Bump fast-xml-parser from 5.5.9 to 5.7.3 by dependabot[bot] · Pull Request #2424 · stellar/stellar-docs

dependabot · 2026-05-06T02:45:26Z

Bumps fast-xml-parser from 5.5.9 to 5.7.3.

Release notes

Sourced from fast-xml-parser's releases.

fix minor old bugs and update builder

fix: alwaysCreateTextNode should create text node when attributes are present for self closing node

fix stop node expression when ns prefix is removed (found by iruizsalinas)

update XML Builder to 1.1.7

mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

allow numerical external entity for backward compatibility

fix #705: attributesGroupName working with preserveOrder

fix #817: stackoverflow when tag expression is very long

upgrade @nodable/entities and FXB

Use @nodable/entities v2.1.0

breaking changes

single entity scan. You're not allowed to use entity value to form another entity name.

you cant add numeric external entity

entity error message when expantion limit is crossed might change

typings are updated for new options related to process entity

please follow documentation of @nodable/entities for more detail.

performance

if processEntities is false, then there should not be impact on performance.

if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%

if processEntities is true, and you pass entity decoder separately

if no entity then performance should be same as before

if there are entities then performance should be increased from past versions

ignoreAttributes is not required to be set to set xml version for NCR entity value

update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @nodable/entities to replace entities

No API change

No change in performance for basic usage

No typing change

No config change

new dependency

breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
performance improvement

reduce calls to toString

early return when entities are not present

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.3 / 2006-05-05

fix: alwaysCreateTextNode should create text node when attributes are present for self closing node

fix stop node expression when ns prefix is removed (found by iruizsalinas)

update XML Builder to 1.1.7

mark addEntity deprecated

5.7.2 / 2026-04-25

allow numerical external entity for backward compatibility

fix #705: attributesGroupName working with preserveOrder

fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

fix typo in CJS typing file

5.7.0 / 2026-04-17

Use @nodable/entities v2.1.0

breaking changes

single entity scan. You're not allowed to user entity value to form another entity name.

you cant add numeric external entity

entity error message when expantion limit is crossed might change

typings are updated for new options related to process entity

please follow documentation of @nodable/entities for more detail.

performance

if processEntities is false, then there should not be impact on performance.

if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%

if processEntities is true, and you pass entity decoder separately

if no entity then performance should be same as before

if there are entities then performance should be increased from past versions

ignoreAttributes is not required to be set to set xml version for NCR entity value

update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

fix: entity replacement for numeric entities

use @nodable/entities to replace entities

this may change some error messages related to entities expansion limit or inavlid use

post check would be exposed in future version

5.5.12 / 2026-04-13

Performance Improvement: update path-expression-matcher

use proxy pattern than Proxy class

5.5.11 / 2026-04-08

Performance Improvement

integrate ExpressionSet for stopNodes

... (truncated)

Commits

d6d8042 update to release
d263370 remove dev dependency 'he'
f9c9a2c update builder to 1.1.7
b65da87 update changelog and mark addEntity deprecated
c2ca631 update fxb
da75191 fix stop node expression when ns prefix is removed
31bbc99 fix: alwaysCreateTextNode should create text node when attributes are present...
dab327a remove unnecessary
ab04eeb update docs
383cb3f Revise security information for v6 release
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.9 to 5.7.3. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.5.9...v5.7.3) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.7.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 6, 2026

dependabot Bot requested review from Copilot and removed request for Copilot May 6, 2026 02:45

dependabot Bot mentioned this pull request May 6, 2026

Bump fast-xml-parser from 5.5.9 to 5.7.1 #2381

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump fast-xml-parser from 5.5.9 to 5.7.3#2424

Bump fast-xml-parser from 5.5.9 to 5.7.3#2424
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.7.3

dependabot Bot commented on behalf of github May 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 6, 2026

fix minor old bugs and update builder

backward compatibility for numerical external entity, fix #705, #817

upgrade @​nodable/entities and FXB

use @​nodable/entities to replace entities

performance improvment, increase entity expansion default limit

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

upgrade `@nodable/entities` and FXB

use `@nodable/entities` to replace entities