Skip to content

chore(deps): Bump fast-xml-parser from 5.4.2 to 5.8.0#620

Merged
crazy-max merged 2 commits into
masterfrom
dependabot/npm_and_yarn/fast-xml-parser-5.5.6
May 22, 2026
Merged

chore(deps): Bump fast-xml-parser from 5.4.2 to 5.8.0#620
crazy-max merged 2 commits into
masterfrom
dependabot/npm_and_yarn/fast-xml-parser-5.5.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026

Copy link
Copy Markdown
Contributor

Bumps fast-xml-parser from 5.4.2 to 5.8.0.

Release notes

Sourced from fast-xml-parser's releases.

update strnum, FXB. Use xml-naming for DOCTYPE

  • integrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)
    • This will consider xml-version as well. '1.0' is default
  • update strnum to 2.3.0
    • You can set octal and binary parsing which is by deault off
  • update fast-xml-builder to 1.2.0
    • can sanitize tag names if found invalid
    • fix format output

fix minor old bugs and update builder

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

upgrade @​nodable/entities and FXB

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to use entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

  • No API change
  • No change in performance for basic usage
  • No typing change
  • No config change
  • new dependency
  • breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
</tr></table> 

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.8.0 / 2026-05-12

  • integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
    • This will consider xml-version as well. '1.0' is default
  • update strnum to 2.3.0
    • You can set octal and binary parsing which is bydeault off
  • update fast-xml-builder to 1.2.0
    • can sanitize tag names if found invalid
    • fix format output

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

... (truncated)

Commits

@dependabot @github

dependabot Bot commented on behalf of github Mar 20, 2026

Copy link
Copy Markdown
Contributor Author

A newer version of fast-xml-parser exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@crazy-max

Copy link
Copy Markdown
Member

@dependabot recreate

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.4.2 to 5.8.0.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.4.2...v5.8.0)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump fast-xml-parser from 5.4.2 to 5.5.6 May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-xml-parser-5.5.6 branch from 60d083b to 27ad663 Compare May 22, 2026 12:06
@crazy-max crazy-max merged commit 30e3a5c into master May 22, 2026
41 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.5.6 branch May 22, 2026 12:10
hoodnoah added a commit to hoodnoah/certmanager-porkbun-webhook that referenced this pull request Jun 10, 2026
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [docker/metadata-action](https://github.com/docker/metadata-action) | action | major | `v5` → `v6` |

---

### Release Notes

<details>
<summary>docker/metadata-action (docker/metadata-action)</summary>

### [`v6.1.0`](https://github.com/docker/metadata-action/releases/tag/v6.1.0)

[Compare Source](docker/metadata-action@v6...v6.1.0)

- Bump [@&#8203;docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.90.0 in [#&#8203;613](docker/metadata-action#613)
- Bump brace-expansion from 1.1.12 to 5.0.6 in [#&#8203;658](docker/metadata-action#658) [#&#8203;630](docker/metadata-action#630)
- Bump csv-parse from 6.1.0 to 6.2.1 in [#&#8203;617](docker/metadata-action#617)
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in [#&#8203;620](docker/metadata-action#620)
- Bump flatted from 3.3.3 to 3.4.2 in [#&#8203;623](docker/metadata-action#623)
- Bump glob from 10.3.15 to 10.5.0 in [#&#8203;621](docker/metadata-action#621)
- Bump handlebars from 4.7.8 to 4.7.9 in [#&#8203;629](docker/metadata-action#629)
- Bump lodash from 4.17.23 to 4.18.1 in [#&#8203;639](docker/metadata-action#639)
- Bump moment-timezone from 0.6.0 to 0.6.1 in [#&#8203;619](docker/metadata-action#619)
- Bump picomatch from 4.0.3 to 4.0.4 in [#&#8203;626](docker/metadata-action#626)
- Bump postcss from 8.5.6 to 8.5.10 in [#&#8203;649](docker/metadata-action#649)
- Bump tar from 6.2.1 to 7.5.15 in [#&#8203;657](docker/metadata-action#657)
- Bump undici from 6.23.0 to 6.25.0 in [#&#8203;614](docker/metadata-action#614)
- Bump vite from 7.3.1 to 7.3.2 in [#&#8203;637](docker/metadata-action#637)

**Full Changelog**: <docker/metadata-action@v6.0.0...v6.1.0>

### [`v6.0.0`](https://github.com/docker/metadata-action/releases/tag/v6.0.0)

[Compare Source](docker/metadata-action@v6...v6)

- Node 24 as default runtime (requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later) by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;605](docker/metadata-action#605)
- List inputs now preserve `#` inside values while still supporting full-line `#` comments by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;607](docker/metadata-action#607)
- Switch to ESM and update config/test wiring by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;602](docker/metadata-action#602)
- Bump lodash from 4.17.21 to 4.17.23 in [#&#8203;588](docker/metadata-action#588)
- Bump [@&#8203;actions/core](https://github.com/actions/core) from 1.11.1 to 3.0.0 in [#&#8203;599](docker/metadata-action#599)
- Bump [@&#8203;actions/github](https://github.com/actions/github) from 6.0.1 to 9.0.0 in [#&#8203;597](docker/metadata-action#597)
- Bump [@&#8203;docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.68.0 to 0.79.0 in [#&#8203;604](docker/metadata-action#604)
- Bump [@&#8203;isaacs/brace-expansion](https://github.com/isaacs/brace-expansion) from 5.0.0 to 5.0.1 in [#&#8203;600](docker/metadata-action#600)
- Bump semver from 7.7.3 to 7.7.4 in [#&#8203;603](docker/metadata-action#603)

**Full Changelog**: <docker/metadata-action@v5.10.0...v6.0.0>

### [`v6`](docker/metadata-action@v5.10.0...v6)

[Compare Source](docker/metadata-action@v5.10.0...v6)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTcuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIxNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: hoodn <hood.noah@gmail.com>
Reviewed-on: https://gitea.k3s.noah-hood.io/hoodn/certmanager-porkbun-webhook/pulls/10
Co-authored-by: renovate-bot <renovate-bot@example.local>
Co-committed-by: renovate-bot <renovate-bot@example.local>
renovate Bot added a commit to sdwilsh/sOS that referenced this pull request Jun 11, 2026
##### [\`v6.1.0\`](https://github.com/docker/metadata-action/releases/tag/v6.1.0)

- Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.90.0 in [#613](docker/metadata-action#613)
- Bump brace-expansion from 1.1.12 to 5.0.6 in [#658](docker/metadata-action#658) [#630](docker/metadata-action#630)
- Bump csv-parse from 6.1.0 to 6.2.1 in [#617](docker/metadata-action#617)
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in [#620](docker/metadata-action#620)
- Bump flatted from 3.3.3 to 3.4.2 in [#623](docker/metadata-action#623)
- Bump glob from 10.3.15 to 10.5.0 in [#621](docker/metadata-action#621)
- Bump handlebars from 4.7.8 to 4.7.9 in [#629](docker/metadata-action#629)
- Bump lodash from 4.17.23 to 4.18.1 in [#639](docker/metadata-action#639)
- Bump moment-timezone from 0.6.0 to 0.6.1 in [#619](docker/metadata-action#619)
- Bump picomatch from 4.0.3 to 4.0.4 in [#626](docker/metadata-action#626)
- Bump postcss from 8.5.6 to 8.5.10 in [#649](docker/metadata-action#649)
- Bump tar from 6.2.1 to 7.5.15 in [#657](docker/metadata-action#657)
- Bump undici from 6.23.0 to 6.25.0 in [#614](docker/metadata-action#614)
- Bump vite from 7.3.1 to 7.3.2 in [#637](docker/metadata-action#637)

**Full Changelog**: <docker/metadata-action@v6.0.0...v6.1.0>

---
##### [\`v6.0.0\`](https://github.com/docker/metadata-action/releases/tag/v6.0.0)

