fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

[akhilrangu919]

Before creating a new issue, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have tried disabling all browser extensions or using a different browser
• I have tried deleting the node_modules folder and reinstalling my dependencies
• I have read the guide for submitting bug reports.

On which framework/platform are you having an issue?

React

Which UI component?

Other

How is your app built?

Vite

What browsers are you seeing the problem on?

No response

Which region are you seeing the problem in?

No response

Please describe your bug.

aws-amplify package depends on versions of fast-xml-parser that have a security vulnerability. "fast-xml-parser": "5.3.6",
fast-xml-parser <5.3.8, GHSA-fj3w-jwp8-x2g3

Using aws-amplify v6.10.2 and also the latest v6.16.2 has the vulnerabilities related to fast-xml-parser <5.3.8

What's the expected behaviour?

aws-amplify package should not depend on vulnerable versions of fast-xml-parser

Help us reproduce the bug!

install eg: npm i aws-amplify
run npm audit

Code Snippet

// Put your code below this line.

Console log output

No response

Additional information and screenshots

No response

[soberm]

Hi @akhilrangu919 ,

Thank you for creating this issue. We will look into that and get back to you as soon as we have an update.

[pranavosu]

Hi @akhilrangu919 , 6.16.2 should not have any issues listed with npm audit - can you confirm? we're currently working on a fix for v5, but v6 should not have any critical issues.

[edwinvanderven]

Hi @akhilrangu919 , 6.16.2 should not have any issues listed with npm audit - can you confirm? we're currently working on a fix for v5, but v6 should not have any critical issues.

👋 I am currently on version 6.16.2 of aws-amplify and I am getting security vulnerabilities reported due to fast-xml-parser.