Skip to content

chore(deps): Bump fast-xml-builder from 1.1.5 to 1.2.0 in /frontend in the npm_and_yarn group across 1 directory#173

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8
Open

chore(deps): Bump fast-xml-builder from 1.1.5 to 1.2.0 in /frontend in the npm_and_yarn group across 1 directory#173
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the /frontend directory: fast-xml-builder.

Updates fast-xml-builder from 1.1.5 to 1.2.0

Changelog

Sourced from fast-xml-builder's changelog.

1.2.0 (2026-05-08)

  • Add support for sanitizeName option
  • Support xml-naming for validating and sanitizing tag and attribute names

1.1.9 (2026-05-06)

  • fix: format output for preserve order when indent by is set to empty string

1.1.8 (2026-05-05)

  • fix: skip text property for PI tags
  • improve typings

1.1.7 (2026--05-04)

  • fix security issues when attribute value contains quotes

1.1.6 (2026--05-04)

  • fix security issues related to comment
  • skip comment with null value

1.1.5 (2026-04-17)

  • fix security issues related to comment and cdata

1.1.4 (2026-03-16)

  • support maxNestedTags option

1.1.3 (2026-03-13)

  • declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

1.1.2 (2026-03-11)

  • fix typings

1.1.1 (2026-03-11)

  • upgrade path-expression-matcher to 1.1.3

1.1.0 (2026-03-10)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
@dependabot dependabot Bot requested a review from hwinther as a code owner May 8, 2026 19:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

Node build status (frontend)

✅ Dependency installation succeeded

added 1700 packages, and audited 1701 packages in 41s

✅ Typecheck succeeded

✅ Build succeeded

✅ No lint issues 🎊

🧪 Test results

Total Passed Failed Skipped Todo
64 64 0 0 0

Status: All tests passed
Duration: 4.63s

📊 Code coverage report

Code Coverage

Package Line Rate Branch Rate Health
api 87% 86%
components 67% 50%
features.items 78% 80%
features.locations 80% 62%
lib 51% 45%
welcome 100% 100%
Summary 66% (212 / 320) 65% (155 / 239)

✅ No changes in files after install and build were found

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

🛡️ Grype vulnerability scan

1 findings: 🟡 1 Medium

All 1 findings (sorted by severity)
Severity CVSS ID Location Description
🟡 Medium 5.3 CVE-2026-39882-OpenTelemetry api/ A medium vulnerability in UnknownPackage package: OpenTelemetry, version 1.15.3 was found in image hwinther/clutterstock/api:0.25.1-PullRequ

Open Code Scanning alerts for branch dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8 (SARIF category grype-container-api; alerts can take a moment to appear after upload.)

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

🛡️ Grype vulnerability scan

✅ No vulnerabilities reported.

Open Code Scanning alerts for branch dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8 (SARIF category grype-container-migrator; alerts can take a moment to appear after upload.)

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

🛡️ Grype vulnerability scan

✅ No vulnerabilities reported.

Open Code Scanning alerts for branch dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8 (SARIF category grype-container-frontend; alerts can take a moment to appear after upload.)

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

🎭 Playwright E2E — ❌ 1 test(s) failed

Result Count
✅ Passed 0
❌ Failed 1
⚠️ Flaky 0
⏭️ Skipped 11
Total 12

Duration: 0m 4s

Failed and flaky tests
  • auth.setup.ts — authenticate [setup] (unexpected)

Full report and traces: download the playwright-report artifact.

@dependabot
chore(deps): Bump fast-xml-builder
05e1cd8 
Bumps the npm_and_yarn group with 1 update in the /frontend directory: [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder).


Updates `fast-xml-builder` from 1.1.5 to 1.2.0
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-builder@v1.1.5...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/frontend/npm_and_yarn-0e1c4900d8 branch from a34b269 to 05e1cd8 Compare May 10, 2026 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hwinther hwinther Awaiting requested review from hwinther hwinther is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file frontend javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants