…#28424)
## **Description**
Bumps `@xmldom/xmldom` from `^0.8.10` to `^0.8.12` to address the
failing production dependency audit (`GHSA-wh4c-j3r5-mjhp`).
## **Changelog**
CHANGELOG entry: null
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: Production dependency audit compliance
Scenario: audit CI passes after xmldom patch update
Given the repository is on branch chore/fix-audit-xmldom
When I run yarn audit:ci
Then no audit suggestions are reported
```
## **Screenshots/Recordings**
### **Before**
N/A (dependency-only change)
### **After**
N/A (dependency-only change)
## **Pre-merge author checklist**
- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk dependency-only update; main risk is unexpected behavior
changes in XML parsing due to the transitive library patch bump.
>
> **Overview**
> Updates the production dependency `@xmldom/xmldom` from
`^0.8.10`/`0.8.11` to `^0.8.12` and refreshes `yarn.lock` to lock the
new resolved version/checksum, addressing the flagged security advisory.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
776772f. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Description
Bumps
@xmldom/xmldomfrom^0.8.10to^0.8.12to address thefailing production dependency audit (
GHSA-wh4c-j3r5-mjhp).Changelog
CHANGELOG entry: null
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
N/A (dependency-only change)
After
N/A (dependency-only change)
Pre-merge author checklist
Docs and MetaMask Mobile
Coding
Standards.
if applicable
guidelines).
Not required for external contributors.
Pre-merge reviewer checklist
app, test code being changed).
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
Note
Low Risk
Low risk dependency-only update; main risk is unexpected behavior
changes in XML parsing due to the transitive library patch bump.
Overview
Updates the production dependency
@xmldom/xmldomfrom^0.8.10/0.8.11to^0.8.12and refreshesyarn.lockto lock thenew resolved version/checksum, addressing the flagged security advisory.
Reviewed by Cursor Bugbot for commit
776772f. Bugbot is set up for automated
code reviews on this repo. Configure
here.