Skip to content

chore: Bump fast-xml-parser and @aws-sdk/client-ecs#471

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-561e086bbf
Open

chore: Bump fast-xml-parser and @aws-sdk/client-ecs#471
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-561e086bbf

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Bumps fast-xml-parser to 5.7.2 and updates ancestor dependency @aws-sdk/client-ecs. These dependencies need to be updated together.

Updates fast-xml-parser from 5.2.5 to 5.7.2

Release notes

Sourced from fast-xml-parser's releases.

backward compatibility for numerical external entity, fix #705, #817

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

upgrade @​nodable/entities and FXB

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to use entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

  • No API change
  • No change in performance for basic usage
  • No typing change
  • No config change
  • new dependency
  • breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

  • increase default entity explansion limit as many projects demand for that
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

... (truncated)

Commits
  • b1d5b90 update releas info
  • 78571ae tests for long tag expression
  • ebaedc0 allow numerical external entities for backward compatibility
  • 91245eb update changelog
  • 79dd40d fix #705: don not group and nest attributes when both preserveOrder and attri...
  • d6bce3b allow long attribute expressions
  • 9a2561b remove unnecessary
  • 0f08303 fix typo
  • f529642 update to release v5.7.0
  • 52a8583 Revert "improve performance of attributes reading"
  • Additional commits viewable in compare view

Updates @aws-sdk/client-ecs from 3.923.0 to 3.1039.0

Release notes

Sourced from @​aws-sdk/client-ecs's releases.

v3.1039.0

3.1039.0(2026-04-29)

Chores
Documentation Changes
  • client-ecr: Removes support for registry policy V1 (0fc28e9f)
New Features
  • clients: update client endpoints as of 2026-04-29 (2c0c0979)
  • client-workspaces-web: Allow admins to configure IPv6 ranges on IP Access Settings. (a1d8beb2)
  • client-account: Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. (dc283531)
  • client-gamelift: Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute. (71e95d8f)
  • client-transfer: This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k. (58052c95)
  • client-cloudfront: Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards. (fac83987)
  • client-mediapackagev2: This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs (cd814f6b)
  • client-bedrock-agentcore-control: Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage (480b6517)
  • client-bedrock-agentcore: Adds batch evaluation for running evaluators against multiple agent sessions with server-side orchestration, AI-powered recommendations for optimizing system prompts and tool descriptions, and AB testing with controlled traffic splitting and statistical significance reporting (c9db8716)
  • client-deadline: Adds support for rtx-pro-server-6000 GPU accelerator for service-managed fleets. (86aab769)
Bug Fixes
  • xml-builder: inline nodable/entities for dist format compatibility (#7968) (02b6be6b)
Tests

For list of updated packages, view updated-packages.md in assets-3.1039.0.zip

v3.1038.0

3.1038.0(2026-04-27)

Chores
  • codegen: sync for typed waiter-result values (#7965) (e9f8d8a9)
Documentation Changes

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ecs's changelog.

3.1039.0 (2026-04-29)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-ecs

3.1035.0 (2026-04-22)

Features

  • client-ecs: GPU health monitoring and auto-repair for ECS Managed Instances (0ffa109)

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-ecs

... (truncated)

Commits
  • 51c8215 Publish v3.1039.0
  • 3dfb72b chore(codegen): sync for adaptive retry fixes (#7970)
  • 3fbf6c5 Publish v3.1038.0
  • e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
  • 7babd8b Publish v3.1037.0
  • 46e4ac5 Publish v3.1036.0
  • 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
  • d8fbfbc Publish v3.1035.0
  • 0ffa109 feat(client-ecs): GPU health monitoring and auto-repair for ECS Managed Insta...
  • d08b5a7 Publish v3.1034.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore: Bump fast-xml-parser and @aws-sdk/client-ecs
aefc335 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) to 5.7.2 and updates ancestor dependency [@aws-sdk/client-ecs](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ecs). These dependencies need to be updated together.


Updates `fast-xml-parser` from 5.2.5 to 5.7.2
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.2.5...v5.7.2)

Updates `@aws-sdk/client-ecs` from 3.923.0 to 3.1039.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ecs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1039.0/clients/client-ecs)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.2
  dependency-type: indirect
- dependency-name: "@aws-sdk/client-ecs"
  dependency-version: 3.1039.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 30, 2026
@dependabot dependabot Bot mentioned this pull request Apr 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants