Found Vulnerability ' Improper Input Validation ' and ' Prototype Pollution ' on Synk.io

[kanxoramesh]

BUG

Synk.io is reporting Vulnerability for this library, One of the dependence library saml@1.0.0 uses xmldom which has Vulnerability.
and also Arbitrary Code Injection from package ejs@3.1.6

Solution: update dependence library saml@1.0.0 to 1.0.1 which is using the latest version of xmldom@0.7.4 and also update ejs@2.5.5 to ejs@3.1.6

[RopoMen]

Github Advisory: GHSA-phwq-j96m-2c2q

[aaronsegstro]

SAML Was updated but there's still critical vulnerabilities in ejs@2.5.5 that would be corrected by updating to ejs@3.1.8

[decko]

Hi @aaronsegstro. I just submitted a PR bumping ejs to 3.1.8 here #130.