Skip to content

fix(deps): bump fast-xml-parser from 5.7.1 to 5.7.2#1276

Merged
svc-cli-bot merged 1 commit intomainfrom
dependabot-npm_and_yarn-fast-xml-parser-5.7.2
Apr 26, 2026
Merged

fix(deps): bump fast-xml-parser from 5.7.1 to 5.7.2#1276
svc-cli-bot merged 1 commit intomainfrom
dependabot-npm_and_yarn-fast-xml-parser-5.7.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 25, 2026
edited
Loading

Bumps fast-xml-parser from 5.7.1 to 5.7.2.

Release notes

Sourced from fast-xml-parser's releases.

backward compatibility for numerical external entity, fix #705, #817

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long
Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

  • increase default entity explansion limit as many projects demand for that
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

... (truncated)

Commits
  • b1d5b90 update releas info
  • 78571ae tests for long tag expression
  • ebaedc0 allow numerical external entities for backward compatibility
  • 91245eb update changelog
  • 79dd40d fix #705: don not group and nest attributes when both preserveOrder and attri...
  • d6bce3b allow long attribute expressions
  • 9a2561b remove unnecessary
  • See full diff in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 25, 2026
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-fast-xml-parser-5.7.2 branch 4 times, most recently from bef62ec to d09dac3 Compare April 26, 2026 06:23
@dependabot
fix(deps): bump fast-xml-parser from 5.7.1 to 5.7.2
db8783b 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-fast-xml-parser-5.7.2 branch from d09dac3 to db8783b Compare April 26, 2026 09:05
@svc-cli-bot svc-cli-bot merged commit 41d7d03 into main Apr 26, 2026
15 checks passed
@svc-cli-bot svc-cli-bot deleted the dependabot-npm_and_yarn-fast-xml-parser-5.7.2 branch April 26, 2026 11:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@svc-cli-bot