Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

adal-node depends on @xmldom/xmldom that has a security vulnerability

See original GitHub issue

Core Library

ADAL Node (adal-node)

Core Library Version

0.2.3

Wrapper Library

Not Applicable

Wrapper Library Version

N/A

Public or Confidential Client?

Public

Description

The adal-node package has a dependency on @xmldom/xmldom which in turn has a security vulnerability. Please see https://github.com/advisories/GHSA-9pgh-qqpf-7wqj

Error Message

No response

Msal Logs

No response

MSAL Configuration

N/A

Relevant Code Snippets

https://github.com/advisories/GHSA-9pgh-qqpf-7wqj

Reproduction Steps

https://github.com/advisories/GHSA-9pgh-qqpf-7wqj

Expected Behavior

Package should be installable without any npm audit errors

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created a year ago
  • Reactions:1
  • Comments:12 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
tnorlingcommented, Oct 20, 2022

Yes, we have a release currently scheduled for next Monday. Will make sure this gets out. cc. @sameerag

0reactions
sameeragcommented, Dec 8, 2022

Released 0.2.4 with this change.

Read more comments on GitHub >

github_iconTop Results From Across the Web

@azure/arm-kusto (6.2.1) : vulnerability , Misinterpretation of ...
adal-node depends on xmldom that has a security vulnerability AzureAD/microsoft-authentication-library-for-js#4011.
Read more >
adal-node - npm
Start using adal-node in your project by running `npm i adal-node`. ... TypeScript icon, indicating that this package has built-in type ...
Read more >
adal-node - npm Package Health Analysis - Snyk
Learn more about adal-node: package health score, popularity, security, maintenance ... Snyk scans all the packages in your projects for vulnerabilities and ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

400 bad request error while Sign In

Next page

Msal-react seems not to be React 18 compliant