Skip to content

fix: Bump fast-xml-parser to fix vulnerability#20644

Merged
s1gr1d merged 1 commit intodevelopfrom
sig/fix-vulnerability-xml-parser
May 4, 2026
Merged

fix: Bump fast-xml-parser to fix vulnerability#20644
s1gr1d merged 1 commit intodevelopfrom
sig/fix-vulnerability-xml-parser

Conversation

@s1gr1d
Copy link
Copy Markdown
Member

@s1gr1d s1gr1d commented May 4, 2026

@s1gr1d s1gr1d requested a review from a team as a code owner May 4, 2026 11:20
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 4, 2026

size-limit report 📦

Path Size % Change Change
@sentry/browser 26.31 kB - -
@sentry/browser - with treeshaking flags 24.8 kB - -
@sentry/browser (incl. Tracing) 44.2 kB - -
@sentry/browser (incl. Tracing + Span Streaming) 46.42 kB - -
@sentry/browser (incl. Tracing, Profiling) 49.16 kB - -
@sentry/browser (incl. Tracing, Replay) 83.58 kB - -
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.04 kB - -
@sentry/browser (incl. Tracing, Replay with Canvas) 88.26 kB - -
@sentry/browser (incl. Tracing, Replay, Feedback) 100.87 kB - -
@sentry/browser (incl. Feedback) 43.47 kB - -
@sentry/browser (incl. sendFeedback) 31.12 kB - -
@sentry/browser (incl. FeedbackAsync) 36.21 kB - -
@sentry/browser (incl. Metrics) 27.62 kB - -
@sentry/browser (incl. Logs) 27.75 kB - -
@sentry/browser (incl. Metrics & Logs) 28.45 kB - -
@sentry/react 28.05 kB - -
@sentry/react (incl. Tracing) 46.42 kB - -
@sentry/vue 31.18 kB - -
@sentry/vue (incl. Tracing) 46.04 kB - -
@sentry/svelte 26.34 kB - -
CDN Bundle 28.91 kB - -
CDN Bundle (incl. Tracing) 46.95 kB - -
CDN Bundle (incl. Logs, Metrics) 30.34 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) 48.06 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) 69.41 kB - -
CDN Bundle (incl. Tracing, Replay) 84.11 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) 85.16 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) 89.91 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) 91.01 kB - -
CDN Bundle - uncompressed 84.72 kB - -
CDN Bundle (incl. Tracing) - uncompressed 140.31 kB - -
CDN Bundle (incl. Logs, Metrics) - uncompressed 88.92 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed 143.77 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed 212.86 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 258.11 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed 261.56 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 271.81 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed 275.25 kB - -
@sentry/nextjs (client) 48.92 kB - -
@sentry/sveltekit (client) 44.67 kB - -
@sentry/node-core 59.13 kB +0.02% +11 B 🔺
@sentry/node 170.42 kB +0.01% +11 B 🔺
@sentry/node - without tracing 97 kB +0.02% +10 B 🔺
@sentry/aws-serverless 113.85 kB +0.03% +33 B 🔺
@sentry/cloudflare (withSentry) - minified 165.2 kB - -
@sentry/cloudflare (withSentry) 417.71 kB - -

View base workflow run

@s1gr1d s1gr1d enabled auto-merge (squash) May 4, 2026 11:37
JPeer264
JPeer264 reviewed May 4, 2026
View reviewed changes
Comment thread dev-packages/node-integration-tests/package.json
"@anthropic-ai/sdk": "0.63.0",
"@apollo/server": "^5.5.0",
"@aws-sdk/client-s3": "^3.993.0",
"@aws-sdk/client-s3": "^3.1041.0",
Copy link
Copy Markdown
Member

@JPeer264 JPeer264 May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just want to point out that the title is a little less than what it is doing here.

@s1gr1d s1gr1d merged commit fe5cad5 into develop May 4, 2026
257 checks passed
@s1gr1d s1gr1d deleted the sig/fix-vulnerability-xml-parser branch May 4, 2026 11:39
@JPeer264 JPeer264 mentioned this pull request May 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JPeer264 JPeer264 JPeer264 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fast-xml-parser vulnerabilities in getsentry/sentry-javascript

2 participants

@s1gr1d @JPeer264