chore(deps): bump the npm_and_yarn group with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates: xml2js and snyk.

Removes xml2js

Updates snyk from 1.425.4 to 1.1296.1

Release notes

Sourced from snyk's releases.

v1.1296.1

1.1296.1 (2025-03-27)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

News

• test: Add poetry v2 support (49c6652)
• code: Fix backward compatibility issue in sarif driver name (5ef6442)
• iac: Fix iac test network issues (815ed82)
• language-server: Increase authentication resilience (07fc381)
• language-server: Avoid that the trust dialog blocks the application. (07fc381)
• language-server: Fix duplicate Open Source Issues appearing only in a single IDE tree node, despite occurring in multiple files. (07fc381)
• dependency: Upgrade golang.org/x/net to address CVE-2025-22870 (7edd450)

v1.1296.0

1.1296.0 (2025-03-13)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

News

• general: Improved error logging and handling

Features

• container: add support for --exclude-node-modules option (4756f27)
• container: adds kaniko support (bfb69c8)
• general: display a unique interactionID alongside each error (960a71c)
• test: python support for local wheel files specifiers (42675eb)
• test: dep-graph json file output (90f24ec)
• test: print legacy tree with json file output (b256937)
• test: display all applicable maven unmanaged identities (ebf6ba1)
• code: enable v1 fingerprints in code sarif output (00644af)
• test: Add 'pkgIdProvenance' labels to dependency graph nodes when the package identity has been changed from what has been discovered in the manifest files (4d529b3)
• test: added Python support for sys_platform (1aa1565)
• language-server AI fix explain (26d118f)
• language-server enable calling mcp commands via ls commands (6f80a03)
• language-server add scan source to metrics (6f80a03)
• language-server add mcp server, refactoring (6f80a03)
• language-server added a new code action and code lens for showDocument (8e7ab06)
• language-server add Option for Pre-Scan command, fix auth race (64920ac)
• language-server add ideStyle variable to static html (0a05e66)
• language-server intiial commit of shared html for scan summary panel (0a05e66)
• language-server send scan summary and scan base & working directory concurrently (1908a08)
• language-server store folder config outside of git repo, add reference folder (50d0770)
• language-server send initial summary panel notification (50d0770)
• language-server add a new $/snyk.scanSummary notificiation (fc80c9c)
• language-server support maven pom hierarchies for highlighting & fixes (e5924fc)
• language-server Sending a user event when fixing inside the editor (e5924fc)
• language-server Sending IDE+extension versions to autofix (a18975a)

... (truncated)

Commits

• 011e4a7 Merge pull request #5803 from snyk/chore/update_release_1296_1
• 921e95e chore: merge release-candidate into release/1.1296 Mi 26 Mär 2025 18:47:43 CET
• ed38581 Merge pull request #5802 from snyk/chore/prepare_release_1296_1
• 58f0a68 chore: Update Release_Notes.md
• 49c6652 fix: upgrade plugin for poetry v2 support [OSM-2442]
• 8ff2300 fix: removed FeatureFlagNotEnabled iac error and upgraded snyk-iac-test versi...
• f8e14b5 chore: update native code test workflow feature flags
• 815ed82 fix(iac): proxy iac test request [IAC-324]
• 7edd450 fix(dependency): upgrade golang.org/x/net to address CVE-2025-22870
• 5ef6442 fix(code): fix backward compatibility issue in sarif driver name
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by snyk-admin, a new releaser for snyk since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.