Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CVE-2021-32796 due to dependency on deprecated adal-node package which in turn uses xmldom@0.6.0
See original GitHub issueTedious needs to upgrade to @azure/msal-node to mitigate CVE-2021-32796 which is caused by xmldom as a dependency on deprecated adal-node package as per https://github.com/AzureAD/azure-activedirectory-library-for-nodejs.
https://nvd.nist.gov/vuln/detail/CVE-2021-32796
└─┬ tedious@11.4.0
└─┬ adal-node@0.2.2
└── xmldom@0.6.0
Issue Analytics
- State:
- Created 2 years ago
- Reactions:8
- Comments:5 (1 by maintainers)
Top Results From Across the Web
No results found
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thank you guys for the suggestions. We are currently looking into migrating to using @azure/identity. Like I replied in issue #1238, we will give you guys an update.
adal-node@0.2.3has been published with@xmldom/xmldom.