- Node 24 as default runtime (requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later) by [@crazy-max](https://github.com/crazy-max) in [#605](docker/metadata-action#605)
- List inputs now preserve `#` inside values while still supporting full-line `#` comments by [@crazy-max](https://github.com/crazy-max) in [#607](docker/metadata-action#607)
- Switch to ESM and update config/test wiring by [@crazy-max](https://github.com/crazy-max) in [#602](docker/metadata-action#602)
- Bump lodash from 4.17.21 to 4.17.23 in [#588](docker/metadata-action#588)
- Bump [@actions/core](https://github.com/actions/core) from 1.11.1 to 3.0.0 in [#599](docker/metadata-action#599)
- Bump [@actions/github](https://github.com/actions/github) from 6.0.1 to 9.0.0 in [#597](docker/metadata-action#597)
- Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.68.0 to 0.79.0 in [#604](docker/metadata-action#604)
- Bump [@isaacs/brace-expansion](https://github.com/isaacs/brace-expansion) from 5.0.0 to 5.0.1 in [#600](docker/metadata-action#600)
- Bump semver from 7.7.3 to 7.7.4 in [#603](docker/metadata-action#603)

**Full Changelog**: <docker/metadata-action@v5.10.0...v6.0.0>

---
##### [\`v6\`](docker/metadata-action@v5.10.0...v6.0.0)
renovate Bot added a commit to sdwilsh/sOS that referenced this pull request Jun 18, 2026
##### [\`v6.1.0\`](https://github.com/docker/metadata-action/releases/tag/v6.1.0)

- Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.90.0 in [#613](docker/metadata-action#613)
- Bump brace-expansion from 1.1.12 to 5.0.6 in [#658](docker/metadata-action#658) [#630](docker/metadata-action#630)
- Bump csv-parse from 6.1.0 to 6.2.1 in [#617](docker/metadata-action#617)
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in [#620](docker/metadata-action#620)
- Bump flatted from 3.3.3 to 3.4.2 in [#623](docker/metadata-action#623)
- Bump glob from 10.3.15 to 10.5.0 in [#621](docker/metadata-action#621)
- Bump handlebars from 4.7.8 to 4.7.9 in [#629](docker/metadata-action#629)
- Bump lodash from 4.17.23 to 4.18.1 in [#639](docker/metadata-action#639)
- Bump moment-timezone from 0.6.0 to 0.6.1 in [#619](docker/metadata-action#619)
- Bump picomatch from 4.0.3 to 4.0.4 in [#626](docker/metadata-action#626)
- Bump postcss from 8.5.6 to 8.5.10 in [#649](docker/metadata-action#649)
- Bump tar from 6.2.1 to 7.5.15 in [#657](docker/metadata-action#657)
- Bump undici from 6.23.0 to 6.25.0 in [#614](docker/metadata-action#614)
- Bump vite from 7.3.1 to 7.3.2 in [#637](docker/metadata-action#637)

**Full Changelog**: <docker/metadata-action@v6.0.0...v6.1.0>

---
##### [\`v6.0.0\`](https://github.com/docker/metadata-action/releases/tag/v6.0.0)

- Node 24 as default runtime (requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later) by [@crazy-max](https://github.com/crazy-max) in [#605](docker/metadata-action#605)
- List inputs now preserve `#` inside values while still supporting full-line `#` comments by [@crazy-max](https://github.com/crazy-max) in [#607](docker/metadata-action#607)
- Switch to ESM and update config/test wiring by [@crazy-max](https://github.com/crazy-max) in [#602](docker/metadata-action#602)
- Bump lodash from 4.17.21 to 4.17.23 in [#588](docker/metadata-action#588)
- Bump [@actions/core](https://github.com/actions/core) from 1.11.1 to 3.0.0 in [#599](docker/metadata-action#599)
- Bump [@actions/github](https://github.com/actions/github) from 6.0.1 to 9.0.0 in [#597](docker/metadata-action#597)
- Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.68.0 to 0.79.0 in [#604](docker/metadata-action#604)
- Bump [@isaacs/brace-expansion](https://github.com/isaacs/brace-expansion) from 5.0.0 to 5.0.1 in [#600](docker/metadata-action#600)
- Bump semver from 7.7.3 to 7.7.4 in [#603](docker/metadata-action#603)

**Full Changelog**: <docker/metadata-action@v5.10.0...v6.0.0>

---
##### [\`v6\`](docker/metadata-action@v5.10.0...v6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

1 participant