1 low severity vulnerability in dependency of node-quickbooks

[gogbajbobo]

Low: Misinterpretation of malicious XML input
Package: xmldom
Patched in: >=0.5.0
Dependency of: node-quickbooks
Path: node-quickbooks > jxon > xmldom
More info: https://npmjs.com/advisories/1650

[geoffcorey]

+1 on this issue. It would appear that jxon has a PR to fix the issue but the project hasn't been updated since 2017. I think we are looking at an abandoned project which this project relies on.

[geoffcorey]

I made a PR to replace the deprecated xmldom with @xmldom/xmldom that would take care of the security issue. tyrasd/jxon#55

[geoffcorey]

jxon is a dead project and should be replaced

[josh-bridgement]

+1 on this issue. jxon needs to be replaced

[geoffcorey]

I moved to @apigrate/quickbooks since the security issues on node-quickbooks are not being addressed.