Update xmldom to 0.7.2 (#633)

The package is now scoped under @xmldom. See xmldom/xmldom#278
This fixes security vulnerability CVE-2021-32796.
Also update xml-crypto and xml-encryption which depends on xmldom.

Author: forty

package-lock.json

@@ -50,13 +50,13 @@
     "watch": "concurrently --kill-others \"npm:*-watch\""
   },
   "dependencies": {
+    "@xmldom/xmldom": "^0.7.2",
     "debug": "^4.3.1",
     "passport-strategy": "^1.0.0",
-    "xml-crypto": "^2.1.2",
-    "xml-encryption": "^1.2.4",
+    "xml-crypto": "^2.1.3",
+    "xml-encryption": "^1.3.0",
     "xml2js": "^0.4.23",
-    "xmlbuilder": "^15.1.1",
-    "xmldom": "^0.6.0"
+    "xmlbuilder": "^15.1.1"
   },
   "devDependencies": {
     "@types/debug": "^4.1.5",
@@ -68,7 +68,6 @@
     "@types/xml-crypto": "^1.4.1",
     "@types/xml-encryption": "^1.2.0",
     "@types/xml2js": "^0.4.8",
-    "@types/xmldom": "^0.1.30",
     "@typescript-eslint/eslint-plugin": "^4.23.0",
     "@typescript-eslint/parser": "^4.23.0",
     "body-parser": "^1.19.0",

package.json

@@ -1,7 +1,7 @@
 import * as util from "util";
 import * as xmlCrypto from "xml-crypto";
 import * as xmlenc from "xml-encryption";
-import * as xmldom from "xmldom";
+import * as xmldom from "@xmldom/xmldom";
 import * as xml2js from "xml2js";
 import * as xmlbuilder from "xmlbuilder";
 import { isValidSamlSigningOptions, SamlSigningOptions } from "./types";