Build(deps-dev): bump fast-xml-parser from 5.2.5 to 5.3.8 by dependabot[bot] · Pull Request #172 · issue-ops/labeler

dependabot · 2026-02-25T05:47:29Z

Bumps fast-xml-parser from 5.2.5 to 5.3.8.

Release notes

Sourced from fast-xml-parser's releases.

handle non-array input for XML builder && support maxNestedTags

support maxNestedTags

handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)

save use of js properies Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.7...v5.3.8

CJS typing fix

What's Changed

Unexport X2jOptions at declaration site by @Drarig29 in NaturalIntelligence/fast-xml-parser#787

New Contributors

@Drarig29 made their first contribution in NaturalIntelligence/fast-xml-parser#787

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7

Entity security and performance

Improve security and performance of entity processing

new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter

fast return when no edtity is present

improvement replacement logic to reduce number of calls

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.5...v5.3.6

v5.3.5

What's Changed

Add missing exports to fxp commonjs types by @jeremymeng in NaturalIntelligence/fast-xml-parser#782

fix: Escape regex char in entity name

update strnum to 2.1.2

New Contributors

@jeremymeng made their first contribution in NaturalIntelligence/fast-xml-parser#782

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.5

fix: handle HTML numeric and hex entities when out of range

No release notes provided.

bug fix and performance improvements

fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

Performance improvement for stopNodes (By Maciek Lamberski)

Replace Buffer with Uint8Array

Launched Separate CLI module

Replace Buffer with Uint8Array

Changelog

Sourced from fast-xml-parser's changelog.

5.3.8 5.3.8 / 2026-02-25

support maxNestedTags

handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)

save use of js properies

5.3.7 5.3.7 / 2026-02-20

fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

Improve security and performance of entity processing

new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter

fast return when no edtity is present

improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

fix: Escape regex char in entity name

update strnum to 2.1.2

add missing exports in CJS typings

5.3.4 / 2026-01-30

fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

fix for import statement for v6

5.3.1 / 2025-11-03

Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

Inform user to use fxp-cli instead of in-built CLI feature

Export typings for direct use

5.2.4 / 2025-06-06

fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE

5.2.3 / 2025-05-11

fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE

... (truncated)

Commits

c692040 update release info
107e34c avoid {} to create an empty object
60835a4 support maxNestedTags
f55657c avoid direct call to hasOwnProperty
c13a961 handle non-array input for XML builder when preserveOrder is true
fc97a55 update relese info
b9aef04 Unexport X2jOptions at declaration site (#787)
c20fbd6 remove unused code
ecb2ca1 update release info
910dae5 fix entities performance & security issues
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.2.5 to 5.3.8. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.2.5...v5.3.8) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.3.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-25T05:50:07Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5	0	0	0.04s
✅ JSON	jsonlint	5	0	0	0.22s
✅ JSON	npm-package-json-lint	yes	no	no	0.57s
✅ JSON	prettier	5	0	0	0.92s
✅ JSON	v8r	5	0	0	6.91s
✅ MARKDOWN	markdownlint	1	0	0	0.9s
✅ REPOSITORY	checkov	yes	no	no	23.17s
✅ REPOSITORY	gitleaks	yes	no	no	1.72s
✅ REPOSITORY	git_diff	yes	no	no	0.05s
❌ REPOSITORY	grype	yes	24	no	52.27s
✅ REPOSITORY	secretlint	yes	no	no	0.88s
✅ REPOSITORY	syft	yes	no	no	8.96s
✅ REPOSITORY	trivy-sbom	yes	no	no	3.69s
✅ REPOSITORY	trufflehog	yes	no	no	30.61s
✅ TYPESCRIPT	prettier	9	0	0	1.17s
✅ YAML	prettier	13	0	0	0.79s
✅ YAML	v8r	13	0	0	8.48s
✅ YAML	yamllint	13	0	0	0.68s

Detailed Issues

❌ REPOSITORY / grype - 24 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME                     INSTALLED  FIXED IN                       TYPE       VULNERABILITY        SEVERITY  EPSS           RISK   
minimatch                10.1.1     10.2.1                         npm        GHSA-3ppc-4f35-3m26  High      < 0.1% (12th)  < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-61723       High      < 0.1% (11th)  < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-61725       High      < 0.1% (8th)   < 0.1  
stdlib                   go1.23.10  *1.24.12, 1.25.6               go-module  CVE-2025-61726       High      < 0.1% (7th)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-47912       Medium    < 0.1% (9th)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-58185       Medium    < 0.1% (9th)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-58186       Medium    < 0.1% (8th)   < 0.1  
@isaacs/brace-expansion  5.0.0      5.0.1                          npm        GHSA-7h2j-956f-4vf2  High      < 0.1% (4th)   < 0.1  
stdlib                   go1.23.10  *1.24.13, 1.25.7, 1.26.0-rc.3  go-module  CVE-2025-68121       Critical  < 0.1% (3rd)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-58188       High      < 0.1% (4th)   < 0.1  
stdlib                   go1.23.10  *1.24.9, 1.25.3                go-module  CVE-2025-58187       High      < 0.1% (4th)   < 0.1  
stdlib                   go1.23.10  *1.24.11, 1.25.5               go-module  CVE-2025-61729       High      < 0.1% (3rd)   < 0.1  
stdlib                   go1.23.10  *1.23.12, 1.24.6               go-module  CVE-2025-47906       Medium    < 0.1% (5th)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-61724       Medium    < 0.1% (5th)   < 0.1  
undici                   5.29.0     6.23.0                         npm        GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (4th)   < 0.1  
stdlib                   go1.23.10  *1.24.12, 1.25.6               go-module  CVE-2025-61728       Medium    < 0.1% (3rd)   < 0.1  
stdlib                   go1.23.10  *1.23.12, 1.24.6               go-module  CVE-2025-47907       High      < 0.1% (1st)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-58183       Medium    < 0.1% (3rd)   < 0.1  
stdlib                   go1.23.10  *1.24.8, 1.25.2                go-module  CVE-2025-58189       Medium    < 0.1% (2nd)   < 0.1  
stdlib                   go1.23.10  *1.24.12, 1.25.6               go-module  CVE-2025-61731       High      < 0.1% (0th)   < 0.1  
stdlib                   go1.23.10  *1.24.11, 1.25.5               go-module  CVE-2025-61727       Medium    < 0.1% (1st)   < 0.1  
stdlib                   go1.23.10  *1.24.13, 1.25.7               go-module  CVE-2025-61732       High      < 0.1% (0th)   < 0.1  
stdlib                   go1.23.10  *1.24.12, 1.25.6               go-module  CVE-2025-61730       Medium    < 0.1% (0th)   < 0.1  
stdlib                   go1.23.10  *1.23.11, 1.24.5               go-module  CVE-2025-4674        High      < 0.1% (0th)   < 0.1
[0052] ERROR discovered vulnerabilities at or above the severity threshold

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

dependabot · 2026-02-28T11:30:09Z

Superseded by #174.

dependabot bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Feb 25, 2026

dependabot bot requested a review from a team as a code owner February 25, 2026 05:47

dependabot bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Feb 25, 2026

dependabot bot mentioned this pull request Feb 25, 2026

Build(deps-dev): bump fast-xml-parser from 5.2.5 to 5.3.7 #169

Closed

dependabot bot closed this Feb 28, 2026

dependabot bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.3.8 branch February 28, 2026 11:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build(deps-dev): bump fast-xml-parser from 5.2.5 to 5.3.8#172

Build(deps-dev): bump fast-xml-parser from 5.2.5 to 5.3.8#172
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.3.8

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

github-actions bot commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 25, 2026

handle non-array input for XML builder && support maxNestedTags

CJS typing fix

What's Changed

New Contributors

Entity security and performance

v5.3.5

What's Changed

New Contributors

fix: handle HTML numeric and hex entities when out of range

bug fix and performance improvements

Replace Buffer with Uint8Array

Uh oh!

github-actions bot commented Feb 25, 2026

❌MegaLinter analysis: Error

Detailed Issues

Uh oh!

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Replace `Buffer` with `Uint8Array`