chore: Bump fast-xml-parser, @aws-sdk/client-codedeploy and @aws-sdk/client-ecs

[dependabot]

Bumps fast-xml-parser to 5.7.2 and updates ancestor dependencies fast-xml-parser, @aws-sdk/client-codedeploy and @aws-sdk/client-ecs. These dependencies need to be updated together.

Updates fast-xml-parser from 5.2.5 to 5.7.2

Release notes

Sourced from fast-xml-parser's releases.

backward compatibility for numerical external entity, fix #705, #817

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

upgrade @​nodable/entities and FXB

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to use entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.2 / 2026-04-25

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

• fix typo in CJS typing file

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

5.5.12 / 2026-04-13

• Performance Improvement: update path-expression-matcher
  • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

• Performance Improvement
  • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

• increase default entity explansion limit as many projects demand for that
• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

... (truncated)

Commits

• b1d5b90 update releas info
• 78571ae tests for long tag expression
• ebaedc0 allow numerical external entities for backward compatibility
• 91245eb update changelog
• 79dd40d fix #705: don not group and nest attributes when both preserveOrder and attri...
• d6bce3b allow long attribute expressions
• 9a2561b remove unnecessary
• 0f08303 fix typo
• f529642 update to release v5.7.0
• 52a8583 Revert "improve performance of attributes reading"
• Additional commits viewable in compare view

Updates @aws-sdk/client-codedeploy from 3.922.0 to 3.1038.0

Release notes

Sourced from @​aws-sdk/client-codedeploy's releases.

v3.1038.0

3.1038.0(2026-04-27)

Chores

• codegen: sync for typed waiter-result values (#7965) (e9f8d8a9)

Documentation Changes

• client-gameliftstreams: Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application (eee81edd)

New Features

• client-sagemaker: Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior. (c3a61e2d)
• client-billingconductor: Add support for Passthrough pricing plan (31ed64a4)
• client-glue: Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions (eaf5eef0)
• client-kms: KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key. (7edc07d4)
• client-ivs: Adds tags parameter to the CreateAdConfiguration operation (6e9a5a05)
• client-workspaces: Added support for Protocol as modified resource and added update failure as modification state (6bd9ee46)
• client-application-signals: Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations. (6a04d604)
• client-cloudwatch-logs: Adds support for selecting all logs sources and types in a single association. (0f944495)
• client-omics: Enable Public Internet or VPC configuration to BatchRun (345017d3)
• client-mgn: Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses. (8cc99968)
• client-opensearch: Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication (5dfd0544)

Bug Fixes

• xml-builder: use xml 1.1 parsing behavior for entities (#7964) (7a30bce0)

---

For list of updated packages, view updated-packages.md in assets-3.1038.0.zip

v3.1037.0

3.1037.0(2026-04-24)

New Features

• clients: update client endpoints as of 2026-04-24 (ca3df2be)
• client-evs: EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. (fd92ee48)
• client-cloudwatch-logs: Adding nextToken and maxItems to the GetQueryResults API. (1a5ef619)
• client-transfer: AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. (f2a72a85)
• client-bedrock-agentcore-control: Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access (a0bf24cd)
• client-connect: Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. (7e987e88)
• client-connecthealth: Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. (c21882c4)

Bug Fixes

• client-kinesis: tolerance for flaky H2 session ordering assertion in E2E test (#7959) (58734960)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-codedeploy's changelog.

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/client-codedeploy

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-codedeploy

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-codedeploy

3.1035.0 (2026-04-22)

Note: Version bump only for package @​aws-sdk/client-codedeploy

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-codedeploy

3.1033.0 (2026-04-20)

Features

• clients: use binary decision diagrams for endpoint resolution (#7931) (ff1b2ba)

... (truncated)

Commits

• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0
• d08b5a7 Publish v3.1034.0
• 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942)
• a62021b Publish v3.1033.0
• ff1b2ba feat(clients): use binary decision diagrams for endpoint resolution (#7931)
• Additional commits viewable in compare view

Updates @aws-sdk/client-ecs from 3.921.0 to 3.1038.0

Release notes

Sourced from @​aws-sdk/client-ecs's releases.

v3.1038.0

3.1038.0(2026-04-27)

Chores

• codegen: sync for typed waiter-result values (#7965) (e9f8d8a9)

Documentation Changes

• client-gameliftstreams: Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application (eee81edd)

New Features

• client-sagemaker: Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior. (c3a61e2d)
• client-billingconductor: Add support for Passthrough pricing plan (31ed64a4)
• client-glue: Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions (eaf5eef0)
• client-kms: KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key. (7edc07d4)
• client-ivs: Adds tags parameter to the CreateAdConfiguration operation (6e9a5a05)
• client-workspaces: Added support for Protocol as modified resource and added update failure as modification state (6bd9ee46)
• client-application-signals: Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations. (6a04d604)
• client-cloudwatch-logs: Adds support for selecting all logs sources and types in a single association. (0f944495)
• client-omics: Enable Public Internet or VPC configuration to BatchRun (345017d3)
• client-mgn: Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses. (8cc99968)
• client-opensearch: Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication (5dfd0544)

Bug Fixes

• xml-builder: use xml 1.1 parsing behavior for entities (#7964) (7a30bce0)

---

For list of updated packages, view updated-packages.md in assets-3.1038.0.zip

v3.1037.0

3.1037.0(2026-04-24)

New Features

• clients: update client endpoints as of 2026-04-24 (ca3df2be)
• client-evs: EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. (fd92ee48)
• client-cloudwatch-logs: Adding nextToken and maxItems to the GetQueryResults API. (1a5ef619)
• client-transfer: AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. (f2a72a85)
• client-bedrock-agentcore-control: Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access (a0bf24cd)
• client-connect: Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. (7e987e88)
• client-connecthealth: Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. (c21882c4)

Bug Fixes

• client-kinesis: tolerance for flaky H2 session ordering assertion in E2E test (#7959) (58734960)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ecs's changelog.

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1035.0 (2026-04-22)

Features

• client-ecs: GPU health monitoring and auto-repair for ECS Managed Instances (0ffa109)

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1033.0 (2026-04-20)

Features

• clients: use binary decision diagrams for endpoint resolution (#7931) (ff1b2ba)

... (truncated)

Commits

• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0
• 0ffa109 feat(client-ecs): GPU health monitoring and auto-repair for ECS Managed Insta...
• d08b5a7 Publish v3.1034.0
• 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942)
• a62021b Publish v3.1033.0
• Additional commits viewable in compare view