Skip to content

build(deps): bump fast-xml-parser from 5.7.1 to 5.7.2#48

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.7.2
Closed

build(deps): bump fast-xml-parser from 5.7.1 to 5.7.2#48
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.7.2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026
edited
Loading

Bumps fast-xml-parser from 5.7.1 to 5.7.2.

Release notes

Sourced from fast-xml-parser's releases.

backward compatibility for numerical external entity, fix #705, #817

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long
Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

  • increase default entity explansion limit as many projects demand for that
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

... (truncated)

Commits
  • b1d5b90 update releas info
  • 78571ae tests for long tag expression
  • ebaedc0 allow numerical external entities for backward compatibility
  • 91245eb update changelog
  • 79dd40d fix #705: don not group and nest attributes when both preserveOrder and attri...
  • d6bce3b allow long attribute expressions
  • 9a2561b remove unnecessary
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-xml-parser-5.7.2 branch 3 times, most recently from e4abcf7 to 5f714f0 Compare April 30, 2026 18:10
@dependabot
build(deps): bump fast-xml-parser from 5.7.1 to 5.7.2
d5ad885 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-xml-parser-5.7.2 branch from 5f714f0 to d5ad885 Compare April 30, 2026 21:17
@theagenticguy theagenticguy mentioned this pull request Apr 30, 2026
Merged
5 tasks
@theagenticguy
Copy link
Copy Markdown
Owner

theagenticguy commented Apr 30, 2026

Superseded by #51, which consolidates this bump with 11 other open dependabot PRs so they land in a single CI cycle.

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 30, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.7.2 branch April 30, 2026 22:46
theagenticguy added a commit that referenced this pull request Apr 30, 2026
@theagenticguy
build(deps): consolidate 12 dependabot bumps (#51)
283c2be 
## Summary

Consolidates all 12 open dependabot PRs into a single branch so they can
land together with one CI cycle.

### npm deps
- `@aws-sdk/client-bedrock-runtime` 3.1035.0 → 3.1040.0 — closes #50
- `@commitlint/cli` 20.5.0 → 20.5.3 — closes #49
- `fast-xml-parser` 5.7.1 → 5.7.2 — closes #48
- `sharp` ^0.34.1 → ^0.34.5 — closes #47
- `astro` ^6.1.9 → ^6.2.1 — closes #46
- `ts-morph` ^25.0.1 → ^28.0.0 — closes #45
- `@bufbuild/protobuf` 2.11.0 → 2.12.0 — closes #44
- `ajv` 8.18.0 → 8.20.0 — closes #43
- typescript-tooling group (`@biomejs/biome` 2.4.12 → 2.4.13,
`@types/node` 24.12.2 → 25.6.0) — closes #42

### GitHub Actions
- `actions/cache` v4 → v5 — closes #41
- `googleapis/release-please-action` v4 → v5 — closes #40
- `actions/github-script` v7 → v9 — closes #39

### Drive-by fixes
- Bump `biome.json` `$schema` URL to 2.4.13 to match the new CLI
version.
- Remove `.gitnexus` from `.gitignore` — it was tripping the
banned-strings guardrail (added in b848c2f) and blocking every local
commit via lefthook.

## Test plan
- [x] `pnpm install` — no peer warnings introduced beyond those already
present on main
- [x] `pnpm run build` — all 15 packages build
- [x] `pnpm run typecheck` — clean
- [x] `pnpm -r test` — 1627 pass, 0 fail across all packages
- [x] lefthook pre-commit (biome + banned-strings) passes

Does NOT touch the `pnpm.onlyBuiltDependencies` list — verified by diff,
because prior sessions saw `pnpm approve-builds` destructively rewrite
it.
theagenticguy added a commit that referenced this pull request May 1, 2026
@theagenticguy
build(deps): consolidate 12 dependabot bumps (#51)
d2958f2 
## Summary

Consolidates all 12 open dependabot PRs into a single branch so they can
land together with one CI cycle.

### npm deps
- `@aws-sdk/client-bedrock-runtime` 3.1035.0 → 3.1040.0 — closes #50
- `@commitlint/cli` 20.5.0 → 20.5.3 — closes #49
- `fast-xml-parser` 5.7.1 → 5.7.2 — closes #48
- `sharp` ^0.34.1 → ^0.34.5 — closes #47
- `astro` ^6.1.9 → ^6.2.1 — closes #46
- `ts-morph` ^25.0.1 → ^28.0.0 — closes #45
- `@bufbuild/protobuf` 2.11.0 → 2.12.0 — closes #44
- `ajv` 8.18.0 → 8.20.0 — closes #43
- typescript-tooling group (`@biomejs/biome` 2.4.12 → 2.4.13,
`@types/node` 24.12.2 → 25.6.0) — closes #42

### GitHub Actions
- `actions/cache` v4 → v5 — closes #41
- `googleapis/release-please-action` v4 → v5 — closes #40
- `actions/github-script` v7 → v9 — closes #39

### Drive-by fixes
- Bump `biome.json` `$schema` URL to 2.4.13 to match the new CLI
version.

## Test plan
- [x] `pnpm install` — no peer warnings introduced beyond those already
present on main
- [x] `pnpm run build` — all 15 packages build
- [x] `pnpm run typecheck` — clean
- [x] `pnpm -r test` — 1627 pass, 0 fail across all packages
- [x] lefthook pre-commit (biome + banned-strings) passes

Does NOT touch the `pnpm.onlyBuiltDependencies` list — verified by diff,
because prior sessions saw `pnpm approve-builds` destructively rewrite
it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theagenticguy