/no-unsafe-assignment */
 /* eslint-disable @typescript-eslint/explicit-member-accessibility */
 import * as fs from 'fs';
-import { DOMParser, XMLSerializer } from 'xmldom';
+import { DOMParser, XMLSerializer, Document } from '@xmldom/xmldom';
 import { FileConstant } from '../fileutils/FileConstant';
 import { Logger } from '../../logger';
 
@@ -51,6 +51,8 @@ export class XmlParser {
       xmlContentMap.set(FileConstant.MODIFIED_CONTENT, xmlString);
       return xmlContentMap;
     }
+
+    return xmlContentMap;
   }
 
   public saveToFile(outputFilePath: string, xmlString: string): void {

test/utils/XMLUtil.test.ts

@@ -93,13 +93,13 @@ describe('XMLUtil', () => {
       });
     });
 
-    it('should handle invalid XML gracefully', () => {
+    it('should throw for invalid xml', () => {
       const invalidXml = '<root><unclosed>';
 
-      // xmldom doesn't throw errors, it returns a document with errors
+      // xmldom to throw error for mismatched tags after package update to @xmldom/xmldom.
       expect(() => {
         xmlUtil.parse(invalidXml);
-      }).to.not.throw();
+      }).to.throw();
     });
   });
 

yarn.lock

@@ -7126,4 +7126,4 @@ zip-stream@^4.1.0:
   dependencies:
     archiver-utils "^2.1.0"
     compress-commons "^4.1.0"
-    readable-stream "^3.6.0"
+    readable-stream "^3.6.0"