Update dependency @xmldom/xmldom to ^0.8.0

[mend-app-cvent]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@xmldom/xmldom	^0.7.0 -> ^0.8.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2022-37616	#52
Critical	9.8	CVE-2022-39353	#59

---

Release Notes

xmldom/xmldom (@​xmldom/xmldom)

v0.8.3

Compare Source

Fixed

• Avoid iterating over prototype properties #437 / #436

Thank you, @​Supraja9726 for your contributions

v0.8.2

Compare Source

Fixed

• fix(dom): Serialize > as specified (#​395) #58

Other

• docs: Add nodeType values to public interface description #396
• test: Add executable examples for node and typescript #317
• fix(dom): Serialize > as specified #395
• chore: Add minimal Object.assign ponyfill #379
• docs: Refine release documentation #378
• chore: update various dev dependencies

Thank you @​niklasl, @​cburatto, @​SheetJSDev, @​pyrsmk for your contributions

v0.8.1

Compare Source

Fixed

• dom: prevent iteration over deleted items #514/ #499

Thank you, @​qtow, for your contributions

v0.8.0

Compare Source

Fixed

• Normalize all line endings according to XML specs 1.0 and 1.1
  BREAKING CHANGE: Certain combination of line break characters are normalized to a single \n before parsing takes place and will no longer be preserved.
  • #303 / #307
  • #49, #97, #324 / #314
• XMLSerializer: Preserve whitespace character references #284 / #310
  BREAKING CHANGE: If you relied on the not spec compliant preservation of literal \t, \n or \r in attribute values.
  To preserve those you will have to create XML that instead contains the correct numerical (or hexadecimal) equivalent (e.g. 	, 
, 
).
• Drop deprecated exports DOMImplementation and XMLSerializer from lib/dom-parser.js #​53 / #309
  BREAKING CHANGE: Use the one provided by the main package export.
• dom: Remove all links as part of removeChild #343 / #355

Chore

• ci: Restore latest tested node version to 16.x #325
• ci: Split test and lint steps into jobs #111 / #304
• Pinned and updated devDependencies

Thank you @​marrus-sh, @​victorandree, @​mdierolf, @​tsabbay, @​fatihpense for your contributions

v0.7.13

Compare Source

Fixed

• dom: prevent iteration over deleted items #514/ #499

Thank you, @​qtow, for your contributions

v0.7.12

Compare Source

Fixed

• Set nodeName property in ProcessingInstruction #509 / #505

Thank you, @​cjbarth, for your contributions

v0.7.11

Compare Source

Fixed

• extend list of HTML entities #489

Thank you, @​zorkow, for your contributions

v0.7.10

Compare Source

Fixed

• properly parse closing where the last attribute has no value #485 / #486

Thank you, @​bulandent, for your contributions

v0.7.9

Compare Source

Fixed

• Properly check nodes before replacement #457 / #455 / #456

Thank you, @​edemaine, @​pedro-l9, for your contributions

v0.7.8

Compare Source

Fixed

• fix: Restore ES5 compatibility #452 / #453

Thank you, @​fengxinming, for your contributions

v0.7.7

Compare Source

Fixed

• Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353
  In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly.
  In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
  This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
  Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

Thank you, @​frumioj, @​cjbarth, @​markgollnick for your contributions

v0.7.6

Compare Source

Fixed

• Avoid iterating over prototype properties #441 / #437 / #436

Thank you, @​jftanner, @​Supraja9726 for your contributions

v0.7.5

Compare Source

Commits

Fixes:

• Preserve default namespace when serializing #319 / #321
  Thank you, @​lupestro

v0.7.4

Compare Source

Commits

Fixes:

• Restore ability to parse __prototype__ attributes #315
  Thank you, @​dsimpsonOMF

v0.7.3

Compare Source

Commits

Fixes:

• Add doctype when parsing from string #277 / #301
• Correct typo in error message #294
  Thank you, @​rrthomas

Refactor:

• Improve exports & require statements, new main package entry #233

Docs:

• Fix Stryker badge #298
• Fix link to help-wanted issues #299

Chore:

• Execute stryker:dry-run on branches #302
• Fix stryker config #300
• Split test and lint scripts #297
• Switch to stryker dashboard owned by org #292

v0.7.2

Compare Source

Commits

Fixes:

• Types: Add index.d.ts to packaged files #288
  Thank you, @​forty

v0.7.1

Compare Source

Fixed

• dom: prevent iteration over deleted items #514/ #499

Thank you, @​qtow, for your contributions

---

• If you want to rebase/retry this PR, check this box

[mend-app-cvent]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

/usr/local/bin/npm: line 4: .: filename argument required
.: usage: . filename [arguments]
ERROR: npm v10.2.4 is known not to run on Node.js v14.19.1.  This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.

ERROR:
/opt/containerbase/tools/npm/10.2.4/node_modules/npm/node_modules/@npmcli/agent/lib/agents.js:105
    options.lookup ??= this.#options.lookup
                   ^^^

SyntaxError: Unexpected token '??='
    at wrapSafe (internal/modules/cjs/loader.js:1001:16)
    at Module._compile (internal/modules/cjs/loader.js:1049:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:101:18)
    at Object.<anonymous> (/opt/containerbase/tools/npm/10.2.4/node_modules/npm/node_modules/@npmcli/agent/lib/index.js:7:15)
    at Module._compile (internal/modules/cjs/loader.js:1085:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)