From 326c8f3f4bf3c7b17c99a748fdc6d722bcd86da7 Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Thu, 31 Mar 2022 18:15:50 +0200
Subject: [PATCH] update dependency after merge from master

---
 node_modules/.package-lock.json          |  8 ++--
 node_modules/@xmldom/xmldom/CHANGELOG.md | 14 ++++++-
 node_modules/@xmldom/xmldom/SECURITY.md  | 50 ++++++++++++++++++++++++
 node_modules/@xmldom/xmldom/lib/sax.js   | 38 +++++++++---------
 node_modules/@xmldom/xmldom/package.json | 24 +++++++++---
 node_modules/@xmldom/xmldom/readme.md    |  3 +-
 6 files changed, 106 insertions(+), 31 deletions(-)
 create mode 100644 node_modules/@xmldom/xmldom/SECURITY.md

diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index 4cc6a3233..34af2a3c1 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "maven-settings-action",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
@@ -21,9 +21,9 @@
       }
     },
     "node_modules/@xmldom/xmldom": {
-      "version": "0.8.0",
-      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.0.tgz",
-      "integrity": "sha512-7wVnF+rKrVDEo1xjzkkidTG0grclaVnX0vKa0z9JSXcEdtftUJjvU33jLGg6SHyvs3eeqEsI7jZ6NxYfRypEEg==",
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.1.tgz",
+      "integrity": "sha512-4wOae+5N2RZ+CZXd9ZKwkaDi55IxrSTOjHpxTvQQ4fomtOJmqVxbmICA9jE1jvnqNhpfgz8cnfFagG86wV/xLQ==",
       "engines": {
         "node": ">=10.0.0"
       }
diff --git a/node_modules/@xmldom/xmldom/CHANGELOG.md b/node_modules/@xmldom/xmldom/CHANGELOG.md
index 3c1f67a68..edb37946b 100644
--- a/node_modules/@xmldom/xmldom/CHANGELOG.md
+++ b/node_modules/@xmldom/xmldom/CHANGELOG.md
@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.1](https://github.com/xmldom/xmldom/compare/0.8.0...0.8.1)
+
+### Fixes
+- Only use own properties in entityMap [`#374`](https://github.com/xmldom/xmldom/pull/374)
+
+### Docs
+- Add security policy [`#365`](https://github.com/xmldom/xmldom/pull/365)
+- changelog: Correct contributor name and link [`#366`](https://github.com/xmldom/xmldom/pull/366)
+- Describe release/publish steps [`#358`](https://github.com/xmldom/xmldom/pull/358), [`#376`](https://github.com/xmldom/xmldom/pull/376)
+- Add snyk package health badge [`#360`](https://github.com/xmldom/xmldom/pull/360)
+
+
 ## [0.8.0](https://github.com/xmldom/xmldom/compare/0.7.5...0.8.0)
 
 ### Fixed
@@ -41,7 +53,7 @@ Thank you [@marrus-sh](https://github.com/marrus-sh), [@victorandree](https://gi
 ### Fixes:
 
 - Restore ability to parse `__prototype__` attributes [`#315`](https://github.com/xmldom/xmldom/pull/315)
-  Thank you [@dsimsonOMF](https://github.com/dsimsonOMF)
+  Thank you [@dsimpsonOMF](https://github.com/dsimpsonOMF)
 
