Bump dependency on interceptors #1493
Comments
|
Hey, @pollyoaks. The xmldom dependency is removed entirely since @mswjs/[email protected] but 0.18.0 introduces breaking changes that aren't reasonable to migrate to in the current state of MSW. I'm working on that migration in #1436 that's going to be released in Q1 of 2023 (hopefully). MSW is a development tool so any security risks it poses apply only to you and your team while developing. This drops the severity of any security risk compared to having it in the code you ship to your customers. That being said, if you're absolutely blocked by this, you can always override the version of xmldom you install in your package.json. You can use Yarn resolutions or NPM overrides for that. Using Yarn resolutions{
"resolutions": {
"@xmldom/xmldom": "x.y.z"
}
}Using NPM overrides{
"overrides": {
"@xmldom/xmldom": "x.y.z"
}
}You can learn more about those settings in their respective documentations. |
Scope
Improves an existing behavior
Compatibility
Feature description
Hi there 👋
Currently, the latest version of
mswis using an outdated version of themswjs/interceptorspackage (0.17.5) , that specific version depends on an old version ofxmldomwhich is causing a security risk.The latest version of
mswjs/interceptorssolves this issue (this was actually fixed in this version), can we please have it upgraded?The text was updated successfully, but these errors were encountered: