From 964819b2c17f97d928218053550a6c7d471a8f8d Mon Sep 17 00:00:00 2001
From: KobeNguyenT <7845001+kobenguyent@users.noreply.github.com>
Date: Sun, 21 May 2023 07:14:38 +0200
Subject: [PATCH] fix: security issue with xmldom <= 0.6.0 (#3619)

---
 package.json              | 2 +-
 test/unit/locator_test.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index a3703ca1d..3c1c7cb44 100644
--- a/package.json
+++ b/package.json
@@ -58,6 +58,7 @@
     "@cucumber/cucumber-expressions": "^16",
     "@cucumber/gherkin": "^26",
     "@cucumber/messages": "^21.0.1",
+    "@xmldom/xmldom": "^0.7.9",
     "acorn": "^7.4.1",
     "arrify": "^2.0.1",
     "axios": "^1.3.3",
@@ -138,7 +139,6 @@
     "wdio-docker-service": "^1.5.0",
     "webdriverio": "^8.3.8",
     "xml2js": "^0.4.23",
-    "xmldom": "^0.1.31",
     "xpath": "0.0.27"
   },
   "engines": {
diff --git a/test/unit/locator_test.js b/test/unit/locator_test.js
index 80a7d45af..a6ceaa11d 100644
--- a/test/unit/locator_test.js
+++ b/test/unit/locator_test.js
@@ -1,5 +1,5 @@
 const { expect } = require('chai');
-const Dom = require('xmldom').DOMParser;
+const { DOMParser } = require('@xmldom/xmldom');
 const xpath = require('xpath');
 
 const Locator = require('../../lib/locator');
@@ -56,7 +56,7 @@ const xml = `<body>
 
 describe('Locator', () => {
   beforeEach(() => {
-    doc = new Dom().parseFromString(xml);
+    doc = new DOMParser().parseFromString(xml, 'application/xhtml+xml');
   });
 
   describe('constructor', () => {