 ## 0.7.3
 
diff --git a/node_modules/@xmldom/xmldom/SECURITY.md b/node_modules/@xmldom/xmldom/SECURITY.md
new file mode 100644
index 000000000..ececa1d85
--- /dev/null
+++ b/node_modules/@xmldom/xmldom/SECURITY.md
@@ -0,0 +1,50 @@
+# Security Policy
+
+The most up-to-date version of this document can be found at <https://github.com/xmldom/xmldom/security/policy>.
+
+## Supported Versions
+
+This repository contains the code for the libraries `xmldom` and `@xmldom/xmldom` on npm.
+
+As long as we didn't publish v1, we aim to maintain the last two minor versions with security fixes. If it is possible we provide security fixes as path versions.
+If you think there is a good reason to also patch an earlier version let us know in a github issue or the release discussion once the fix has been provided. 
+The maintainers will consider it and if we agree and have/find the required resources, a patch for that version will be provided.
+
+Please notice that [we are no longer able to publish the (unscoped) `xmldom` package](https://github.com/xmldom/xmldom/issues/271), 
+and that all existing versions of `xmldom` are affected by at least one security vulnerability and should be considered deprecated.
+You can still report issues regarding `xmldom` as described below.
+
+If you need help with migrating from `xmldom` to `@xmldom/xmldom`, file a github issue or PR in the affected repository and mention @karfau.
+
+## Reporting vulnerabilities
+
+Please email reports about any security related issues you find to `security@xmldom.org`, which will forward it to the list of maintainers. 
+The maintainers will try to respond within 7 calendar days. (If nobody peplies after 7 days, please us send a reminder!)
+As part of you communication please make sure to always hit "Reply all", so all maintainers are kept in the loop.
+
+In addition, please include the following information along with your report:
+
+- Your name and affiliation (if any).
+- A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
+- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
+- Whether this vulnerability public or known to third parties. If it is, please provide details.
+
+If you believe that an existing (public) issue is security-related, please send an email to `security@xmldom.org`. 
+The email should include the issue URL and a short description of why it should be handled according to this security policy.
+
+Once an issue is reported, the maintainers use the following disclosure process:
+
+- When a report is received, we confirm the issue, determine its severity and the affected versions.
+- If we know of specific third-party services or software based on xmldom that require mitigation before publication, those projects will be notified.
+- A [github security advisory](https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories) is [created](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory) (but not published) which details the problem and steps for mitigation.
+- If the reporter provides a github account and agrees to it, we (add that github account as a collaborator on the advisuory)[https://docs.github.com/en/code-security/security-advisories/adding-a-collaborator-to-a-security-advisory].
+- The vulnerability is fixed in a [private fork](https://docs.github.com/en/code-security/security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability) and potential workarounds are identified.
+- The maintainers audit the existing code to find any potential similar problems.
+- The release for the current minor version and the [security advisory are published](https://docs.github.com/en/code-security/security-advisories/publishing-a-security-advisory).
+- The release(s) for previous minor version(s) are published.
+
+We credit reporters for identifying security issues, if they confirm that they want to.
+
+## Known vulnerabilities
+
+See https://github.com/xmldom/xmldom/security/advisories?state=published
diff --git a/node_modules/@xmldom/xmldom/lib/sax.js b/node_modules/@xmldom/xmldom/lib/sax.js
index 01dbef535..b706ef1af 100644
--- a/node_modules/@xmldom/xmldom/lib/sax.js
+++ b/node_modules/@xmldom/xmldom/lib/sax.js
@@ -12,7 +12,7 @@ var tagNamePattern = new RegExp('^'+nameStartChar.source+nameChar.source+'*(?:\:
 //S_TAG,	S_ATTR,	S_EQ,	S_ATTR_NOQUOT_VALUE
 //S_ATTR_SPACE,	S_ATTR_END,	S_TAG_SPACE, S_TAG_CLOSE
 var S_TAG = 0;//tag name offerring
-var S_ATTR = 1;//attr name offerring 
+var S_ATTR = 1;//attr name offerring
 var S_ATTR_SPACE=2;//attr name end and space offer
 var S_EQ = 3;//=space?
 var S_ATTR_NOQUOT_VALUE = 4;//attr value(no quot value only)
@@ -36,7 +36,7 @@ ParseError.prototype = new Error();
 ParseError.prototype.name = ParseError.name
 
