build(deps): bump @xmldom/xmldom in /appium by dependabot[bot] · Pull Request #2738 · FlowCrypt/flowcrypt-ios

dependabot · 2026-04-01T00:21:46Z

Bumps and @xmldom/xmldom. These dependencies needed to be updated together.
Updates @xmldom/xmldom from 0.9.8 to 0.9.9

Release notes

Sourced from @xmldom/xmldom's releases.

0.9.9

Commits

Added

implement ParentNode.children getter [#960](https://github.com/xmldom/xmldom/issues/960) / [#410](https://github.com/xmldom/xmldom/issues/410)

Fixed

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

correctly traverse ancestor chain in Node.contains [#931](https://github.com/xmldom/xmldom/issues/931)

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

updated dependencies

Thank you, @stevenobiajulu, @yoshi389111, @thesmartshadow, for your contributions

xmldom/xmldom#435

Changelog

Sourced from @xmldom/xmldom's changelog.

0.9.9

Added

implement ParentNode.children getter [#960](https://github.com/xmldom/xmldom/issues/960) / [#410](https://github.com/xmldom/xmldom/issues/410)

Fixed

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

correctly traverse ancestor chain in Node.contains [#931](https://github.com/xmldom/xmldom/issues/931)

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

updated dependencies

Thank you, @stevenobiajulu, @yoshi389111, @thesmartshadow, for your contributions

0.8.12

Fixed

preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @thesmartshadow, @stevenobiajulu, for your contributions

0.8.11

Fixed

update ownerDocument when moving nodes between documents [#933](https://github.com/xmldom/xmldom/issues/933) / [#932](https://github.com/xmldom/xmldom/issues/932)

Thank you, @shunkica, for your contributions

0.9.8

... (truncated)

Commits

7ffb16b 0.9.9
07aade1 docs: add missing references to changelog (#970)
2b852e8 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#969)
d9adeff chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#966)
be45d04 chore: add local CI script and format:check (#965)
2d73ddd chore(deps-dev): bump yauzl from 3.2.0 to 3.2.1 (#963)
385c392 chore(deps): bump minimatch (#961)
7750b31 feat: implement ParentNode.children getter (#960)
aa806cd chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#958)
7d2610c chore(deps): update npm to v11.6.3 (#947)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by karfau, a new releaser for @xmldom/xmldom since your current version.

Updates @xmldom/xmldom from 0.8.11 to 0.8.12

Release notes

Sourced from @xmldom/xmldom's releases.

0.9.9

Commits

Added

implement ParentNode.children getter [#960](https://github.com/xmldom/xmldom/issues/960) / [#410](https://github.com/xmldom/xmldom/issues/410)

Fixed

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

correctly traverse ancestor chain in Node.contains [#931](https://github.com/xmldom/xmldom/issues/931)

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

updated dependencies

Thank you, @stevenobiajulu, @yoshi389111, @thesmartshadow, for your contributions

xmldom/xmldom#435

Changelog

Sourced from @xmldom/xmldom's changelog.

0.9.9

Added

implement ParentNode.children getter [#960](https://github.com/xmldom/xmldom/issues/960) / [#410](https://github.com/xmldom/xmldom/issues/410)

Fixed

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

correctly traverse ancestor chain in Node.contains [#931](https://github.com/xmldom/xmldom/issues/931)

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

updated dependencies

Thank you, @stevenobiajulu, @yoshi389111, @thesmartshadow, for your contributions

0.8.12

Fixed

preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)

Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp

Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @thesmartshadow, @stevenobiajulu, for your contributions

0.8.11

Fixed

update ownerDocument when moving nodes between documents [#933](https://github.com/xmldom/xmldom/issues/933) / [#932](https://github.com/xmldom/xmldom/issues/932)

Thank you, @shunkica, for your contributions

0.9.8

... (truncated)

Commits

7ffb16b 0.9.9
07aade1 docs: add missing references to changelog (#970)
2b852e8 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#969)
d9adeff chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#966)
be45d04 chore: add local CI script and format:check (#965)
2d73ddd chore(deps-dev): bump yauzl from 3.2.0 to 3.2.1 (#963)
385c392 chore(deps): bump minimatch (#961)
7750b31 feat: implement ParentNode.children getter (#960)
aa806cd chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#958)
7d2610c chore(deps): update npm to v11.6.3 (#947)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by karfau, a new releaser for @xmldom/xmldom since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps and [@xmldom/xmldom](https://github.com/xmldom/xmldom). These dependencies needed to be updated together. Updates `@xmldom/xmldom` from 0.9.8 to 0.9.9 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.9.8...0.9.9) Updates `@xmldom/xmldom` from 0.8.11 to 0.8.12 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.9.8...0.9.9) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-version: 0.9.9 dependency-type: indirect - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026

dependabot bot requested a review from sosnovsky as a code owner April 1, 2026 00:21

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026

FlowCryptRobot enabled auto-merge (squash) April 1, 2026 00:21

FlowCryptRobot approved these changes Apr 1, 2026

View reviewed changes

FlowCryptRobot merged commit 97fe97d into master Apr 1, 2026
9 checks passed

FlowCryptRobot deleted the dependabot/npm_and_yarn/appium/multi-dee8558a29 branch April 1, 2026 00:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump @xmldom/xmldom in /appium#2738

build(deps): bump @xmldom/xmldom in /appium#2738
FlowCryptRobot merged 1 commit intomasterfrom
dependabot/npm_and_yarn/appium/multi-dee8558a29

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 1, 2026

0.9.9

Added

Fixed

Chore

Added

Fixed

Chore

Fixed

Fixed

0.9.9

Added

Fixed

Chore

Added

Fixed

Chore

Fixed

Fixed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant