fix: pin fast-xml-parser to 5.7.1 (GHSA-gh4j-gqv2-49f6)

[DominicBM]

Summary

• Resolves Dependabot alert #86 — XML Comment and CDATA Injection via unescaped delimiters in fast-xml-parser < 5.7.0
• fast-xml-parser is a transitive dependency of @aws-sdk/xml-builder; uses npm overrides to force the patched version (5.7.1)

Test plan

• CI passes (no direct usage of fast-xml-parser in this codebase — coverage comes from AWS SDK behaviour)
• Verify Dependabot alert #86 is dismissed after merge

🤖 Generated with Claude Code

Summary

Pins fast-xml-parser to version 5.7.1 via npm overrides configuration to resolve a security vulnerability (GHSA-gh4j-gqv2-49f6: XML Comment and CDATA Injection). The package is a transitive dependency of @aws-sdk/xml-builder and is not directly used in the codebase.

Security impact

Fixes an XML injection vulnerability in fast-xml-parser < 5.7.0 by forcing all dependency resolution paths to use the patched version 5.7.1. This addresses Dependabot alert #86.

Changes

• Added overrides field in package.json specifying "fast-xml-parser": "5.7.1" (+3 lines)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2a90fef8-20c9-4c8f-8528-0fdee358b9a9

📥 Commits

Reviewing files that changed from the base of the PR and between 2248cf2 and 79df600.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

Walkthrough

Adds an overrides configuration to package.json to enforce resolution of fast-xml-parser to version 5.7.1 across all dependency trees, ensuring consistent dependency resolution regardless of transitive dependency specifications.

Changes

Cohort / File(s)	Summary
Dependency Resolution Lock package.json	Added overrides field to force fast-xml-parser version 5.7.1 for all package resolutions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely identifies the main change: pinning fast-xml-parser to a patched version to address a security vulnerability, including the CVE identifier.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/fast-xml-parser-5.7.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}