 function XMLReader(){
-	
+
 }
 
 XMLReader.prototype = {
@@ -65,8 +65,8 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 	}
 	function entityReplacer(a){
 		var k = a.slice(1,-1);
-		if(k in entityMap){
-			return entityMap[k]; 
+		if (Object.hasOwnProperty.call(entityMap, k)) {
+			return entityMap[k];
 		}else if(k.charAt(0) === '#'){
 			return fixedFromCharCode(parseInt(k.substr(1).replace('x','0x')))
 		}else{
@@ -95,7 +95,7 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 	var lineEnd = 0;
 	var linePattern = /.*(?:\r\n?|\n)|.*$/g
 	var locator = domBuilder.locator;
-	
+
 	var parseStack = [{currentNSMap:defaultNSMapCopy}]
 	var closeMap = {};
 	var start = 0;
@@ -120,7 +120,7 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 				var tagName = source.substring(tagStart + 2, end).replace(/[ \t\n\r]+$/g, '');
 				var config = parseStack.pop();
 				if(end<0){
-					
+
 	        		tagName = source.substring(tagStart+2).replace(/[\s<].*/,'');
 	        		errorHandler.error("end tag name: "+tagName+' is not complete:'+config.tagName);
 	        		end = tagStart+1+tagName.length;
@@ -145,7 +145,7 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 		        }else{
 		        	parseStack.push(config)
 		        }
-				
+
 				end++;
 				break;
 				// end elment
@@ -164,8 +164,8 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 				//elStartEnd
 				var end = parseElementStartPart(source,tagStart,el,currentNSMap,entityReplacer,errorHandler);
 				var len = el.length;
-				
-				
+
+
 				if(!el.closed && fixSelfClosed(source,end,el.tagName,closeMap)){
 					el.closed = true;
 					if(!entityMap.nbsp){
@@ -435,7 +435,7 @@ function appendElement(el,domBuilder,currentNSMap){
 		}
 		//can not set prefix,because prefix !== ''
 		a.localName = localName ;
-		//prefix == null for no ns prefix attribute 
+		//prefix == null for no ns prefix attribute
 		if(nsPrefix !== false){//hack!!
 			if(localNSMap == null){
 				localNSMap = {}
@@ -445,7 +445,7 @@ function appendElement(el,domBuilder,currentNSMap){
 			}
 			currentNSMap[nsPrefix] = localNSMap[nsPrefix] = value;
 			a.uri = NAMESPACE.XMLNS
-			domBuilder.startPrefixMapping(nsPrefix, value) 
+			domBuilder.startPrefixMapping(nsPrefix, value)
 		}
 	}
 	var i = el.length;
@@ -457,7 +457,7 @@ function appendElement(el,domBuilder,currentNSMap){
 				a.uri = NAMESPACE.XML;
 			}if(prefix !== 'xmlns'){
 				a.uri = currentNSMap[prefix || '']
-				
+
 				//{console.log('###'+a.qName,domBuilder.locator.systemId+'',currentNSMap,a.uri)}
 			}
 		}
@@ -479,7 +479,7 @@ function appendElement(el,domBuilder,currentNSMap){
 		domBuilder.endElement(ns,localName,tagName);
 		if(localNSMap){
 			for(prefix in localNSMap){
-				domBuilder.endPrefixMapping(prefix) 
+				domBuilder.endPrefixMapping(prefix)
 			}
 		}
 	}else{
@@ -506,7 +506,7 @@ function parseHtmlSpecialContent(source,elStartEnd,tagName,entityReplacer,domBui
 				domBuilder.characters(text,0,text.length);
 				return elEndStart;
 			//}
-			
+
 		}
 	}
 	return elStartEnd+1;
@@ -523,7 +523,7 @@ function fixSelfClosed(source,elStartEnd,tagName,closeMap){
 		closeMap[tagName] =pos
 	}
 	return pos<elStartEnd;
-	//} 
+	//}
 }
 function _copy(source,target){
 	for(var n in source){target[n] = source[n]}
@@ -551,11 +551,11 @@ function parseDCC(source,start,domBuilder,errorHandler){//sure start with '<!'
 			var end = source.indexOf(']]>',start+9);
 			domBuilder.startCDATA();
 			domBuilder.characters(source,start+9,end-start-9);
-			domBuilder.endCDATA() 
+			domBuilder.endCDATA()
 			return end+3;
 		}
 		//<!DOCTYPE
-		//startDTD(java.lang.String name, java.lang.String publicId, java.lang.String systemId) 
+		//startDTD(java.lang.String name, java.lang.String publicId, java.lang.String systemId)
 		var matchs = split(source,start);
 		var len = matchs.length;
 		if(len>1 && /!doctype/i.test(matchs[0][0])){
@@ -573,7 +573,7 @@ function parseDCC(source,start,domBuilder,errorHandler){//sure start with '<!'
 			var lastMatch = matchs[len-1]
 			domBuilder.startDTD(name, pubid, sysid);
 			domBuilder.endDTD();
-			
+
 			return lastMatch.index+lastMatch[0].length
 		}
 	}
@@ -622,7 +622,7 @@ ElementAttributes.prototype = {
 	getValue:function(i){return this[i].value}
 //	,getIndex:function(uri, localName)){
 //		if(localName){
-//			
+//
 //		}else{
 //			var qName = uri
 //		}
diff --git a/node_modules/@xmldom/xmldom/package.json b/node_modules/@xmldom/xmldom/package.json
index 5320a3d4a..473002cce 100644
--- a/node_modules/@xmldom/xmldom/package.json
+++ b/node_modules/@xmldom/xmldom/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@xmldom/xmldom",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.",
   "keywords": [
     "w3c",
@@ -23,29 +23,35 @@
     "CHANGELOG.md",
     "LICENSE",
     "readme.md",
+    "SECURITY.md",
     "index.d.ts",
     "lib"
   ],
   "scripts": {
     "lint": "eslint lib test",
+    "changelog": "auto-changelog --unreleased-only",
     "start": "nodemon --watch package.json --watch lib --watch test --exec 'npm --silent run test && npm --silent run lint'",
     "stryker": "stryker run",
     "stryker:dry-run": "stryker run -m '' --reporters progress",
-    "test": "jest"
+    "test": "jest",
+    "version": "./changelog-has-version.sh",
+    "release": "np --no-yarn"
   },
   "engines": {
     "node": ">=10.0.0"
   },
   "dependencies": {},
   "devDependencies": {
-    "@stryker-mutator/core": "5.5.1",
-    "eslint": "8.5.0",
+    "@stryker-mutator/core": "5.6.1",
+    "auto-changelog": "2.4.0",
+    "eslint": "8.9.0",
     "eslint-config-prettier": "8.3.0",
     "eslint-plugin-es5": "1.5.0",
     "eslint-plugin-prettier": "4.0.0",
     "get-stream": "6.0.1",
-    "jest": "27.4.5",
+    "jest": "27.5.1",
     "nodemon": "2.0.15",
+    "np": "7.6.0",
     "prettier": "2.5.1",
     "xmltest": "1.5.0",
     "yauzl": "2.10.0"
@@ -53,5 +59,11 @@
   "bugs": {
     "url": "https://github.com/xmldom/xmldom/issues"
   },
-  "license": "MIT"
+  "license": "MIT",
+  "auto-changelog": {
+    "prepend": true,
+    "remote": "upstream",
+    "tagPrefix": "",
+    "template": "./auto-changelog.hbs"
+  }
 }
diff --git a/node_modules/@xmldom/xmldom/readme.md b/node_modules/@xmldom/xmldom/readme.md
index b42479811..7627be7e8 100644
--- a/node_modules/@xmldom/xmldom/readme.md
+++ b/node_modules/@xmldom/xmldom/readme.md
@@ -3,8 +3,9 @@
 ***Since version 0.7.0 this package is published to npm as [`@xmldom/xmldom`](https://www.npmjs.com/package/@xmldom/xmldom) and no longer as [`xmldom`](https://www.npmjs.com/package/xmldom), because [we are no longer able to publish `xmldom`](https://github.com/xmldom/xmldom/issues/271).***  
 *For better readability in the docs we will continue to talk about this library as "xmldom".*
 
-[![license](https://img.shields.io/npm/l/@xmldom/xmldom?color=blue&style=flat-square)](LICENSE)
+[![license(MIT)](https://img.shields.io/npm/l/@xmldom/xmldom?color=blue&style=flat-square)](https://github.com/xmldom/xmldom/blob/master/LICENSE)
 [![npm](https://img.shields.io/npm/v/@xmldom/xmldom?style=flat-square)](https://www.npmjs.com/package/@xmldom/xmldom)
+[![snyk.io package health](https://snyk.io/advisor/npm-package/@xmldom/xmldom/badge.svg)](https://snyk.io/advisor/npm-package/@xmldom/xmldom)
 [![bug issues](https://img.shields.io/github/issues/xmldom/xmldom/bug?color=red&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Abug)
 [![help-wanted issues](https://img.shields.io/github/issues/xmldom/xmldom/help-wanted?color=darkgreen&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Ahelp-wanted)
 [![Mutation report](https://img.shields.io/endpoint?style=flat-square&url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2Fxmldom%2Fxmldom%2Fmaster)](https://dashboard.stryker-mutator.io/reports/github.com/xmldom/xmldom/master)