Skip to content

deps(deps): bump the production-dependencies group with 4 updates#10

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-e89338f91d
Closed

deps(deps): bump the production-dependencies group with 4 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-e89338f91d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 4 updates: @nodable/entities, fast-xml-parser, form-data and undici.

Updates @nodable/entities from 2.1.1 to 2.2.0

Commits

Updates fast-xml-parser from 5.8.0 to 5.9.2

Release notes

Sourced from fast-xml-parser's releases.

v5.9.2

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.1...v5.9.2

v5.9.1

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.0...v5.9.1

update strnum, use is-unsafe

  • update strnum to 2.3.0
    • you can set hex, binary, enotation, infinity, unicode
  • validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.
Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.9.2 / 2026-06-17

  • dummy release to test changes in github action

*5.9.1 / 2026-06-17

  • dummy release to test release from github action

*5.9.0 / 2026-06-15

  • update strnum to 2.3.0
    • you can set hex, binary, enotation, infinity, unicode
  • validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

*5.8.0 / 2026-05-12

  • integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
    • This will consider xml-version as well. '1.0' is default
  • update strnum to 2.3.0
    • You can set octal and binary parsing which is bydeault off
  • update fast-xml-builder to 1.2.0
    • can sanitize tag names if found invalid
    • fix format output

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.

... (truncated)

Commits
  • bf9b81a 5.9.2
  • 232abf5 update publish action for better security
  • 73411fa update checklist
  • d57e33b 5.9.1
  • 3be603a testing release from Github
  • b6c41ea Add GitHub Actions workflow for npm publishing
  • 43cc56d Revise CHANGELOG for upcoming version 5.9.0
  • d429d70 update for release
  • a8b3564 update docs
  • ca273dc update strnum to support unicode, discard unsafe doctype entities
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for fast-xml-parser since your current version.


Updates form-data from 2.5.5 to 2.5.6

Changelog

Sourced from form-data's changelog.

v2.5.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames b620316
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape 12be578
  • [Dev Deps] update js-randomness-predictor 46cfd23
  • [Tests] use safe-buffer so the header-injection test runs on node < 4 633044a
  • [Deps] update hasown e3b96ee
Commits
  • c713349 v2.5.6
  • 46cfd23 [Dev Deps] update js-randomness-predictor
  • 633044a [Tests] use safe-buffer so the header-injection test runs on node < 4
  • e3b96ee [Deps] update hasown
  • 12be578 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape
  • b620316 [Fix] escape CR, LF, and " in field names and filenames
  • See full diff in compare view

Updates undici from 6.26.0 to 6.27.0

Release notes

Sourced from undici's releases.

v6.27.0

What's Changed

Full Changelog: nodejs/undici@v6.26.0...v6.27.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the production-dependencies group with 4 updates
ac74df8 
Bumps the production-dependencies group with 4 updates: [@nodable/entities](https://github.com/nodable/val-parsers), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser), [form-data](https://github.com/form-data/form-data) and [undici](https://github.com/nodejs/undici).


Updates `@nodable/entities` from 2.1.1 to 2.2.0
- [Commits](https://github.com/nodable/val-parsers/commits)

Updates `fast-xml-parser` from 5.8.0 to 5.9.2
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.8.0...v5.9.2)

Updates `form-data` from 2.5.5 to 2.5.6
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v2.5.5...v2.5.6)

Updates `undici` from 6.26.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.26.0...v6.27.0)

---
updated-dependencies:
- dependency-name: "@nodable/entities"
  dependency-version: 2.2.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: fast-xml-parser
  dependency-version: 5.9.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: form-data
  dependency-version: 2.5.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 18, 2026 00:34
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

🔮 Release Preview

Full Changelog: V2...preview

@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 25, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/production-dependencies-e89338f91d branch June 25, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants