You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion
*5.8.0 / 2026-05-12
integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
This will consider xml-version as well. '1.0' is default
update strnum to 2.3.0
You can set octal and binary parsing which is bydeault off
update fast-xml-builder to 1.2.0
can sanitize tag names if found invalid
fix format output
5.7.3 / 2006-05-05
fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
fix stop node expression when ns prefix is removed (found by iruizsalinas)
update XML Builder to 1.1.7
mark addEntity deprecated
5.7.2 / 2026-04-25
allow numerical external entity for backward compatibility
fix #705: attributesGroupName working with preserveOrder
fix #817: stackoverflow when tag expression is very long
5.7.1 / 2026-04-20
fix typo in CJS typing file
5.7.0 / 2026-04-17
Use @nodable/entities v2.1.0
breaking changes
single entity scan. You're not allowed to user entity value to form another entity name.
you cant add numeric external entity
entity error message when expantion limit is crossed might change
typings are updated for new options related to process entity
please follow documentation of @nodable/entities for more detail.
performance
if processEntities is false, then there should not be impact on performance.
if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
if processEntities is true, and you pass entity decoder separately
if no entity then performance should be same as before
if there are entities then performance should be increased from past versions
ignoreAttributes is not required to be set to set xml version for NCR entity value
update 'fast-xml-builder' to sanitize malicious CDATA and comment's content
5.6.0 / 2026-04-15
fix: entity replacement for numeric entities
use @nodable/entities to replace entities
this may change some error messages related to entities expansion limit or inavlid use
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Tested: https://ks-dependabot-npm-and-yarn-fast-x-docs.kestra-io.workers.dev on 2026-05-12 19:27 UTC
No baseline available — scores will appear after the first merge to main
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps fast-xml-parser from 5.5.9 to 5.8.0.
Release notes
Sourced from fast-xml-parser's releases.
... (truncated)
Changelog
Sourced from fast-xml-parser's changelog.
... (truncated)
Commits
4bcee44for release8a287bfrelease info50b01dcUse "@byspec/xml" for testing816b652update typings to mark validator use deprecated8ad0e65update fast-xml-builder and strnum58e967eintegrate xml-naming42fa3c3separate XML validator, UPDATE DOCSd6d8042update to released263370remove dev dependency 'he'f9c9a2cupdate builder to 1.1.7Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.