Skip to content

Comments

chore(deps): bump fast-xml-parser from 5.3.6 to 5.3.7#10294

Merged
mergify[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.3.7
Feb 20, 2026
Merged

chore(deps): bump fast-xml-parser from 5.3.6 to 5.3.7#10294
mergify[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/fast-xml-parser-5.3.7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 20, 2026

Bumps fast-xml-parser from 5.3.6 to 5.3.7.

Release notes

Sourced from fast-xml-parser's releases.

CJS typing fix

What's Changed

New Contributors

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7

Changelog

Sourced from fast-xml-parser's changelog.

5.3.7 5.3.7 / 2026-02-20

5.3.6 / 2026-02-14

  • Improve security and performance of entity processing
    • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
    • fast return when no edtity is present
    • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

  • fix: Escape regex char in entity name
  • update strnum to 2.1.2
  • add missing exports in CJS typings

5.3.4 / 2026-01-30

  • fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

  • fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

  • fix for import statement for v6

5.3.1 / 2025-11-03

5.3.0 / 2025-10-03

  • Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

  • Inform user to use fxp-cli instead of in-built CLI feature
  • Export typings for direct use

5.2.4 / 2025-06-06

  • fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE

5.2.3 / 2025-05-11

  • fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE

5.2.2 / 2025-05-05

  • fix (#746): update strnum to fix parsing issues related to enotations

5.2.1 / 2025-04-22

  • fix: read DOCTYPE entity value correctly

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump fast-xml-parser from 5.3.6 to 5.3.7
0431cc5 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.6 to 5.3.7.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.7
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 20, 2026
@mergify mergify bot deployed to Mergify Merge Protections February 20, 2026 07:22 Active
@mergify
Copy link
Contributor

mergify bot commented Feb 20, 2026
edited
Loading

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.
  • all of:
    • check-success = build
    • check-success = lint
    • check-success = test
    • any of:
      • check-success = test-broken-links
      • label = ignore-broken-links
    • any of:
      • check-success=Cloudflare Pages
      • -head-repo-full-name~=^Mergifyio/

🟢 👀 Review Requirements

Wonderful, this rule succeeded.
  • any of:
    • author = dependabot[bot]
    • #approved-reviews-by >= 2
    • author = mergify-ci-bot

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 🔎 Reviews

Wonderful, this rule succeeded.
  • #changes-requested-reviews-by = 0
  • #review-requested = 0
  • #review-threads-unresolved = 0

🟢 📕 PR description

Wonderful, this rule succeeded.
  • body ~= (?ms:.{48,})

@mergify
Copy link
Contributor

mergify bot commented Feb 20, 2026
edited
Loading

Merge Queue Status

Rule: automated updates

@mergify mergify bot added the queued label Feb 20, 2026
This was referenced Feb 20, 2026
Merged
Merged
Merged
@mergify mergify bot merged commit 9ba567d into main Feb 20, 2026
8 checks passed
@mergify mergify bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.3.7 branch February 20, 2026 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code queued

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants