Auditing webfont reveals moderate vulnerability in xmldom

[PrashantChittiZS]

Running npm audit while using webfont v11.2.20, reveals a vulnerability in xmldom which is moderate in serverity.

[jimmyandrade]

@PrashantChittiZS thanks for reporting that. What version of webfont are you using?

[PrashantChittiZS]

@PrashantChittiZS thanks for reporting that. What version of webfont are you using?

11.2.20

[jimmyandrade]

@PrashantChittiZS thanks. Unfortunately, our library depends on a vulnerable version of the svg2ttf package which, in turn, has this security problem by using an insecure version of xmldom.

On my side, I can't solve this as long as xmldom and svg2ttf library doesn't solve this problem on the other side.
I'm sorry :(

[PrashantChittiZS]

@jimmyandrade thanks for the quick turn around, I have raised an issue regarding the same on svg2ttf. Will you be releasing a newer version of webfont, as and when svg2ttf fixes the issue on their end?

[jimmyandrade]

Will you be releasing a newer version of webfont, as and when svg2ttf fixes the issue on their end?

@PrashantChittiZS yes, I will :)

[wkeese]

Looks like this is fixed, sometime between 11.2.20 and 11.2.26. I think you can close the ticket.