Bump the patch-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the patch-dependencies group with 3 updates in the /bench directory: bun, fast-xml-parser and minio.

Updates bun from 1.3.9 to 1.3.10

Release notes

Sourced from bun's releases.

Bun v1.3.10

To install Bun v1.3.10

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.10:

bun upgrade

Read Bun v1.3.10's release notes on Bun's blog

Thanks to 11 contributors!

• @​alanstott
• @​alii
• @​cirospaciari
• @​dylan-conway
• @​hk-shao
• @​hona
• @​jarred-sumner
• @​martinamps
• @​prekucki
• @​robobun
• @​sosukesuzuki

Commits

• 30e609e Windows ARM64
• 84e4a5c fix(windows): avoid standalone worker dotenv crash (#27434)
• 89c70a7 feat(repl): add -e/-p flags, docs page, and shell completions (#27436)
• b2d8504 fix(spawn): remove shutdown() on subprocess stdio socketpairs (#27435)
• e735bff fix(http): enable TLS keepalive for custom SSL configs (#27385)
• 347c288 fix(shell): seq crashes when called with only flags and no numeric args (#27415)
• 6cc1a70 fix(streams): preserve AsyncLocalStorage context in stream.finished callbac...
• fa3a30f feat(repl): implement native Zig REPL with full TUI support (#26304)
• 32a89c4 fix(docs): code block syntax for server.tsx in SSR guide (#27417)
• c643e0f fix(fuzzilli): prevent crash from fprintf on null FILE* in FUZZILLI_PRINT han...
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.4.1 to 5.4.2

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.4.2 / 2026-03-03

• support maxEntityCount option

5.4.1 / 2026-02-25

• fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

• migrate to fast-xml-builder

5.3.9 / 2026-02-25

• support strictReservedNames

5.3.8 / 2026-02-25

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies

5.3.7 / 2026-02-20

• fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

5.3.4 / 2026-01-30

• fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

... (truncated)

Commits

• 44af544 update release info
• 3abdca9 support maxEntityCount
• f95852a update changelog
• See full diff in compare view

Updates minio from 8.0.6 to 8.0.7

Release notes

Sourced from minio's releases.

Bug fix release 8.0.7

What's Changed

• feat: export IamAwsProvider from main minio module by @​Anany-k in minio/minio-js#1422
• fix: unwanted long retry due to very long default config by @​aldy505 in minio/minio-js#1426
• fix part etag parsing to parse from headers or body by @​prakashsvmx in minio/minio-js#1429
• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in minio/minio-js#1438
• build(deps-dev): bump qs from 6.11.1 to 6.14.1 by @​dependabot[bot] in minio/minio-js#1440
• build(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in minio/minio-js#1444
• refactor: change uploadAllParts to limited concurrency by @​SPodjasek in minio/minio-js#1442
• fix(README.md): readme doc links by @​leanhvu21042001 in minio/minio-js#1447
• build(deps): bump fast-xml-parser from 4.4.1 to 5.3.4 by @​dependabot[bot] in minio/minio-js#1449
• README: fix docs API link by @​alxndrsn in minio/minio-js#1451
• fix: remove unused dependency by @​ChALkeR in minio/minio-js#1454
• build(deps-dev): bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in minio/minio-js#1455
• ts migration of listobjects v2 and notiifications by @​prakashsvmx in minio/minio-js#1453
• build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by @​dependabot[bot] in minio/minio-js#1457
• migration of few more files to ts by @​prakashsvmx in minio/minio-js#1456
• chore: update lockfile to resolve fast-xml-parser vulnerability by @​hugov in minio/minio-js#1460

New Contributors

• @​Anany-k made their first contribution in minio/minio-js#1422
• @​SPodjasek made their first contribution in minio/minio-js#1442
• @​leanhvu21042001 made their first contribution in minio/minio-js#1447
• @​ChALkeR made their first contribution in minio/minio-js#1454
• @​hugov made their first contribution in minio/minio-js#1460

Full Changelog: minio/minio-js@8.0.6...8.0.7

Commits

• 8f31de3 chore: update lockfile to resolve fast-xml-parser vulnerability (#1460)
• 77f0252 migration of few more files to ts (#1456)
• 914b5a4 build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 (#1457)
• 0172710 ts migration of listobjects v2 and notiifications (#1453)
• ac5f701 build(deps-dev): bump qs from 6.14.1 to 6.14.2 (#1455)
• e9ab929 fix: remove unused dependency (#1454)
• 309d9d0 README: fix docs API link (#1451)
• 330ca53 build(deps): bump fast-xml-parser from 4.4.1 to 5.3.4 (#1449)
• 2dd02d9 fix(README.md): readme doc links (#1447)
• ac1b5a9 refactor: change uploadAllParts to limited concurrency (#1442)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions