Skip to content

Bump the production-dependencies group with 2 updates#185

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-480d479fa7
Open

Bump the production-dependencies group with 2 updates#185
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-480d479fa7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 2 updates: adm-zip and fast-xml-parser.

Updates adm-zip from 0.5.17 to 0.5.18

Release notes

Sourced from adm-zip's releases.

v0.5.18

What's Changed

New Contributors

Full Changelog: cthackers/adm-zip@v0.5.17...v0.5.18

Commits
  • 8592b15 Incremented version
  • 4c61451 Merge pull request #563 from JohnJunior/fix/empty-dir-version
  • afd618e Fixed jsdocs
  • 7d41d71 Fixed sanitize bug
  • edd43ed Update author and bug report email in package.json
  • 83ac9f3 Add security section to README
  • 692ae21 Enhance security policy with vulnerability reporting details
  • 46279d7 Merge pull request #562 from mielverkerken/master
  • b091814 Merge pull request #551 from matt-fidd/webpack-crash
  • e5b2dd8 Merge pull request #564 from JohnJunior/fix/issue-555-data-descriptor
  • Additional commits viewable in compare view

Updates fast-xml-parser from 5.9.0 to 5.9.3

Release notes

Sourced from fast-xml-parser's releases.

v5.9.3

What's Changed

New Contributors

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.2...v5.9.3

v5.9.2

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.1...v5.9.2

v5.9.1

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.0...v5.9.1

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.9.3 / 2026-06-19

  • update strnum

*5.9.2 / 2026-06-17

  • dummy release to test changes in github action

*5.9.1 / 2026-06-17

  • dummy release to test release from github action

*5.9.0 / 2026-06-15

  • update strnum to 2.3.0
    • you can set hex, binary, enotation, infinity, unicode
  • validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

*5.8.0 / 2026-05-12

  • integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
    • This will consider xml-version as well. '1.0' is default
  • update strnum to 2.3.0
    • You can set octal and binary parsing which is bydeault off
  • update fast-xml-builder to 1.2.0
    • can sanitize tag names if found invalid
    • fix format output

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for fast-xml-parser since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group with 2 updates: [adm-zip](https://github.com/cthackers/adm-zip) and [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser).


Updates `adm-zip` from 0.5.17 to 0.5.18
- [Release notes](https://github.com/cthackers/adm-zip/releases)
- [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md)
- [Commits](cthackers/adm-zip@v0.5.17...v0.5.18)

Updates `fast-xml-parser` from 5.9.0 to 5.9.3
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.9.0...v5.9.3)

---
updated-dependencies:
- dependency-name: adm-zip
  dependency-version: 0.5.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: fast-xml-parser
  dependency-version: 5.9.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@stacklane-pr-stack-visualizer

Copy link
Copy Markdown

🧱 Stack PR · Base of stack

Stack Structure:

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedadm-zip@​0.5.17 ⏵ 0.5.1810010098 +181100
Updatedfast-xml-parser@​5.9.0 ⏵ 5.9.3100 +110010095100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants