Skip to content

fix(deps): bump fast-xml-parser and @lwc/eslint-plugin-lwc#147

Merged
ben-zhang-at-salesforce merged 2 commits intomainfrom
dependabot-npm_and_yarn-multi-db97f6ac1f
Apr 23, 2026
Merged

fix(deps): bump fast-xml-parser and @lwc/eslint-plugin-lwc#147
ben-zhang-at-salesforce merged 2 commits intomainfrom
dependabot-npm_and_yarn-multi-db97f6ac1f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Bumps fast-xml-parser to 5.7.1 and updates ancestor dependency @lwc/eslint-plugin-lwc. These dependencies need to be updated together.

Updates fast-xml-parser from 4.5.6 to 5.7.1

Release notes

Sourced from fast-xml-parser's releases.

upgrade @​nodable/entities and FXB

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to use entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

  • No API change
  • No change in performance for basic usage
  • No typing change
  • No config change
  • new dependency
  • breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.1 / 2026-04-20

  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

  • increase default entity explansion limit as many projects demand for that
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

5.5.9 / 2026-03-23

  • combine typing files

... (truncated)

Commits
  • 0f08303 fix typo
  • f529642 update to release v5.7.0
  • 52a8583 Revert "improve performance of attributes reading"
  • 8d187f9 update builder
  • e174168 improve performance of attributes reading
  • 79a8dde update docs
  • f5cd5a5 set xml version to decoder even if attributes are ignored
  • f44b923 remove unwanted tests
  • 869ec8b Use @​nodable/entities v2.1.0
  • 7cb49e5 update release detail
  • Additional commits viewable in compare view

Updates @lwc/eslint-plugin-lwc from 2.2.0 to 3.5.0

Release notes

Sourced from @​lwc/eslint-plugin-lwc's releases.

v3.5.0

What's Changed

New Contributors

Full Changelog: salesforce/eslint-plugin-lwc@v3.4.0...v3.5.0

v3.4.0

What's Changed

New Contributors

Full Changelog: salesforce/eslint-plugin-lwc@v3.1.0...v3.4.0

v3.2.0

What's Changed

Full Changelog: salesforce/eslint-plugin-lwc@v3.1.0...v3.2.0

v3.1.0

What's Changed

New Contributors

Full Changelog: salesforce/eslint-plugin-lwc@v3.0.0...v3.1.0

v3.0.0

Breaking Changes

... (truncated)

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 23, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 23, 2026 16:33
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 23, 2026
@dependabot dependabot Bot mentioned this pull request Apr 23, 2026
Closed
@dependabot
fix(deps): bump fast-xml-parser and @lwc/eslint-plugin-lwc
c409681 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) to 5.7.1 and updates ancestor dependency [@lwc/eslint-plugin-lwc](https://github.com/salesforce/eslint-plugin-lwc). These dependencies need to be updated together.


Updates `fast-xml-parser` from 4.5.3 to 5.7.1
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.3...v5.7.1)

Updates `@lwc/eslint-plugin-lwc` from 2.1.0 to 3.5.0
- [Release notes](https://github.com/salesforce/eslint-plugin-lwc/releases)
- [Commits](salesforce/eslint-plugin-lwc@v2.1.0...v3.5.0)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.7.1
  dependency-type: indirect
- dependency-name: "@lwc/eslint-plugin-lwc"
  dependency-version: 3.5.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-multi-db97f6ac1f branch from 75cc92c to c409681 Compare April 23, 2026 17:51
ben-zhang-at-salesforce
ben-zhang-at-salesforce approved these changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ben-zhang-at-salesforce ben-zhang-at-salesforce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update eslint to 9

@ben-zhang-at-salesforce ben-zhang-at-salesforce merged commit 3c910a3 into main Apr 23, 2026
13 checks passed
@ben-zhang-at-salesforce ben-zhang-at-salesforce deleted the dependabot-npm_and_yarn-multi-db97f6ac1f branch April 23, 2026 20:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ben-zhang-at-salesforce ben-zhang-at-salesforce ben-zhang-at-salesforce approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ben-zhang-at-salesforce