chore(deps): bump fast-xml-parser and openapi-sampler in /docs #2976

Merged

dependabot[bot] merged 1 commit from refs/pull/2976/head into staging 2026-02-28 18:04:57 +00:00

Conversation 0 Commits 1 Files changed 1 +25 -48

dependabot[bot] commented 2026-02-27 02:26:13 +00:00 (Migrated from github.com)

Owner

Copy link

Imported from GitHub pull request.

Original GitHub pull request: #2927
Original author: @dependabot[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2927
Original created: 2026-02-27T02:26:13Z
Original updated: 2026-02-28T18:04:59Z
Original head: carverauto/serviceradar:dependabot/npm_and_yarn/docs/multi-61f42e4890
Original base: staging
Original merged: 2026-02-28T18:04:57Z by @mfreeman451

Bumps fast-xml-parser and openapi-sampler. These dependencies needed to be updated together.
Updates fast-xml-parser from 4.5.3 to 5.4.1

Release notes

Sourced from fast-xml-parser's releases.

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

To

import  XMLBuilder  from "fast-xml-builder";

XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8

CJS typing fix

What's Changed

• Unexport X2jOptions at declaration site by @​Drarig29 in NaturalIntelligence/fast-xml-parser#787

New Contributors

• @​Drarig29 made their first contribution in NaturalIntelligence/fast-xml-parser#787

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7

Entity security and performance

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6

v5.3.5

What's Changed

• Add missing exports to fxp commonjs types by @​jeremymeng in NaturalIntelligence/fast-xml-parser#782
• fix: Escape regex char in entity name

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.4.1 / 2026-02-25

• fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

• migrate to fast-xml-builder

5.3.9 / 2026-02-25

• support strictReservedNames

5.3.8 / 2026-02-25

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies

5.3.7 / 2026-02-20

• fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

5.3.4 / 2026-01-30

• fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

... (truncated)

Commits

• 4e7ca80 update release info
• 36023b4 fix (#785) unpairedTag node should not have tag content
• b366026 separate builder
• 6f333a8 update release info
• c3ffbab support strictReservedNames
• c692040 update release info
• 107e34c avoid {} to create an empty object
• 60835a4 support maxNestedTags
• f55657c avoid direct call to hasOwnProperty
• c13a961 handle non-array input for XML builder when preserveOrder is true
• Additional commits viewable in compare view

Updates openapi-sampler from 1.6.1 to 1.7.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Imported from GitHub pull request. Original GitHub pull request: #2927 Original author: @dependabot[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2927 Original created: 2026-02-27T02:26:13Z Original updated: 2026-02-28T18:04:59Z Original head: carverauto/serviceradar:dependabot/npm_and_yarn/docs/multi-61f42e4890 Original base: staging Original merged: 2026-02-28T18:04:57Z by @mfreeman451 --- Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [openapi-sampler](https://github.com/redocly/openapi-sampler). These dependencies needed to be updated together. Updates `fast-xml-parser` from 4.5.3 to 5.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>Separate Builder</h2> <p>XML Builder was the part of <a href="https://github.com/NaturalIntelligence/fast-xml-builder">fast-xml-parser</a> for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.</p> <h2>Migration</h2> <p>To migrate to fast-xml-builder;</p> <p>From</p> <pre lang="js"><code>import { XMLBuilder } from &quot;fast-xml-parser&quot;; </code></pre> <p>To</p> <pre lang="js"><code>import XMLBuilder from &quot;fast-xml-builder&quot;; </code></pre> <p>XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.</p> <h2>support strictReservedNames</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9</a></p> <h2>handle non-array input for XML builder &amp;&amp; support maxNestedTags</h2> <ul> <li>support maxNestedTags</li> <li>handle non-array input for XML builder when preserveOrder is true (By <a href="https://github.com/Angelopvtac">Angelo Coetzee</a>)</li> <li>save use of js properies <strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8</a></li> </ul> <h2>CJS typing fix</h2> <h2>What's Changed</h2> <ul> <li>Unexport <code>X2jOptions</code> at declaration site by <a href="https://github.com/Drarig29"><code>@​Drarig29</code></a> in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/787">NaturalIntelligence/fast-xml-parser#787</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Drarig29"><code>@​Drarig29</code></a> made their first contribution in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/787">NaturalIntelligence/fast-xml-parser#787</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7</a></p> <h2>Entity security and performance</h2> <ul> <li>Improve security and performance of entity processing <ul> <li>new options <code>maxEntitySize</code>, <code>maxExpansionDepth</code>, <code>maxTotalExpansions</code>, <code>maxExpandedLength</code>, <code>allowedTags</code>,<code>tagFilter</code></li> <li>fast return when no edtity is present</li> <li>improvement replacement logic to reduce number of calls</li> <li></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6</a></p> <h2>v5.3.5</h2> <h2>What's Changed</h2> <ul> <li>Add missing exports to fxp commonjs types by <a href="https://github.com/jeremymeng"><code>@​jeremymeng</code></a> in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/782">NaturalIntelligence/fast-xml-parser#782</a></li> <li>fix: Escape regex char in entity name</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 &amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>5.4.1 / 2026-02-25</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/785">#785</a>) unpairedTag node should not have tag content</li> </ul> <p><strong>5.4.0 / 2026-02-25</strong></p> <ul> <li>migrate to fast-xml-builder</li> </ul> <p><strong>5.3.9 / 2026-02-25</strong></p> <ul> <li>support strictReservedNames</li> </ul> <p><strong>5.3.8 / 2026-02-25</strong></p> <ul> <li>support maxNestedTags</li> <li>handle non-array input for XML builder when preserveOrder is true (By <a href="https://github.com/Angelopvtac">Angelo Coetzee</a>)</li> <li>save use of js properies</li> </ul> <p><strong>5.3.7 / 2026-02-20</strong></p> <ul> <li>fix typings for CJS (By <a href="https://github.com/Drarig29">Corentin Girard</a>)</li> </ul> <p><strong>5.3.6 / 2026-02-14</strong></p> <ul> <li>Improve security and performance of entity processing <ul> <li>new options <code>maxEntitySize</code>, <code>maxExpansionDepth</code>, <code>maxTotalExpansions</code>, <code>maxExpandedLength</code>, <code>allowedTags</code>,<code>tagFilter</code></li> <li>fast return when no edtity is present</li> <li>improvement replacement logic to reduce number of calls</li> </ul> </li> </ul> <p><strong>5.3.5 / 2026-02-08</strong></p> <ul> <li>fix: Escape regex char in entity name</li> <li>update strnum to 2.1.2</li> <li>add missing exports in CJS typings</li> </ul> <p><strong>5.3.4 / 2026-01-30</strong></p> <ul> <li>fix: handle HTML numeric and hex entities when out of range</li> </ul> <p><strong>5.3.3 / 2025-12-12</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/775">#775</a>: transformTagName with allowBooleanAttributes adds an unnecessary attribute</li> </ul> <p><strong>5.3.2 / 2025-11-14</strong></p> <ul> <li>fix for import statement for v6</li> </ul> <p><strong>5.3.1 / 2025-11-03</strong></p> <ul> <li>Performance improvement for stopNodes (By <a href="https://github.com/macieklamberski">Maciek Lamberski</a>)</li> </ul> <p><strong>5.3.0 / 2025-10-03</strong></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e7ca80e788a23b07531ac2ff8906e5e9f4bf892"><code>4e7ca80</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/36023b496382717c82bd68863b3f95629d0c9311"><code>36023b4</code></a> fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/785">#785</a>) unpairedTag node should not have tag content</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/b3660266f53e383193ae152cde878d9b2db7240f"><code>b366026</code></a> separate builder</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/6f333a85693e20713fea2d733795fef7e11ac51c"><code>6f333a8</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c3ffbab9e5a2bab9db65803933d0af656076fc33"><code>c3ffbab</code></a> support strictReservedNames</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c692040f6b5f5045d38b66b1da04e4d3abc97052"><code>c692040</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/107e34c046d4997ee3b67a32d32eef52fe63edb2"><code>107e34c</code></a> avoid <code>{}</code> to create an empty object</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/60835a4c7279ddc349d192097fb41afa52930d8b"><code>60835a4</code></a> support maxNestedTags</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f55657c2b1cf29b433124390c32acba45a5a67aa"><code>f55657c</code></a> avoid direct call to hasOwnProperty</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a"><code>c13a961</code></a> handle non-array input for XML builder when preserveOrder is true</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v5.4.1">compare view</a></li> </ul> </details> <br /> Updates `openapi-sampler` from 1.6.1 to 1.7.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/redocly/openapi-sampler/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/carverauto/serviceradar/network/alerts). </details>

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

1week

  

2weeks

  

Failed compliance check

  

IP cameras

  

NATS

NATS JetStream

  

Possible security concern

  

Review effort 1/5

  

Review effort 2/5

  

Review effort 3/5

  

Review effort 4/5

  

Review effort 5/5

  

UI

  

aardvark

  

accessibility

  

amd64

  

api

  

arm64

  

auth

  

back-end

  

bgp

  

blog

  

bug

Something isn't working

  

build

  

checkers

  

ci-cd

continuous integration-continuous deployments

  

cleanup

  

cnpg

cloud-native postgres

  

codex

  

core

core service

  

dependencies

Pull requests that update a dependency file

  

device-management

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

dusk

  

ebpf

  

enhancement

New feature or request

  

eta 1d

  

eta 1hr

  

eta 3d

  

eta 3hr

  

feature

  

fieldsurvey

  

github_actions

Pull requests that update GitHub Actions code

  

go

Pull requests that update Go code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

javascript

Pull requests that update Javascript code

  

k8s

  

log-collector

  

mapper

  

mtr

multi traceroute

  

needs-triage

  

netflow

  

network-sweep

  

observability

  

oracle

Oracle Linux related issues

  

otel

opentelemetry logs, traces, metrics

  

plug-in

  

proton

timeplus proton streaming database

  

python

  

question

Further information is requested

  

reddit

  

redhat

  

research

  

rperf

  

rperf-checker

  

rust

Pull requests that update rust code

  

sdk

  

security

  

serviceradar-agent

  

serviceradar-agent-gateway

  

serviceradar-web

  

serviceradar-web-ng

  

siem

  

snmp

  

sysmon

  

topology

  

ubiquiti

  

wasm

  

wontfix

This will not be worked on

  

zen-engine

No labels

1week

2weeks

Failed compliance check

IP cameras

NATS

Possible security concern

Review effort 1/5

Review effort 2/5

Review effort 3/5

Review effort 4/5

Review effort 5/5

UI

aardvark

accessibility

amd64

api

arm64

auth

back-end

bgp

blog

bug

build

checkers

ci-cd

cleanup

cnpg

codex

core

dependencies

device-management

documentation

duplicate

dusk

ebpf

enhancement

eta 1d

eta 1hr

eta 3d

eta 3hr

feature

fieldsurvey

github_actions

go

good first issue

help wanted

invalid

javascript

k8s

log-collector

mapper

mtr

needs-triage

netflow

network-sweep

observability

oracle

otel

plug-in

proton

python

question

reddit

redhat

research

rperf

rperf-checker

rust

sdk

security

serviceradar-agent

serviceradar-agent-gateway

serviceradar-web

serviceradar-web-ng

siem

snmp

sysmon

topology

ubiquiti

wasm

wontfix

zen-engine

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

carverauto/serviceradar!2976

No description provided.