build(deps): bump fast-xml-parser from 5.3.6 to 5.8.0 by dependabot[bot] · Pull Request #963 · docker/login-action · GitHub

dependabot · 2026-04-09T01:30:54Z

Bumps fast-xml-parser from 5.3.6 to 5.8.0.

Release notes

Sourced from fast-xml-parser's releases.

update strnum, FXB. Use xml-naming for DOCTYPE

integrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)

This will consider xml-version as well. '1.0' is default

update strnum to 2.3.0

You can set octal and binary parsing which is by deault off

update fast-xml-builder to 1.2.0

can sanitize tag names if found invalid

fix format output

fix minor old bugs and update builder

fix: alwaysCreateTextNode should create text node when attributes are present for self closing node

fix stop node expression when ns prefix is removed (found by iruizsalinas)

update XML Builder to 1.1.7

mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

allow numerical external entity for backward compatibility

fix #705: attributesGroupName working with preserveOrder

fix #817: stackoverflow when tag expression is very long

upgrade @nodable/entities and FXB

Use @nodable/entities v2.1.0

breaking changes

single entity scan. You're not allowed to use entity value to form another entity name.

you cant add numeric external entity

entity error message when expantion limit is crossed might change

typings are updated for new options related to process entity

please follow documentation of @nodable/entities for more detail.

performance

if processEntities is false, then there should not be impact on performance.

if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%

if processEntities is true, and you pass entity decoder separately

if no entity then performance should be same as before

if there are entities then performance should be increased from past versions

ignoreAttributes is not required to be set to set xml version for NCR entity value

update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @nodable/entities to replace entities

No API change

No change in performance for basic usage

No typing change

No config change

new dependency

breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

increase default entity explansion limit as many projects demand for that
</tr></table> 

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.8.0 / 2026-05-12

integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)

This will consider xml-version as well. '1.0' is default

update strnum to 2.3.0

You can set octal and binary parsing which is bydeault off

update fast-xml-builder to 1.2.0

can sanitize tag names if found invalid

fix format output

5.7.3 / 2006-05-05

fix: alwaysCreateTextNode should create text node when attributes are present for self closing node

fix stop node expression when ns prefix is removed (found by iruizsalinas)

update XML Builder to 1.1.7

mark addEntity deprecated

5.7.2 / 2026-04-25

allow numerical external entity for backward compatibility

fix #705: attributesGroupName working with preserveOrder

fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

fix typo in CJS typing file

5.7.0 / 2026-04-17

Use @nodable/entities v2.1.0

breaking changes

single entity scan. You're not allowed to user entity value to form another entity name.

you cant add numeric external entity

entity error message when expantion limit is crossed might change

typings are updated for new options related to process entity

please follow documentation of @nodable/entities for more detail.

performance

if processEntities is false, then there should not be impact on performance.

if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%

if processEntities is true, and you pass entity decoder separately

if no entity then performance should be same as before

if there are entities then performance should be increased from past versions

ignoreAttributes is not required to be set to set xml version for NCR entity value

update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

fix: entity replacement for numeric entities

use @nodable/entities to replace entities

this may change some error messages related to entities expansion limit or inavlid use

post check would be exposed in future version

... (truncated)

Commits

4bcee44 for release
8a287bf release info
50b01dc Use "@byspec/xml" for testing
816b652 update typings to mark validator use deprecated
8ad0e65 update fast-xml-builder and strnum
58e967e integrate xml-naming
42fa3c3 separate XML validator, UPDATE DOCS
d6d8042 update to release
d263370 remove dev dependency 'he'
f9c9a2c update builder to 1.1.7
Additional commits viewable in compare view

crazy-max · 2026-05-21T17:21:12Z

@dependabot recreate

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.6 to 5.8.0. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.6...v5.8.0) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

….1.0 ➔ v4.2.0 ) (#9) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [https://github.com/docker/login-action](https://github.com/docker/login-action) | action | minor | `v4.1.0` → `v4.2.0` | --- ### Release Notes <details> <summary>docker/login-action (https://github.com/docker/login-action)</summary> ### [`v4.2.0`](https://github.com/docker/login-action/releases/tag/v4.2.0) [Compare Source](docker/login-action@v4.1.0...v4.2.0) - Bump [@actions/core](https://github.com/actions/core) from 3.0.0 to 3.0.1 in [#976](docker/login-action#976) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) and [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.1050.0 in [#960](docker/login-action#960) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.86.0 to 0.90.0 in [#970](docker/login-action#970) - Bump brace-expansion from 2.0.1 to 5.0.6 in [#993](docker/login-action#993) - Bump fast-xml-builder from 1.1.4 to 1.2.0 in [#985](docker/login-action#985) - Bump fast-xml-parser from 5.3.6 to 5.8.0 in [#963](docker/login-action#963) - Bump http-proxy-agent and https-proxy-agent to 9.0.0 in [#961](docker/login-action#961) - Bump postcss from 8.5.6 to 8.5.10 in [#979](docker/login-action#979) - Bump tar from 6.2.1 to 7.5.15 in [#991](docker/login-action#991) - Bump vite from 7.3.1 to 7.3.3 in [#986](docker/login-action#986) **Full Changelog**: <docker/login-action@v4.1.0...v4.2.0> </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/Amsterdam) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.dcunha.io/Exikle/containers/pulls/9

@crazy-max

##### [\`v4.2.0\`](https://github.com/docker/login-action/releases/tag/v4.2.0) - Bump [@actions/core](https://github.com/actions/core) from 3.0.0 to 3.0.1 in [#976](docker/login-action#976) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) and [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.1050.0 in [#960](docker/login-action#960) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.86.0 to 0.90.0 in [#970](docker/login-action#970) - Bump brace-expansion from 2.0.1 to 5.0.6 in [#993](docker/login-action#993) - Bump fast-xml-builder from 1.1.4 to 1.2.0 in [#985](docker/login-action#985) - Bump fast-xml-parser from 5.3.6 to 5.8.0 in [#963](docker/login-action#963) - Bump http-proxy-agent and https-proxy-agent to 9.0.0 in [#961](docker/login-action#961) - Bump postcss from 8.5.6 to 8.5.10 in [#979](docker/login-action#979) - Bump tar from 6.2.1 to 7.5.15 in [#991](docker/login-action#991) - Bump vite from 7.3.1 to 7.3.3 in [#986](docker/login-action#986) **Full Changelog**: <docker/login-action@v4.1.0...v4.2.0> --- ##### [\`v4.1.0\`](https://github.com/docker/login-action/releases/tag/v4.1.0) - Fix scoped Docker Hub cleanup path when registry is omitted by [@crazy-max](https://github.com/crazy-max) in [#945](docker/login-action#945) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) and [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.1020.0 in [#930](docker/login-action#930) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.77.0 to 0.86.0 in [#932](docker/login-action#932) [#936](docker/login-action#936) - Bump brace-expansion from 1.1.12 to 1.1.13 in [#952](docker/login-action#952) - Bump fast-xml-parser from 5.3.4 to 5.3.6 in [#942](docker/login-action#942) - Bump flatted from 3.3.3 to 3.4.2 in [#944](docker/login-action#944) - Bump glob from 10.3.12 to 10.5.0 in [#940](docker/login-action#940) - Bump handlebars from 4.7.8 to 4.7.9 in [#949](docker/login-action#949) - Bump http-proxy-agent and https-proxy-agent to 8.0.0 in [#937](docker/login-action#937) - Bump lodash from 4.17.23 to 4.18.1 in [#958](docker/login-action#958) - Bump minimatch from 3.1.2 to 3.1.5 in [#941](docker/login-action#941) - Bump picomatch from 4.0.3 to 4.0.4 in [#948](docker/login-action#948) - Bump undici from 6.23.0 to 6.24.1 in [#938](docker/login-action#938) **Full Changelog**: <docker/login-action@v4.0.0...v4.1.0> --- ##### [\`v4.0.0\`](https://github.com/docker/login-action/releases/tag/v4.0.0) - Node 24 as default runtime (requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later) by [@crazy-max](https://github.com/crazy-max) in [#929](docker/login-action#929) - Switch to ESM and update config/test wiring by [@crazy-max](https://github.com/crazy-max) in [#927](docker/login-action#927) - Bump [@actions/core](https://github.com/actions/core) from 1.11.1 to 3.0.0 in [#919](docker/login-action#919) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) from 3.890.0 to 3.1000.0 in [#909](docker/login-action#909) [#920](docker/login-action#920) - Bump [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) from 3.890.0 to 3.1000.0 in [#909](docker/login-action#909) [#920](docker/login-action#920) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.63.0 to 0.77.0 in [#910](docker/login-action#910) [#928](docker/login-action#928) - Bump [@isaacs/brace-expansion](https://github.com/isaacs/brace-expansion) from 5.0.0 to 5.0.1 in [#921](docker/login-action#921) - Bump js-yaml from 4.1.0 to 4.1.1 in [#901](docker/login-action#901) **Full Changelog**: <docker/login-action@v3.7.0...v4.0.0> --- ##### [\`v4\`](docker/login-action@v3...v4) --- ##### [\`v3.7.0\`](https://github.com/docker/login-action/releases/tag/v3.7.0) - Add `scope` input to set scopes for the authentication token by [@crazy-max](https://github.com/crazy-max) in [#912](docker/login-action#912) - Add support for AWS European Sovereign Cloud ECR by [@dphi](https://github.com/dphi) in [#914](docker/login-action#914) - Ensure passwords are redacted with `registry-auth` input by [@crazy-max](https://github.com/crazy-max) in [#911](docker/login-action#911) - build(deps): bump lodash from 4.17.21 to 4.17.23 in [#915](docker/login-action#915) **Full Changelog**: <docker/login-action@v3.6.0...v3.7.0> --- ##### [\`v3.6.0\`](https://github.com/docker/login-action/releases/tag/v3.6.0) - Add `registry-auth` input for raw authentication to registries by [@crazy-max](https://github.com/crazy-max) in [#887](docker/login-action#887) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) to 3.890.0 in [#882](docker/login-action#882) [#890](docker/login-action#890) - Bump [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.890.0 in [#882](docker/login-action#882) [#890](docker/login-action#890) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.62.1 to 0.63.0 in [#883](docker/login-action#883) - Bump brace-expansion from 1.1.11 to 1.1.12 in [#880](docker/login-action#880) - Bump undici from 5.28.4 to 5.29.0 in [#879](docker/login-action#879) - Bump tmp from 0.2.3 to 0.2.4 in [#881](docker/login-action#881) **Full Changelog**: <docker/login-action@v3.5.0...v3.6.0> --- ##### [\`v3.5.0\`](https://github.com/docker/login-action/releases/tag/v3.5.0) - Support dual-stack endpoints for AWS ECR by [@Spacefish](https://github.com/Spacefish) [@crazy-max](https://github.com/crazy-max) in [#874](docker/login-action#874) [#876](docker/login-action#876) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) to 3.859.0 in [#860](docker/login-action#860) [#878](docker/login-action#878) - Bump [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.859.0 in [#860](docker/login-action#860) [#878](docker/login-action#878) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.57.0 to 0.62.1 in [#870](docker/login-action#870) - Bump form-data from 2.5.1 to 2.5.5 in [#875](docker/login-action#875) **Full Changelog**: <docker/login-action@v3.4.0...v3.5.0> --- ##### [\`v3.4.0\`](https://github.com/docker/login-action/releases/tag/v3.4.0) - Bump [@actions/core](https://github.com/actions/core) from 1.10.1 to 1.11.1 in [#791](docker/login-action#791) - Bump [@aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) to 3.766.0 in [#789](docker/login-action#789) [#856](docker/login-action#856) - Bump [@aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.758.0 in [#789](docker/login-action#789) [#856](docker/login-action#856) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.35.0 to 0.57.0 in [#801](docker/login-action#801) [#806](docker/login-action#806) [#858](docker/login-action#858) - Bump cross-spawn from 7.0.3 to 7.0.6 in [#814](docker/login-action#814) - Bump https-proxy-agent from 7.0.5 to 7.0.6 in [#823](docker/login-action#823) - Bump path-to-regexp from 6.2.2 to 6.3.0 in [#777](docker/login-action#777) **Full Changelog**: <docker/login-action@v3.3.0...v3.4.0> --- ##### [\`v3.3.0\`](https://github.com/docker/login-action/releases/tag/v3.3.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.24.0 to 0.35.0 in [#754](docker/login-action#754) - Bump https-proxy-agent from 7.0.4 to 7.0.5 in [#741](docker/login-action#741) - Bump braces from 3.0.2 to 3.0.3 in [#730](docker/login-action#730) **Full Changelog**: <docker/login-action@v3.2.0...v3.3.0> --- ##### [\`v3.2.0\`](https://github.com/docker/login-action/releases/tag/v3.2.0) - Improve missing username/password by [@Frankkkkk](https://github.com/Frankkkkk) in [#706](docker/login-action#706) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.18.0 to 0.24.0 in [#715](docker/login-action#715) [#721](docker/login-action#721) - Bump aws-sdk-dependencies to 3.583.0 in [#720](docker/login-action#720) - Bump undici from 5.28.3 to 5.28.4 in [#694](docker/login-action#694) **Full Changelog**: <docker/login-action@v3.1.0...v3.2.0> --- ##### [\`v3.1.0\`](https://github.com/docker/login-action/releases/tag/v3.1.0) - Bump [@babel/traverse](https://github.com/babel/traverse) from 7.17.3 to 7.23.2 in [#618](docker/login-action#618) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.12.0 to 0.18.0 in [#616](docker/login-action#616) [#636](docker/login-action#636) [#682](docker/login-action#682) - Bump aws-sdk dependencies to 3.529.1 in [#624](docker/login-action#624) [#685](docker/login-action#685) - Bump http-proxy-agent to 7.0.2 in [#676](docker/login-action#676) - Bump https-proxy-agent to 7.0.4 in [#676](docker/login-action#676) - Bump undici from 5.26.5 to 5.28.3 in [#677](docker/login-action#677) **Full Changelog**: <docker/login-action@v3.0.0...v3.1.0>

dependabot Bot added bot dependencies labels Apr 9, 2026

dependabot Bot changed the title ~~build(deps): bump fast-xml-parser from 5.3.6 to 5.5.8~~ build(deps): bump fast-xml-parser from 5.3.6 to 5.8.0 May 21, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-xml-parser-5.5.8 branch from 3de63bf to 31f21c3 Compare May 21, 2026 17:23

chore: update generated content

05480f2

crazy-max approved these changes May 22, 2026

View reviewed changes

crazy-max merged commit e7f6f8a into master May 22, 2026
11 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/fast-xml-parser-5.5.8 branch May 22, 2026 07:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump fast-xml-parser from 5.3.6 to 5.8.0#963

build(deps): bump fast-xml-parser from 5.3.6 to 5.8.0#963
crazy-max merged 2 commits into
masterfrom
dependabot/npm_and_yarn/fast-xml-parser-5.5.8

dependabot Bot commented on behalf of github Apr 9, 2026 •

edited

Loading

Uh oh!

crazy-max commented May 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

update strnum, FXB. Use xml-naming for DOCTYPE

fix minor old bugs and update builder

backward compatibility for numerical external entity, fix #705, #817

upgrade @​nodable/entities and FXB

use @​nodable/entities to replace entities

performance improvment, increase entity expansion default limit

Uh oh!

crazy-max commented May 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 9, 2026 •

edited

Loading

upgrade `@nodable/entities` and FXB

use `@nodable/entities` to replace entities