Bump fast-xml-parser and @aws-sdk/credential-providers

[dependabot]

Bumps fast-xml-parser and @aws-sdk/credential-providers. These dependencies needed to be updated together.
Updates fast-xml-parser from 4.4.1 to 5.7.1

Release notes

Sourced from fast-xml-parser's releases.

upgrade @​nodable/entities and FXB

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to use entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.1 / 2026-04-20

• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

5.5.12 / 2026-04-13

• Performance Improvement: update path-expression-matcher
  • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

• Performance Improvement
  • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

• increase default entity explansion limit as many projects demand for that
• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

5.5.9 / 2026-03-23

• combine typing files

... (truncated)

Commits

• 0f08303 fix typo
• f529642 update to release v5.7.0
• 52a8583 Revert "improve performance of attributes reading"
• 8d187f9 update builder
• e174168 improve performance of attributes reading
• 79a8dde update docs
• f5cd5a5 set xml version to decoder even if attributes are ignored
• f44b923 remove unwanted tests
• 869ec8b Use @​nodable/entities v2.1.0
• 7cb49e5 update release detail
• Additional commits viewable in compare view

Updates @aws-sdk/credential-providers from 3.654.0 to 3.1035.0

Release notes

Sourced from @​aws-sdk/credential-providers's releases.

v3.1035.0

3.1035.0(2026-04-22)

New Features

• client-iot-wireless: Enable customers to optionally specify a desired confidence level for Cellular and WiFi position estimates. Customers can use this to trade off confidence level and radius of uncertainty based on their needs. (9fcaea59)
• client-ecs: GPU health monitoring and auto-repair for ECS Managed Instances (0ffa1090)
• client-osis: Update the pipeline configuration body character limit for the CreatePipeline API call. (d19d4063)
• client-opensearch: Adds support for RollbackServiceSoftwareUpdate API (e8b37945)
• client-batch: Support of S3Files volume type, container start and stop timeouts. (802ac4b8)
• client-ec2: Managed resource visibility settings control whether resources that AWS services provision on your behalf within your AWS account appear in your Amazon console views and API list operations. (698293af)
• client-emr-serverless: This release adds support for Spark connect sessions starting with release label emr-7.13.0. (966d4934)
• client-bedrock-agentcore: Adds support for Amazon Bedrock AgentCore Harness data plane APIs, enabling customers to invoke managed agent loops and execute commands on live agent sessions with streaming responses. (a465bad8)
• client-s3-control: This release adds support for five additional checksum algorithms for data integrity checking in Amazon S3 - MD5, SHA-512, XXHash3, XXHash64, and XXHash128. (e8c4a764)
• client-bedrock-agentcore-control: Adds support for Amazon Bedrock AgentCore Harness control plane APIs, enabling customers to create, manage, and configure managed agent loops with customizable models, tools, memory, and isolated execution environments. (ace8fec5)
• client-ivs: Adds support for Amazon IVS server-side ad insertion (a4a29e9e)
• client-s3: This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). (41a6a595)
• client-lambda: Add Ruby 4.0 (ruby4.0) support to AWS Lambda. (ece8ce80)

Bug Fixes

• client-s3: retry errors with 200 status code (#7945) (7d9d8d17)
• client-sts: override IDPCommunicationError to be retryable (#7946) (d75e129a)

Tests

• clients: add snapshot tests for http2-default clients (#7947) (189729bb)
• client-kinesis: http2 session concurrency tests (#7941) (408d99eb)

---

For list of updated packages, view updated-packages.md in assets-3.1035.0.zip

v3.1034.0

3.1034.0(2026-04-21)

Chores

• core/client: retry behavior control flag (#7943) (f8a0e2eb)
• codegen: sync for http2 session concurrency fixes (#7942) (273ad5be)

New Features

• client-snowball: This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. (dc2372c3)
• client-compute-optimizer: This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. (bfd1554d)
• client-cognito-identity-provider: Adding dutch language support for Cognito Managed Login and Terms on Console (dca261d2)
• client-compute-optimizer-automation: This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. (1dce21e2)
• client-network-firewall: Support for new types of partner managed rulegroups for Network Firewall Service (267a4f8e)
• client-gamelift: This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. (c1e73830)

... (truncated)

Changelog

Sourced from @​aws-sdk/credential-providers's changelog.

3.1035.0 (2026-04-22)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1033.0 (2026-04-20)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1032.0 (2026-04-17)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1031.0 (2026-04-16)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1030.0 (2026-04-13)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1029.0 (2026-04-10)

... (truncated)

Commits

• d8fbfbc Publish v3.1035.0
• d08b5a7 Publish v3.1034.0
• 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942)
• a62021b Publish v3.1033.0
• c0c0872 Publish v3.1032.0
• 33a780e Publish v3.1031.0
• 560d987 chore: upgrade smithy to 1.69.0 (#7932)
• b742fb8 chore(codegen): sync for retry attempt count api (#7927)
• 5ae7dfb Publish v3.1030.0
• 5d5aaed Publish v3.1029.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.