Skip to content

build(deps): bump fast-xml-parser from 5.7.2 to 5.7.3#66

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.7.3
Closed

build(deps): bump fast-xml-parser from 5.7.2 to 5.7.3#66
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.7.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps fast-xml-parser from 5.7.2 to 5.7.3.

Release notes

Sourced from fast-xml-parser's releases.

fix minor old bugs and update builder

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated
Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

... (truncated)

Commits
  • d6d8042 update to release
  • d263370 remove dev dependency 'he'
  • f9c9a2c update builder to 1.1.7
  • b65da87 update changelog and mark addEntity deprecated
  • c2ca631 update fxb
  • da75191 fix stop node expression when ns prefix is removed
  • 31bbc99 fix: alwaysCreateTextNode should create text node when attributes are present...
  • dab327a remove unnecessary
  • ab04eeb update docs
  • 383cb3f Revise security information for v6 release
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump fast-xml-parser from 5.7.2 to 5.7.3
fada352 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.7.2 to 5.7.3.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.7.2...v5.7.3)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 6, 2026
@theagenticguy theagenticguy mentioned this pull request May 8, 2026
Merged
7 tasks
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 8, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.7.3 branch May 8, 2026 13:32
theagenticguy added a commit that referenced this pull request May 10, 2026
@theagenticguy
build(deps): unified dependabot bump across workspace (#69)
951440b 
## Summary

One PR that takes in all 10 open Dependabot bumps so pnpm-lock only has
to resolve once. All versions match the Dependabot PRs exactly. Bumps
are drops-in — no code changes needed.

### Closes

- Closes #67 — `@aws-sdk/client-sagemaker-runtime` 3.1035.0 → 3.1043.0
(`packages/embedder`)
- Closes #66 — `fast-xml-parser` 5.7.2 → 5.7.3 (`packages/ingestion`)
- Closes #65 — `@aws-sdk/client-bedrock-runtime` 3.1040.0 → 3.1043.0
(`packages/ingestion`, `summarizer`, `wiki`)
- Closes #63 — `lru-cache` 11.3.5 → 11.3.6 (`packages/mcp`)
- Closes #62 — `yaml` 2.8.3 → 2.8.4 (`packages/frameworks`, `sarif`,
`cli`, `policy`)
- Closes #60 — `@commitlint/config-conventional` 20.5.0 → 20.5.3 (root
devDep)
- Closes #59 — `zod` 4.3.6 → 4.4.3 (`packages/frameworks`, `mcp`,
`sarif`, `policy`, `summarizer`)
- Closes #57 — `snyk-nodejs-lockfile-parser` 2.7.0 → 2.7.1
(`packages/ingestion`)
- Closes #56 — `onnxruntime-node` 1.24.3 → 1.25.1 (`packages/embedder`)
- Closes #55 — `@biomejs/biome` 2.4.13 → 2.4.14 (root devDep)

Mise pins (`node = "22"`, `pnpm = "10.33.2"`, `python = "3.12"`, `uv =
"latest"`) left alone — none of the Dependabot PRs touch them and a pnpm
10→11 jump would be a major change out of scope.

## Test plan

- [x] `pnpm install` resolves cleanly, lockfile regenerates without
workarounds
- [x] `pnpm -r clean && pnpm -r build` succeeds (all workspace packages
build)
- [x] `pnpm -r exec tsc --noEmit` passes (14 stale-`dist` errors in
`packages/search` were pre-existing on main before a fresh build and
clear after)
- [x] `pnpm -r test` passes (225 CLI tests + 150 MCP tests + rest; the 2
earlier MCP failures were stale `dist/tools/pack-codebase.test.js`
leftovers from a prior branch's build and disappeared after `pnpm -r
clean`)
- [x] `pnpm run lint` passes (biome 2.4.14 surfaces 6 warnings / 1 info
on existing test code, non-blocking)
- [x] `pnpm run banned-strings` passes
- [x] `lefthook` pre-commit + commit-msg + pre-push hooks all green

## Notes

- Root `pnpm.onlyBuiltDependencies` was **not** touched by this change —
preserved `onnxruntime-node`, `@duckdb/node-api`, tree-sitter natives,
etc. exactly as they were.
- The `fast-xml-parser@<5.7.0: 5.7.1` override is still in
`package.json` for transitive resolution of older versions — left
intact.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants