Canvg-browser dependency vulnerability

Hello, npm audit says:

xmldom *
Severity: critical
Misinterpretation of malicious XML input -
xmldom allows multiple root nodes in a DOM -
Misinterpretation of malicious XML input -
No fix available
node_modules/xmldom
canvg-browser *
Depends on vulnerable versions of xmldom
node_modules/canvg-browser

Could you fix this on repo https://github.com/bpmn-io/canvg-browser and publish a new version on NPM?