Skip to content

fix(deps): bump fast-xml-parser from 5.5.9 to 5.5.10#1266

Merged
svc-cli-bot merged 1 commit intomainfrom
dependabot-npm_and_yarn-fast-xml-parser-5.5.10
Apr 5, 2026
Merged

fix(deps): bump fast-xml-parser from 5.5.9 to 5.5.10#1266
svc-cli-bot merged 1 commit intomainfrom
dependabot-npm_and_yarn-fast-xml-parser-5.5.10

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 4, 2026
edited
Loading

Bumps fast-xml-parser from 5.5.9 to 5.5.10.

Release notes

Sourced from fast-xml-parser's releases.

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.10 / 2026-04-03

  • increase default entity explansion limit as many projects demand for that
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

5.5.9 / 2026-03-23

  • combine typing files

4.5.5 / 2026-03-22

apply fixes from v5 (legacy maintenance branch v4-maintenance)

  • support maxEntityCount
  • support onDangerousProperty
  • support maxNestedTags
  • handle prototype pollution
  • fix incorrect entity name replacement
  • fix incorrect condition for entity expansion

5.5.8 / 2026-03-20

  • pass read only matcher in callback

5.5.7 / 2026-03-19

  • fix: entity expansion limits
  • update strnum package to 2.2.0

5.5.6 / 2026-03-16

  • update builder dependency
  • fix incorrect regex to replace . in entity name
  • fix check for entitiy expansion for lastEntities and html entities too

5.5.5 / 2026-03-13

  • sanitize dangerous tag or attribute name
  • error on critical property name
  • support onDangerousProperty option

5.5.4 / 2026-03-13

  • declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

5.5.3 / 2026-03-11

... (truncated)

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 4, 2026
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-fast-xml-parser-5.5.10 branch 2 times, most recently from d1a8f70 to 0d60b87 Compare April 5, 2026 03:46
@dependabot
fix(deps): bump fast-xml-parser from 5.5.9 to 5.5.10
c694c35 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.9 to 5.5.10.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-fast-xml-parser-5.5.10 branch from 0d60b87 to c694c35 Compare April 5, 2026 03:47
@svc-cli-bot svc-cli-bot merged commit 8f4ae88 into main Apr 5, 2026
16 checks passed
@svc-cli-bot svc-cli-bot deleted the dependabot-npm_and_yarn-fast-xml-parser-5.5.10 branch April 5, 2026 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@svc-cli-bot